[edk2-devel] [PATCH v4 07/12] NetworkPkg: Fix conditionally uninitialized variables
Michael Kubacki
mikuback at linux.microsoft.com
Fri Mar 10 18:42:33 UTC 2023
From: Michael Kubacki <michael.kubacki at microsoft.com>
Fixes CodeQL alerts for CWE-457:
https://cwe.mitre.org/data/definitions/457.html
Cc: Erich McMillan <emcmillan at microsoft.com>
Cc: Jiaxin Wu <jiaxin.wu at intel.com>
Cc: Maciej Rabeda <maciej.rabeda at linux.intel.com>
Cc: Michael D Kinney <michael.d.kinney at intel.com>
Cc: Michael Kubacki <mikuback at linux.microsoft.com>
Cc: Siyuan Fu <siyuan.fu at intel.com>
Co-authored-by: Erich McMillan <emcmillan at microsoft.com>
Signed-off-by: Michael Kubacki <michael.kubacki at microsoft.com>
---
NetworkPkg/Library/DxeHttpLib/DxeHttpLib.c | 2 +-
NetworkPkg/TcpDxe/TcpInput.c | 3 +++
2 files changed, 4 insertions(+), 1 deletion(-)
diff --git a/NetworkPkg/Library/DxeHttpLib/DxeHttpLib.c b/NetworkPkg/Library/DxeHttpLib/DxeHttpLib.c
index 6a5d78629bb3..21813463aa4f 100644
--- a/NetworkPkg/Library/DxeHttpLib/DxeHttpLib.c
+++ b/NetworkPkg/Library/DxeHttpLib/DxeHttpLib.c
@@ -753,7 +753,7 @@ HttpUrlGetPort (
Status = AsciiStrDecimalToUintnS (Url + Parser->FieldData[HTTP_URI_FIELD_PORT].Offset, (CHAR8 **)NULL, &Data);
- if (Data > HTTP_URI_PORT_MAX_NUM) {
+ if (EFI_ERROR (Status) || (Data > HTTP_URI_PORT_MAX_NUM)) {
Status = EFI_INVALID_PARAMETER;
goto ON_EXIT;
}
diff --git a/NetworkPkg/TcpDxe/TcpInput.c b/NetworkPkg/TcpDxe/TcpInput.c
index fb1aa827f8ba..7b329be64dfe 100644
--- a/NetworkPkg/TcpDxe/TcpInput.c
+++ b/NetworkPkg/TcpDxe/TcpInput.c
@@ -1570,6 +1570,9 @@ TcpIcmpInput (
BOOLEAN IcmpErrIsHard;
BOOLEAN IcmpErrNotify;
+ IcmpErrIsHard = FALSE;
+ IcmpErrNotify = FALSE;
+
if (Nbuf->TotalSize < sizeof (TCP_HEAD)) {
goto CLEAN_EXIT;
}
--
2.39.2.windows.1
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#101027): https://edk2.groups.io/g/devel/message/101027
Mute This Topic: https://groups.io/mt/97526796/1813853
Group Owner: devel+owner at edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [edk2-devel-archive at redhat.com]
-=-=-=-=-=-=-=-=-=-=-=-
More information about the edk2-devel-archive
mailing list