From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by spool.mail.gandi.net (Postfix) with ESMTPS id 59283740032 for ; Wed, 31 Jan 2024 05:22:26 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=NTMMDxGX5NWpCPXyCbhAvJmQdNJ4BVMBwGoIN1tuuiw=; c=relaxed/simple; d=groups.io; h=From:To:Cc:References:In-Reply-To:Subject:Date:Message-ID:MIME-Version:Thread-Index:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Type:Content-Transfer-Encoding:Content-Language; s=20140610; t=1706678544; v=1; b=BDFDeYXhjB1dzBmbBhTZLVr02jfUPE6w3F+vcKUN7lq5Fp8hrGtoLP+EVscpJP8zDej9znM1 rNVkIt0C99XkrnVLU7x7bjzlRiisPBkTiKk3PPWVq9+OGDHhWRJlh3NXxIq6omwTrBksbuZucFX h6pPW2WT2FiDL9O5LgFUFoGU= X-Received: by 127.0.0.2 with SMTP id SNAvYY7687511xWpdKCBBajx; Tue, 30 Jan 2024 21:22:24 -0800 X-Received: from zrleap.intel-email.com (zrleap.intel-email.com [114.80.218.36]) by mx.groups.io with SMTP id smtpd.web10.8020.1706678543637711184 for ; Tue, 30 Jan 2024 21:22:24 -0800 X-Received: from zrleap.intel-email.com (localhost [127.0.0.1]) by zrleap.intel-email.com (Postfix) with ESMTP id 7A434A32E129 for ; Wed, 31 Jan 2024 13:22:18 +0800 (CST) X-Received: from localhost (localhost [127.0.0.1]) by zrleap.intel-email.com (Postfix) with ESMTP id 67ADBA32E115 for ; Wed, 31 Jan 2024 13:22:18 +0800 (CST) X-Received: from mail.byosoft.com.cn (mail.byosoft.com.cn [58.240.74.242]) by zrleap.intel-email.com (Postfix) with SMTP id 38932A32E117 for ; Wed, 31 Jan 2024 13:22:15 +0800 (CST) X-Received: from DESKTOPS6D0PVI ([58.246.60.130]) (envelope-sender ) by 192.168.6.13 with ESMTP(SSL) for ; Wed, 31 Jan 2024 13:22:12 +0800 X-WM-Sender: gaoliming@byosoft.com.cn X-Originating-IP: 58.246.60.130 X-WM-AuthFlag: YES X-WM-AuthUser: gaoliming@byosoft.com.cn From: "gaoliming via groups.io" To: "'Douglas Flick [MSFT]'" , , "'Saloni Kasbekar'" , "'Zachary Clark-williams'" Cc: "'Michael D Kinney'" , "'Zhiguang Liu'" , "'Laszlo Ersek'" , "'Leif Lindholm'" , "'Gerd Hoffmann'" References: In-Reply-To: Subject: =?UTF-8?B?W2VkazItZGV2ZWxdIOWbnuWkjTogW2VkazItc3RhYmxlMjAyNDAyXVtQQVRDSCB2MiAwMC8xNV0gU2VjdXJpdHkgUGF0Y2hlcyBmb3IgRURLIElJIE5ldHdvcmsgU3RhY2s=?= Date: Wed, 31 Jan 2024 13:22:14 +0800 Message-ID: <021a01da5405$73666130$5a332390$@byosoft.com.cn> MIME-Version: 1.0 Thread-Index: AdpUBWGnQiaOcI6kSHKPeCpV3I9wyw== Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,gaoliming@byosoft.com.cn List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: X-Gm-Message-State: HlQXyJNeLso4oXoLv8nTndMgx7686176AA= Content-Type: text/plain; charset="gb2312" Content-Transfer-Encoding: quoted-printable Content-Language: zh-cn X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20140610 header.b=BDFDeYXh; dmarc=none; spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce@groups.io Saloni and William: Can you help review this patch set about Security Patches for EDK II Network Stack? This patch set plans to catch edk2-stable202402 tag. And, edk2-stable202402 will come soon.