From 1e6a8c43241febbec56ffc2141c55d8de34e13e6 Mon Sep 17 00:00:00 2001 From: Laszlo Ersek Date: Tue, 8 Jun 2021 14:12:55 +0200 Subject: [PATCH 06/10] NetworkPkg/IScsiDxe: assert that IScsiBinToHex() always succeeds MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit RH-Author: Laszlo Ersek RH-MergeRequest: 5: NetworkPkg/IScsiDxe: fix IScsiHexToBin() security and functionality bugs [rhel-8.5.0, post-rebase] RH-Commit: [6/10] 2f697819ce0731f99f95f29a3b30c777b754db37 RH-Bugzilla: 1956408 RH-Acked-by: Philippe Mathieu-Daudé IScsiBinToHex() is called for encoding: - the answer to the target's challenge; that is, CHAP_R; - the challenge for the target, in case mutual authentication is enabled; that is, CHAP_C. The initiator controls the size of both blobs, the sizes of their hex encodings are correctly calculated in "RspLen" and "ChallengeLen". Therefore the IScsiBinToHex() calls never fail; assert that. Cc: Jiaxin Wu Cc: Maciej Rabeda Cc: Philippe Mathieu-Daudé Cc: Siyuan Fu Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=3356 Signed-off-by: Laszlo Ersek Reviewed-by: Philippe Mathieu-Daudé Reviewed-by: Maciej Rabeda Message-Id: <20210608121259.32451-7-lersek@redhat.com> (cherry picked from commit d90fff40cb2502b627370a77f5608c8a178c3f78) --- NetworkPkg/IScsiDxe/IScsiCHAP.c | 27 +++++++++++++++------------ 1 file changed, 15 insertions(+), 12 deletions(-) diff --git a/NetworkPkg/IScsiDxe/IScsiCHAP.c b/NetworkPkg/IScsiDxe/IScsiCHAP.c index 9e192ce292..dbe3c8ef46 100644 --- a/NetworkPkg/IScsiDxe/IScsiCHAP.c +++ b/NetworkPkg/IScsiDxe/IScsiCHAP.c @@ -391,6 +391,7 @@ IScsiCHAPToSendReq ( UINT32 RspLen; CHAR8 *Challenge; UINT32 ChallengeLen; + EFI_STATUS BinToHexStatus; ASSERT (Conn->CurrentStage == ISCSI_SECURITY_NEGOTIATION); @@ -471,12 +472,13 @@ IScsiCHAPToSendReq ( // // CHAP_R= // - IScsiBinToHex ( - (UINT8 *) AuthData->CHAPResponse, - ISCSI_CHAP_RSP_LEN, - Response, - &RspLen - ); + BinToHexStatus = IScsiBinToHex ( + (UINT8 *) AuthData->CHAPResponse, + ISCSI_CHAP_RSP_LEN, + Response, + &RspLen + ); + ASSERT_EFI_ERROR (BinToHexStatus); IScsiAddKeyValuePair (Pdu, ISCSI_KEY_CHAP_RESPONSE, Response); if (AuthData->AuthConfig->CHAPType == ISCSI_CHAP_MUTUAL) { @@ -490,12 +492,13 @@ IScsiCHAPToSendReq ( // CHAP_C= // IScsiGenRandom ((UINT8 *) AuthData->OutChallenge, ISCSI_CHAP_RSP_LEN); - IScsiBinToHex ( - (UINT8 *) AuthData->OutChallenge, - ISCSI_CHAP_RSP_LEN, - Challenge, - &ChallengeLen - ); + BinToHexStatus = IScsiBinToHex ( + (UINT8 *) AuthData->OutChallenge, + ISCSI_CHAP_RSP_LEN, + Challenge, + &ChallengeLen + ); + ASSERT_EFI_ERROR (BinToHexStatus); IScsiAddKeyValuePair (Pdu, ISCSI_KEY_CHAP_CHALLENGE, Challenge); Conn->AuthStep = ISCSI_CHAP_STEP_FOUR; -- 2.27.0