NetworkPkg/Ip4Dxe: Reject IPv4 addresses ending with dot Issue: UI accepts invalid IPv4 addresses ending with a dot in the IPv4 Network Configuration page. Examples: - Local IP Address: 192.168.1.10. - Subnet Mask: 255.255.255.0. - Gateway: 2.2.2.2. - DNS Servers: 1.1.1.1. Root Cause: The function Ip4Config2StrToIp converts user-entered IPv4 strings into numbers. When an address ending with a dot like '1.1.1.1.' is entered, the code skips over the 4th dot, reaches the string's null terminator, and incorrectly treats it as valid. Fix: Refactor Ip4Config2StrToIp to be a thin wrapper around the existing BaseLib StrToIpv4Address() helper. After parsing, the EndPointer is checked to ensure the entire string was consumed (i.e. EndPointer points to the null terminator). Any trailing characters, including a trailing dot, cause EFI_INVALID_PARAMETER to be returned. Signed-off-by: Abuthahir M <abuthahirm@ami.com>
diff --git a/NetworkPkg/Ip4Dxe/Ip4Config2Nv.c b/NetworkPkg/Ip4Dxe/Ip4Config2Nv.c index dac5817..e67c704 100644 --- a/NetworkPkg/Ip4Dxe/Ip4Config2Nv.c +++ b/NetworkPkg/Ip4Dxe/Ip4Config2Nv.c
@@ -67,47 +67,11 @@ OUT EFI_IPv4_ADDRESS *Ip ) { - UINTN Index; - UINTN Number; + EFI_STATUS Status; + CHAR16 *EndPointer; - Index = 0; - - while (*Str != L'\0') { - if (Index > 3) { - return EFI_INVALID_PARAMETER; - } - - Number = 0; - while ((*Str >= L'0') && (*Str <= L'9')) { - Number = Number * 10 + (*Str - L'0'); - Str++; - } - - if (Number > 0xFF) { - return EFI_INVALID_PARAMETER; - } - - Ip->Addr[Index] = (UINT8)Number; - - if ((*Str != L'\0') && (*Str != L'.')) { - // - // The current character should be either the NULL terminator or - // the dot delimiter. - // - return EFI_INVALID_PARAMETER; - } - - if (*Str == L'.') { - // - // Skip the delimiter. - // - Str++; - } - - Index++; - } - - if (Index != 4) { + Status = StrToIpv4Address (Str, &EndPointer, (IPv4_ADDRESS *)Ip, NULL); + if (EFI_ERROR (Status) || (*EndPointer != L'\0')) { return EFI_INVALID_PARAMETER; }