=20 edk2-stable202402 tag planning Proposed Schedule Date (00:00:00 UTC-8) Description 2023-11-24 Beginning of development 2024-02-05 Soft Feature Freeze 2024-02-09 Hard Feature Freeze 2024-02-23 Release Thanks Liming > -----=D3=CA=BC=FE=D4=AD=BC=FE----- > =B7=A2=BC=FE=C8=CB: Douglas Flick [MSFT] > =B7=A2=CB=CD=CA=B1=BC=E4: 2024=C4=EA1=D4=C226=C8=D5 5:55 > =CA=D5=BC=FE=C8=CB: devel@edk2.groups.io > =B3=AD=CB=CD: Douglas Flick [MSFT] ; Saloni Kasbekar > ; Zachary Clark-williams > ; Michael D Kinney > ; Liming Gao ; > Zhiguang Liu > =D6=F7=CC=E2: [PATCH v2 00/15] Security Patches for EDK II Network Stack >=20 > The security patches contained in this series with the exception of > "MdePkg/Test: Add gRT_GetTime Google Test Mock" and > "NetworkPkg: : Adds a SecurityFix.yaml file" have been reviewed > during GHSA-hc6x-cw6p-gj7h infosec review. >=20 > This patch series contains the following security patches for the > security vulnerabilities found by QuarksLab in the EDK II Network > Stack: >=20 > CVE-2023-45229 > CVSS 6.5 : CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N > CWE-125 Out-of-bounds Read >=20 > CVE-2023-45230 > CVSS 8.3 : CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H > CWE-119 Improper Restriction of Operations within the Bounds > of a Memory Buffer >=20 > CVE-2023-45231 > CVSS 6.5 : CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N > CWE-125 Out-of-bounds Read >=20 > CVE-2023-45232 > CVSS 7.5 : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H > CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop') >=20 > CVE-2023-45233 > CVSS 7.5 : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H > CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop') >=20 > CVE-2023-45234 > CVSS 8.3 : CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H > CWE-119 Improper Restriction of Operations within the Bounds > of a Memory Buffer >=20 > CVE-2023-45235 > CVSS 8.3 : CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H > CWE-119 Improper Restriction of Operations within the Bounds > of a Memory Buffer >=20 > NetworkPkg: > Cc: Saloni Kasbekar > Cc: Zachary Clark-williams >=20 > MdePkg: > Cc: Michael D Kinney > Cc: Liming Gao > Cc: Zhiguang Liu >=20 > Doug Flick (8): > NetworkPkg: Ip6Dxe: SECURITY PATCH CVE-2023-45231 Patch > NetworkPkg: Ip6Dxe: SECURITY PATCH CVE-2023-45231 Unit Tests > NetworkPkg: Ip6Dxe: SECURITY PATCH CVE-2023-45232 Patch > NetworkPkg: Ip6Dxe: SECURITY PATCH CVE-2023-45232 Unit Tests > NetworkPkg: UefiPxeBcDxe: SECURITY PATCH CVE-2023-45234 Patch > NetworkPkg: UefiPxeBcDxe: SECURITY PATCH CVE-2023-45234 Unit Tests > NetworkPkg: UefiPxeBcDxe: SECURITY PATCH CVE-2023-45235 Patch > NetworkPkg: UefiPxeBcDxe: SECURITY PATCH CVE-2023-45235 Unit Tests >=20 > Douglas Flick [MSFT] (7): > NetworkPkg: Dhcp6Dxe: SECURITY PATCH CVE-2023-45230 Patch > NetworkPkg: : Add Unit tests to CI and create Host