From 997b8a12436a433a451ef4595ccf4abb8d90dd04 Mon Sep 17 00:00:00 2001

From: Laszlo Ersek <lersek@redhat.com>

Date: Tue, 8 Jun 2021 14:12:50 +0200

Subject: [PATCH 01/11] NetworkPkg/IScsiDxe: wrap IScsiCHAP source files to 80

 characters

MIME-Version: 1.0

Content-Type: text/plain; charset=UTF-8

Content-Transfer-Encoding: 8bit

RH-Author: Laszlo Ersek <lersek@redhat.com>

RH-MergeRequest: 1: NetworkPkg/IScsiDxe: fix IScsiHexToBin() security and functionality bugs [RHEL-9, c9s]

RH-Commit: [1/10] a8d51743b8735749b53b0d0f8e665c42c4ea183c

RH-Bugzilla: 1961100

RH-Acked-by: Philippe Mathieu-Daudé <philmd@redhat.com>

Working with overlong lines is difficult for me; rewrap the CHAP-related

source files in IScsiDxe to 80 characters width. No functional changes.

Cc: Jiaxin Wu <jiaxin.wu@intel.com>

Cc: Maciej Rabeda <maciej.rabeda@linux.intel.com>

Cc: Philippe Mathieu-Daudé <philmd@redhat.com>

Cc: Siyuan Fu <siyuan.fu@intel.com>

Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=3356

Signed-off-by: Laszlo Ersek <lersek@redhat.com>

Reviewed-by: Maciej Rabeda <maciej.rabeda@linux.intel.com>

Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>

Message-Id: <20210608121259.32451-2-lersek@redhat.com>

(cherry picked from commit 83761337ec91fbd459c55d7d956fcc25df3bfa50)

Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>

---

 NetworkPkg/IScsiDxe/IScsiCHAP.c | 90 +++++++++++++++++++++++++--------

 NetworkPkg/IScsiDxe/IScsiCHAP.h |  3 +-

 2 files changed, 71 insertions(+), 22 deletions(-)

diff --git a/NetworkPkg/IScsiDxe/IScsiCHAP.c b/NetworkPkg/IScsiDxe/IScsiCHAP.c

index 355c6f129f..cbbc56ae5b 100644

--- a/NetworkPkg/IScsiDxe/IScsiCHAP.c

+++ b/NetworkPkg/IScsiDxe/IScsiCHAP.c

@@ -1,5 +1,6 @@

 /** @file

-  This file is for Challenge-Handshake Authentication Protocol (CHAP) Configuration.

+  This file is for Challenge-Handshake Authentication Protocol (CHAP)

+  Configuration.

 Copyright (c) 2004 - 2018, Intel Corporation. All rights reserved.

 SPDX-License-Identifier: BSD-2-Clause-Patent

@@ -18,9 +19,11 @@ SPDX-License-Identifier: BSD-2-Clause-Patent

   @param[in]   ChallengeLength    The length of iSCSI CHAP challenge message.

   @param[out]  ChapResponse       The calculation of the expected hash value.

-  @retval EFI_SUCCESS             The expected hash value was calculatedly successfully.

-  @retval EFI_PROTOCOL_ERROR      The length of the secret should be at least the

-                                  length of the hash value for the hashing algorithm chosen.

+  @retval EFI_SUCCESS             The expected hash value was calculatedly

+                                  successfully.

+  @retval EFI_PROTOCOL_ERROR      The length of the secret should be at least

+                                  the length of the hash value for the hashing

+                                  algorithm chosen.

   @retval EFI_PROTOCOL_ERROR      MD5 hash operation fail.

   @retval EFI_OUT_OF_RESOURCES    Fail to allocate resource to complete MD5.

@@ -94,8 +97,10 @@ Exit:

   @param[in]   AuthData             iSCSI CHAP authentication data.

   @param[in]   TargetResponse       The response from target.

-  @retval EFI_SUCCESS               The response from target passed authentication.

-  @retval EFI_SECURITY_VIOLATION    The response from target was not expected value.

+  @retval EFI_SUCCESS               The response from target passed

+                                    authentication.

+  @retval EFI_SECURITY_VIOLATION    The response from target was not expected

+                                    value.

   @retval Others                    Other errors as indicated.

 **/

@@ -193,7 +198,10 @@ IScsiCHAPOnRspReceived (

     //

     // The first Login Response.

