From d455cd5ac36f4c1ac76f04e2c2bb4bfb00fe8bcd Mon Sep 17 00:00:00 2001 From: D Scott Phillips Date: Wed, 9 Sep 2020 16:35:51 +0000 Subject: [PATCH] stand/efihttp: Work around a bug in edk2 http instance reconfiguration A bug in the EFI HTTP driver of TianoCore EDK2 causes memory corruption when an http instance that uses tls is reconfigured, leading to a crash. Work around this by forcing a new http instance for each request instead of reconfiguring the existing one. The upstream bug report is https://bugzilla.tianocore.org/show_bug.cgi?id=1917 Submitted by: bcran Reviewed By: imp, kevans, tsoome MFC after: 1 week Differential Revision: https://reviews.freebsd.org/D21281 --- stand/efi/libefi/efihttp.c | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/stand/efi/libefi/efihttp.c b/stand/efi/libefi/efihttp.c index 074c85dcdef..05d338fbaf0 100644 --- a/stand/efi/libefi/efihttp.c +++ b/stand/efi/libefi/efihttp.c @@ -576,6 +576,14 @@ efihttp_fs_open(const char *path, struct open_file *f) */ err = _efihttp_fs_open(path, f); if (err != 0) { + /* + * Work around a bug in the EFI HTTP implementation which + * causes a crash if the http instance isn't torn down + * between requests. + * See https://bugzilla.tianocore.org/show_bug.cgi?id=1917 + */ + efihttp_dev_close(f); + efihttp_dev_open(f); path_slash = malloc(strlen(path) + 2); if (path_slash == NULL) return (ENOMEM); @@ -719,6 +727,14 @@ efihttp_fs_seek(struct open_file *f, off_t offset, int where) path = fh->path; fh->path = NULL; efihttp_fs_close(f); + /* + * Work around a bug in the EFI HTTP implementation which + * causes a crash if the http instance isn't torn down + * between requests. + * See https://bugzilla.tianocore.org/show_bug.cgi?id=1917 + */ + efihttp_dev_close(f); + efihttp_dev_open(f); err = efihttp_fs_open(path, f); free(path); if (err != 0) -- 2.45.0