From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from us-smtp-1.mimecast.com (us-smtp-1.mimecast.com [207.211.31.120]) by mx.groups.io with SMTP id smtpd.web09.2201.1572068268182942566 for ; Fri, 25 Oct 2019 22:37:48 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=K14doFnl; spf=pass (domain: redhat.com, ip: 207.211.31.120, mailfrom: lersek@redhat.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1572068267; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=jEAYaaOnIbGzzKKaOjkfkPEy/VnC5iUpZelMxJTWWQc=; b=K14doFnl1raAWvKEgdVD+tGbbNUM8FzulFpIeVsiEPe7BrmQMxAq1VnLPdXMBIp0m2KNcV ++uL+/t+vwCDG55uNt27Wr0ytTLzLUSb42AHLHqcx3ykmw5RLrrNlPQBIvzvLo5Rb24WDR zl9NPkndH4C35A3/tkHZRJdFeWzHFro= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-5-8rnWr0O-Nhya9zR-OE4jLQ-1; Sat, 26 Oct 2019 01:37:43 -0400 Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 20484800A02; Sat, 26 Oct 2019 05:37:42 +0000 (UTC) Received: from lacos-laptop-7.usersys.redhat.com (ovpn-116-26.ams2.redhat.com [10.36.116.26]) by smtp.corp.redhat.com (Postfix) with ESMTP id 3F2DF5D9CA; Sat, 26 Oct 2019 05:37:39 +0000 (UTC) From: "Laszlo Ersek" To: edk2-devel-groups-io Cc: David Woodhouse , Jian J Wang , Jiaxin Wu , Sivaraman Nainar , Xiaoyu Lu Subject: [PATCH v2 7/8] NetworkPkg/TlsDxe: Add the support of host validation to TlsDxe driver (CVE-2019-14553) Date: Sat, 26 Oct 2019 07:37:18 +0200 Message-Id: <20191026053719.10453-8-lersek@redhat.com> In-Reply-To: <20191026053719.10453-1-lersek@redhat.com> References: <20191026053719.10453-1-lersek@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14 X-MC-Unique: 8rnWr0O-Nhya9zR-OE4jLQ-1 X-Mimecast-Spam-Score: 0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable From: "Wu, Jiaxin" REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D960 CVE: CVE-2019-14553 The new data type named "EfiTlsVerifyHost" and the EFI_TLS_VERIFY_HOST_FLAG are supported in TLS protocol. Signed-off-by: Wu Jiaxin Reviewed-by: Ye Ting Reviewed-by: Long Qin Reviewed-by: Fu Siyuan Acked-by: Laszlo Ersek Message-Id: <20190927034441.3096-4-Jiaxin.wu@intel.com> Cc: David Woodhouse Cc: Jian J Wang Cc: Jiaxin Wu Cc: Sivaraman Nainar Cc: Xiaoyu Lu Signed-off-by: Laszlo Ersek --- Notes: v2: - fix whitespace in subject line - drop Contributed-under line per BZ#1373 NetworkPkg/TlsDxe/TlsProtocol.c | 44 ++++++++++++++++++-- 1 file changed, 41 insertions(+), 3 deletions(-) diff --git a/NetworkPkg/TlsDxe/TlsProtocol.c b/NetworkPkg/TlsDxe/TlsProtoco= l.c index a7a993fc6fc5..001e5400d00f 100644 --- a/NetworkPkg/TlsDxe/TlsProtocol.c +++ b/NetworkPkg/TlsDxe/TlsProtocol.c @@ -1,8 +1,8 @@ /** @file Implementation of EFI TLS Protocol Interfaces. =20 - Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.
+ Copyright (c) 2016 - 2018, Intel Corporation. All rights reserved.
=20 SPDX-License-Identifier: BSD-2-Clause-Patent =20 **/ @@ -55,14 +55,18 @@ TlsSetSessionData ( TLS_INSTANCE *Instance; UINT16 *CipherId; CONST EFI_TLS_CIPHER *TlsCipherList; UINTN CipherCount; + CONST EFI_TLS_VERIFY_HOST *TlsVerifyHost; + EFI_TLS_VERIFY VerifyMethod; + UINTN VerifyMethodSize; UINTN Index; =20 EFI_TPL OldTpl; =20 - Status =3D EFI_SUCCESS; - CipherId =3D NULL; + Status =3D EFI_SUCCESS; + CipherId =3D NULL; + VerifyMethodSize =3D sizeof (EFI_TLS_VERIFY); =20 if (This =3D=3D NULL || Data =3D=3D NULL || DataSize =3D=3D 0) { return EFI_INVALID_PARAMETER; } @@ -147,8 +151,42 @@ TlsSetSessionData ( goto ON_EXIT; } =20 TlsSetVerify (Instance->TlsConn, *((UINT32 *) Data)); + break; + case EfiTlsVerifyHost: + if (DataSize !=3D sizeof (EFI_TLS_VERIFY_HOST)) { + Status =3D EFI_INVALID_PARAMETER; + goto ON_EXIT; + } + + TlsVerifyHost =3D (CONST EFI_TLS_VERIFY_HOST *) Data; + + if ((TlsVerifyHost->Flags & EFI_TLS_VERIFY_FLAG_ALWAYS_CHECK_SUBJECT) = !=3D 0 && + (TlsVerifyHost->Flags & EFI_TLS_VERIFY_FLAG_NEVER_CHECK_SUBJECT) != =3D 0) { + Status =3D EFI_INVALID_PARAMETER; + goto ON_EXIT; + } + + if ((TlsVerifyHost->Flags & EFI_TLS_VERIFY_FLAG_NO_WILDCARDS) !=3D 0 &= & + ((TlsVerifyHost->Flags & EFI_TLS_VERIFY_FLAG_NO_PARTIAL_WILDCARDS)= !=3D 0 || + (TlsVerifyHost->Flags & EFI_TLS_VERIFY_FLAG_MULTI_LABEL_WILDCARDS= ) !=3D 0)) { + Status =3D EFI_INVALID_PARAMETER; + goto ON_EXIT; + } + + Status =3D This->GetSessionData (This, EfiTlsVerifyMethod, &VerifyMeth= od, &VerifyMethodSize); + if (EFI_ERROR (Status)) { + goto ON_EXIT; + } + + if ((VerifyMethod & EFI_TLS_VERIFY_PEER) =3D=3D 0) { + Status =3D EFI_INVALID_PARAMETER; + goto ON_EXIT; + } + + Status =3D TlsSetVerifyHost (Instance->TlsConn, TlsVerifyHost->Flags, = TlsVerifyHost->HostName); + break; case EfiTlsSessionID: if (DataSize !=3D sizeof (EFI_TLS_SESSION_ID)) { Status =3D EFI_INVALID_PARAMETER; --=20 2.19.1.3.g30247aa5d201