Test DSC > NetworkPkg: Dhcp6Dxe: SECURITY PATCH CVE-2023-45230 Unit Tests > NetworkPkg: Dhcp6Dxe: SECURITY PATCH CVE-2023-45229 Patch > NetworkPkg: Dhcp6Dxe: SECURITY PATCH CVE-2023-45229 Unit Tests > MdePkg: Test: Add gRT_GetTime Google Test Mock > NetworkPkg: : Adds a SecurityFix.yaml file >=20 > NetworkPkg/Test/NetworkPkgHostTest.dsc | 105 +++ > .../GoogleTest/Dhcp6DxeGoogleTest.inf | 44 + > .../Ip6Dxe/GoogleTest/Ip6DxeGoogleTest.inf | 44 + > .../GoogleTest/UefiPxeBcDxeGoogleTest.inf | 48 + > .../Library/MockUefiRuntimeServicesTableLib.h | 7 + > NetworkPkg/Dhcp6Dxe/Dhcp6Impl.h | 143 +++ > NetworkPkg/Dhcp6Dxe/Dhcp6Utility.h | 78 +- > .../Dhcp6Dxe/GoogleTest/Dhcp6IoGoogleTest.h | 58 ++ > .../Ip6Dxe/GoogleTest/Ip6OptionGoogleTest.h | 40 + > NetworkPkg/Ip6Dxe/Ip6Nd.h | 35 + > NetworkPkg/Ip6Dxe/Ip6Option.h | 71 ++ > .../GoogleTest/PxeBcDhcp6GoogleTest.h | 68 ++ > NetworkPkg/UefiPxeBcDxe/PxeBcDhcp6.h | 17 + > NetworkPkg/Dhcp6Dxe/Dhcp6Io.c | 612 ++++++++----- > NetworkPkg/Dhcp6Dxe/Dhcp6Utility.c | 373 ++++++-- > NetworkPkg/Ip6Dxe/Ip6Option.c | 84 +- > NetworkPkg/UefiPxeBcDxe/PxeBcDhcp6.c | 148 ++- > .../MockUefiRuntimeServicesTableLib.cpp | 5 +- > .../GoogleTest/Dhcp6DxeGoogleTest.cpp | 20 + > .../Dhcp6Dxe/GoogleTest/Dhcp6IoGoogleTest.cpp | 839 > ++++++++++++++++++ > .../Ip6Dxe/GoogleTest/Ip6DxeGoogleTest.cpp | 20 + > .../Ip6Dxe/GoogleTest/Ip6OptionGoogleTest.cpp | 407 +++++++++ > NetworkPkg/NetworkPkg.ci.yaml | 7 +- > NetworkPkg/SecurityFixes.yaml | 123 +++ > .../GoogleTest/PxeBcDhcp6GoogleTest.cpp | 574 ++++++++++++ > .../GoogleTest/UefiPxeBcDxeGoogleTest.cpp | 19 + > 26 files changed, 3650 insertions(+), 339 deletions(-) > create mode 100644 NetworkPkg/Test/NetworkPkgHostTest.dsc > create mode 100644 > NetworkPkg/Dhcp6Dxe/GoogleTest/Dhcp6DxeGoogleTest.inf > create mode 100644 NetworkPkg/Ip6Dxe/GoogleTest/Ip6DxeGoogleTest.inf > create mode 100644 > NetworkPkg/UefiPxeBcDxe/GoogleTest/UefiPxeBcDxeGoogleTest.inf > create mode 100644 > NetworkPkg/Dhcp6Dxe/GoogleTest/Dhcp6IoGoogleTest.h > create mode 100644 > NetworkPkg/Ip6Dxe/GoogleTest/Ip6OptionGoogleTest.h > create mode 100644 > NetworkPkg/UefiPxeBcDxe/GoogleTest/PxeBcDhcp6GoogleTest.h > create mode 100644 > NetworkPkg/Dhcp6Dxe/GoogleTest/Dhcp6DxeGoogleTest.cpp > create mode 100644 > NetworkPkg/Dhcp6Dxe/GoogleTest/Dhcp6IoGoogleTest.cpp > create mode 100644 NetworkPkg/Ip6Dxe/GoogleTest/Ip6DxeGoogleTest.cpp > create mode 100644 > NetworkPkg/Ip6Dxe/GoogleTest/Ip6OptionGoogleTest.cpp > create mode 100644 NetworkPkg/SecurityFixes.yaml > create mode 100644 > NetworkPkg/UefiPxeBcDxe/GoogleTest/PxeBcDhcp6GoogleTest.cpp > create mode 100644 > NetworkPkg/UefiPxeBcDxe/GoogleTest/UefiPxeBcDxeGoogleTest.cpp >=20 > -- > 2.43.0 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#114858): https://edk2.groups.io/g/devel/message/114858 Mute This Topic: https://groups.io/mt/104070131/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-