     //

-    Value = IScsiGetValueByKeyFromList (KeyValueList, ISCSI_KEY_TARGET_PORTAL_GROUP_TAG);

+    Value = IScsiGetValueByKeyFromList (

+              KeyValueList,

+              ISCSI_KEY_TARGET_PORTAL_GROUP_TAG

+              );

     if (Value == NULL) {

       goto ON_EXIT;

     }

@@ -205,13 +213,17 @@ IScsiCHAPOnRspReceived (

     Session->TargetPortalGroupTag = (UINT16) Result;

-    Value                         = IScsiGetValueByKeyFromList (KeyValueList, ISCSI_KEY_AUTH_METHOD);

+    Value                         = IScsiGetValueByKeyFromList (

+                                      KeyValueList,

+                                      ISCSI_KEY_AUTH_METHOD

+                                      );

     if (Value == NULL) {

       goto ON_EXIT;

     }

     //

-    // Initiator mandates CHAP authentication but target replies without "CHAP", or

-    // initiator suggets "None" but target replies with some kind of auth method.

+    // Initiator mandates CHAP authentication but target replies without

+    // "CHAP", or initiator suggets "None" but target replies with some kind of

+    // auth method.

     //

     if (Session->AuthType == ISCSI_AUTH_TYPE_NONE) {

       if (AsciiStrCmp (Value, ISCSI_KEY_VALUE_NONE) != 0) {

@@ -236,7 +248,10 @@ IScsiCHAPOnRspReceived (

     //

     // The Target replies with CHAP_A= CHAP_I= CHAP_C=<C>

     //

-    Value = IScsiGetValueByKeyFromList (KeyValueList, ISCSI_KEY_CHAP_ALGORITHM);

+    Value = IScsiGetValueByKeyFromList (

+              KeyValueList,

+              ISCSI_KEY_CHAP_ALGORITHM

+              );

     if (Value == NULL) {

       goto ON_EXIT;

     }

@@ -249,12 +264,18 @@ IScsiCHAPOnRspReceived (

       goto ON_EXIT;

     }

-    Identifier = IScsiGetValueByKeyFromList (KeyValueList, ISCSI_KEY_CHAP_IDENTIFIER);

+    Identifier = IScsiGetValueByKeyFromList (

+                   KeyValueList,

+                   ISCSI_KEY_CHAP_IDENTIFIER

+                   );

     if (Identifier == NULL) {

       goto ON_EXIT;

     }

-    Challenge = IScsiGetValueByKeyFromList (KeyValueList, ISCSI_KEY_CHAP_CHALLENGE);

+    Challenge = IScsiGetValueByKeyFromList (

+                  KeyValueList,

+                  ISCSI_KEY_CHAP_CHALLENGE

+                  );

     if (Challenge == NULL) {

       goto ON_EXIT;

     }

@@ -269,7 +290,11 @@ IScsiCHAPOnRspReceived (

     AuthData->InIdentifier      = (UINT32) Result;

     AuthData->InChallengeLength = ISCSI_CHAP_AUTH_MAX_LEN;

-    IScsiHexToBin ((UINT8 *) AuthData->InChallenge, &AuthData->InChallengeLength, Challenge);

+    IScsiHexToBin (

+      (UINT8 *) AuthData->InChallenge,

+      &AuthData->InChallengeLength,

+      Challenge

+      );

     Status = IScsiCHAPCalculateResponse (

                AuthData->InIdentifier,

                AuthData->AuthConfig->CHAPSecret,

@@ -303,7 +328,10 @@ IScsiCHAPOnRspReceived (

       goto ON_EXIT;

     }

-    Response = IScsiGetValueByKeyFromList (KeyValueList, ISCSI_KEY_CHAP_RESPONSE);

+    Response = IScsiGetValueByKeyFromList (

+                 KeyValueList,

+                 ISCSI_KEY_CHAP_RESPONSE

+                 );

     if (Response == NULL) {

       goto ON_EXIT;

     }

@@ -341,7 +369,8 @@ ON_EXIT:

   @param[in, out]  Pdu         The PDU to send out.

   @retval EFI_SUCCESS           All check passed and the phase-related CHAP

-                                authentication info is filled into the iSCSI PDU.

+                                authentication info is filled into the iSCSI

+                                PDU.

