Branch: refs/heads/master
Home: https://github.com/tianocore/edk2
Commit: 1c440a5eceedc64e892877eeac0f1a4938f5abbb
https://github.com/tianocore/edk2/commit/1c440a5eceedc64e892877eeac0f1a4938f5abbb
Author: Doug Flick <[email protected]>
Date: 2024-02-14 (Wed, 14 Feb 2024)
Changed paths:
M NetworkPkg/Dhcp6Dxe/Dhcp6Io.c
M NetworkPkg/Dhcp6Dxe/Dhcp6Io.h
Log Message:
-----------
NetworkPkg: Dhcp6Dxe: SECURITY PATCH CVE-2023-45229 Related Patch
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4673
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4534
This was not part of the Quarkslab bugs however the same pattern
as CVE-2023-45229 exists in Dhcp6UpdateIaInfo.
This patch replaces the code in question with the safe function
created to patch CVE-2023-45229
>
> if (EFI_ERROR (
> Dhcp6SeekInnerOptionSafe (
> Instance->Config->IaDescriptor.Type,
> Option,
> OptionLen,
> &IaInnerOpt,
> &IaInnerLen
> )
> ))
> {
> return EFI_DEVICE_ERROR;
> }
>
Additionally corrects incorrect usage of macro to read the status
> - StsCode = NTOHS (ReadUnaligned16 ((UINT16 *)DHCP6_OFFSET_OF_OPT_LEN
(Option)));
> + StsCode = NTOHS (ReadUnaligned16 ((UINT16 *)
DHCP6_OFFSET_OF_STATUS_CODE (Option));
Cc: Saloni Kasbekar <[email protected]>
Cc: Zachary Clark-williams <[email protected]>
Signed-off-by: Doug Flick [MSFT] <[email protected]>
Reviewed-by: Saloni Kasbekar <[email protected]>
Reviewed-by: Leif Lindholm <[email protected]>
Commit: af3fad99d6088881562e50149f414f76a5be0140
https://github.com/tianocore/edk2/commit/af3fad99d6088881562e50149f414f76a5be0140
Author: Doug Flick <[email protected]>
Date: 2024-02-14 (Wed, 14 Feb 2024)
Changed paths:
M NetworkPkg/Dhcp6Dxe/Dhcp6Utility.c
Log Message:
-----------
NetworkPkg: Dhcp6Dxe: Removes duplicate check and replaces with macro
Removes duplicate check after merge
>
> //
> // Verify the PacketCursor is within the packet
> //
> if ( (*PacketCursor < Packet->Dhcp6.Option)
> || (*PacketCursor >= Packet->Dhcp6.Option + (Packet->Size -
sizeof (EFI_DHCP6_HEADER))))
> {
> return EFI_INVALID_PARAMETER;
> }
>
Converts the check to a macro and replaces all instances of the check
with the macro
Cc: Saloni Kasbekar <[email protected]>
Cc: Zachary Clark-williams <[email protected]>
Signed-off-by: Doug Flick [MSFT] <[email protected]>
Reviewed-by: Saloni Kasbekar <[email protected]>
Reviewed-by: Leif Lindholm <[email protected]>
Commit: 75deaf5c3c0d164c61653258c331151241bb69d8
https://github.com/tianocore/edk2/commit/75deaf5c3c0d164c61653258c331151241bb69d8
Author: Doug Flick <[email protected]>
Date: 2024-02-14 (Wed, 14 Feb 2024)
Changed paths:
M NetworkPkg/Dhcp6Dxe/Dhcp6Utility.c
Log Message:
-----------
NetworkPkg: Dhcp6Dxe: Packet-Length is not updated before appending
In order for Dhcp6AppendIaAddrOption (..) to safely append the IA
Address option, the Packet-Length field must be updated before appending
the option.
Cc: Saloni Kasbekar <[email protected]>
Cc: Zachary Clark-williams <[email protected]>
Signed-off-by: Doug Flick [MSFT] <[email protected]>
Reviewed-by: Saloni Kasbekar <[email protected]>
Reviewed-by: Leif Lindholm <[email protected]>
Commit: 5fd3078a2e08f607dc86a16c1b184b6e30a34a49
https://github.com/tianocore/edk2/commit/5fd3078a2e08f607dc86a16c1b184b6e30a34a49
Author: Doug Flick <[email protected]>
Date: 2024-02-14 (Wed, 14 Feb 2024)
Changed paths:
M NetworkPkg/SecurityFixes.yaml
Log Message:
-----------
NetworkPkg: : Updating SecurityFixes.yaml
This captures the related security change for Dhcp6Dxe that is related
to CVE-2023-45229
Cc: Saloni Kasbekar <[email protected]>
Cc: Zachary Clark-williams <[email protected]>
Signed-off-by: Doug Flick [MSFT] <[email protected]>
Reviewed-by: Saloni Kasbekar <[email protected]>
Reviewed-by: Leif Lindholm <[email protected]>
Compare: https://github.com/tianocore/edk2/compare/a1c426e8440b...5fd3078a2e08
_______________________________________________
edk2-commits mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/edk2-commits
