NetworkPkg/IpSecDxe: Add check to avoid possible divide by zero

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Hao Wu <hao.a.wu@intel.com>
Reviewed-by: Wu Jiaxin <jiaxin.wu@intel.com>
Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>
(cherry picked from commit ce8e582c06ef3d82b1df93a7de289ef7d9905c4a)

1 files changed, 7 insertions, 1 deletions

diff --git a/NetworkPkg/IpSecDxe/Ikev2/Utility.c b/NetworkPkg/IpSecDxe/Ikev2/Utility.c
index 5b26ba1d02..80dafdd668 100644
--- a/NetworkPkg/IpSecDxe/Ikev2/Utility.c
+++ b/NetworkPkg/IpSecDxe/Ikev2/Utility.c
@@ -2,7 +2,7 @@
   The Common operations used by IKE Exchange Process.

 

   (C) Copyright 2015 Hewlett-Packard Development Company, L.P.<BR>

-  Copyright (c) 2010 - 2016, Intel Corporation. All rights reserved.<BR>

+  Copyright (c) 2010 - 2017, Intel Corporation. All rights reserved.<BR>

 

   This program and the accompanying materials

   are licensed and made available under the terms and conditions of the BSD License

@@ -2618,6 +2618,8 @@ Ikev2ChildSaParseSaPayload (
 

   @retval EFI_SUCCESS            The operation complete successfully.

   @retval EFI_INVALID_PARAMETER  If NumFragments is zero.

+                                 If the authentication algorithm given by HashAlgId

+                                 cannot be found.

   @retval EFI_OUT_OF_RESOURCES   If the required resource can't be allocated.

   @retval Others                 The operation is failed.

 

@@ -2654,6 +2656,10 @@ Ikev2SaGenerateKey (
   LocalFragments[2].Data = NULL;

 

   AuthKeyLength = IpSecGetHmacDigestLength (HashAlgId);

+  if (AuthKeyLength == 0) {

+    return EFI_INVALID_PARAMETER;

+  }

+

   DigestSize    = AuthKeyLength;

   Digest        = AllocateZeroPool (AuthKeyLength);