   @retval EFI_OUT_OF_RESOURCES  Failed to allocate memory.

   @retval EFI_PROTOCOL_ERROR    Some kind of protocol error occurred.

@@ -392,7 +421,11 @@ IScsiCHAPToSendReq (

     // It's the initial Login Request. Fill in the key=value pairs mandatory

     // for the initial Login Request.

     //

-    IScsiAddKeyValuePair (Pdu, ISCSI_KEY_INITIATOR_NAME, mPrivate->InitiatorName);

+    IScsiAddKeyValuePair (

+      Pdu,

+      ISCSI_KEY_INITIATOR_NAME,

+      mPrivate->InitiatorName

+      );

     IScsiAddKeyValuePair (Pdu, ISCSI_KEY_SESSION_TYPE, "Normal");

     IScsiAddKeyValuePair (

       Pdu,

@@ -413,7 +446,8 @@ IScsiCHAPToSendReq (

   case ISCSI_CHAP_STEP_ONE:

     //

-    // First step, send the Login Request with CHAP_A=<A1,A2...> key-value pair.

+    // First step, send the Login Request with CHAP_A=<A1,A2...> key-value

+    // pair.

     //

     AsciiSPrint (ValueStr, sizeof (ValueStr), "%d", ISCSI_CHAP_ALGORITHM_MD5);

     IScsiAddKeyValuePair (Pdu, ISCSI_KEY_CHAP_ALGORITHM, ValueStr);

@@ -429,11 +463,20 @@ IScsiCHAPToSendReq (

     //

     // CHAP_N=<N>

     //

-    IScsiAddKeyValuePair (Pdu, ISCSI_KEY_CHAP_NAME, (CHAR8 *) &AuthData->AuthConfig->CHAPName);

+    IScsiAddKeyValuePair (

+      Pdu,

+      ISCSI_KEY_CHAP_NAME,

+      (CHAR8 *) &AuthData->AuthConfig->CHAPName

+      );

     //

     // CHAP_R=<R>

     //

-    IScsiBinToHex ((UINT8 *) AuthData->CHAPResponse, ISCSI_CHAP_RSP_LEN, Response, &RspLen);

+    IScsiBinToHex (

+      (UINT8 *) AuthData->CHAPResponse,

+      ISCSI_CHAP_RSP_LEN,

+      Response,

+      &RspLen

+      );

     IScsiAddKeyValuePair (Pdu, ISCSI_KEY_CHAP_RESPONSE, Response);

     if (AuthData->AuthConfig->CHAPType == ISCSI_CHAP_MUTUAL) {

@@ -448,7 +491,12 @@ IScsiCHAPToSendReq (

       //

       IScsiGenRandom ((UINT8 *) AuthData->OutChallenge, ISCSI_CHAP_RSP_LEN);

       AuthData->OutChallengeLength = ISCSI_CHAP_RSP_LEN;

-      IScsiBinToHex ((UINT8 *) AuthData->OutChallenge, ISCSI_CHAP_RSP_LEN, Challenge, &ChallengeLen);

+      IScsiBinToHex (

+        (UINT8 *) AuthData->OutChallenge,

+        ISCSI_CHAP_RSP_LEN,

+        Challenge,

+        &ChallengeLen

+        );

       IScsiAddKeyValuePair (Pdu, ISCSI_KEY_CHAP_CHALLENGE, Challenge);

       Conn->AuthStep = ISCSI_CHAP_STEP_FOUR;

diff --git a/NetworkPkg/IScsiDxe/IScsiCHAP.h b/NetworkPkg/IScsiDxe/IScsiCHAP.h

index 140bba0dcd..5e59fb678b 100644

--- a/NetworkPkg/IScsiDxe/IScsiCHAP.h

+++ b/NetworkPkg/IScsiDxe/IScsiCHAP.h

@@ -88,7 +88,8 @@ IScsiCHAPOnRspReceived (

   @param[in, out]  Pdu         The PDU to send out.

   @retval EFI_SUCCESS           All check passed and the phase-related CHAP

-                                authentication info is filled into the iSCSI PDU.

+                                authentication info is filled into the iSCSI

+                                PDU.

   @retval EFI_OUT_OF_RESOURCES  Failed to allocate memory.

   @retval EFI_PROTOCOL_ERROR    Some kind of protocol error occurred.

-- 

2.27.0