[edk2-devel] [PATCH v6 07/12] NetworkPkg: Fix conditionally uninitialized variables

Fri Mar 24 20:48:33 UTC 2023

From: Michael Kubacki <michael.kubacki at microsoft.com>

Fixes CodeQL alerts for CWE-457:
https://cwe.mitre.org/data/definitions/457.html

Cc: Erich McMillan <emcmillan at microsoft.com>
Cc: Jiaxin Wu <jiaxin.wu at intel.com>
Cc: Maciej Rabeda <maciej.rabeda at linux.intel.com>
Cc: Michael D Kinney <michael.d.kinney at intel.com>
Cc: Michael Kubacki <mikuback at linux.microsoft.com>
Cc: Siyuan Fu <siyuan.fu at intel.com>
Co-authored-by: Erich McMillan <emcmillan at microsoft.com>
Signed-off-by: Michael Kubacki <michael.kubacki at microsoft.com>
Reviewed-by: Michael D Kinney <michael.d.kinney at intel.com>
---
 NetworkPkg/Library/DxeHttpLib/DxeHttpLib.c | 2 +-
 NetworkPkg/TcpDxe/TcpInput.c               | 3 +++
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/NetworkPkg/Library/DxeHttpLib/DxeHttpLib.c b/NetworkPkg/Library/DxeHttpLib/DxeHttpLib.c
index 6a5d78629bb3..21813463aa4f 100644
--- a/NetworkPkg/Library/DxeHttpLib/DxeHttpLib.c
+++ b/NetworkPkg/Library/DxeHttpLib/DxeHttpLib.c
@@ -753,7 +753,7 @@ HttpUrlGetPort (
 
   Status =  AsciiStrDecimalToUintnS (Url + Parser->FieldData[HTTP_URI_FIELD_PORT].Offset, (CHAR8 **)NULL, &Data);
 
-  if (Data > HTTP_URI_PORT_MAX_NUM) {
+  if (EFI_ERROR (Status) || (Data > HTTP_URI_PORT_MAX_NUM)) {
     Status = EFI_INVALID_PARAMETER;
     goto ON_EXIT;
   }
diff --git a/NetworkPkg/TcpDxe/TcpInput.c b/NetworkPkg/TcpDxe/TcpInput.c
index fb1aa827f8ba..7b329be64dfe 100644
--- a/NetworkPkg/TcpDxe/TcpInput.c
+++ b/NetworkPkg/TcpDxe/TcpInput.c
@@ -1570,6 +1570,9 @@ TcpIcmpInput (
   BOOLEAN     IcmpErrIsHard;
   BOOLEAN     IcmpErrNotify;
 
+  IcmpErrIsHard = FALSE;
+  IcmpErrNotify = FALSE;
+
   if (Nbuf->TotalSize < sizeof (TCP_HEAD)) {
     goto CLEAN_EXIT;
   }
-- 
2.40.0.windows.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#101831): https://edk2.groups.io/g/devel/message/101831
Mute This Topic: https://groups.io/mt/97832907/1813853
Group Owner: devel+owner at edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [edk2-devel-archive at redhat.com]
-=-=-=-=-=-=-=-=-=-=-=-


