[PUBLIC edk2 PATCH v2 00/10] NetworkPkg/IScsiDxe: fix IScsiHexToBin() security and functionality bugs

public inbox for devel@edk2.groups.io
 help / color / mirror / Atom feed

From: "Laszlo Ersek" <lersek@redhat.com>
To: edk2-devel-groups-io <devel@edk2.groups.io>
Cc: "Jiaxin Wu" <jiaxin.wu@intel.com>,
	"Maciej Rabeda" <maciej.rabeda@linux.intel.com>,
	"Philippe Mathieu-Daudé" <philmd@redhat.com>,
	"Siyuan Fu" <siyuan.fu@intel.com>
Subject: [PUBLIC edk2 PATCH v2 00/10] NetworkPkg/IScsiDxe: fix IScsiHexToBin() security and functionality bugs
Date: Tue,  8 Jun 2021 14:12:49 +0200	[thread overview]
Message-ID: <20210608121259.32451-1-lersek@redhat.com> (raw)

Bugzilla: https://bugzilla.tianocore.org/show_bug.cgi?id=3356
Repo:     https://pagure.io/lersek/edk2.git
Branch:   iscsi_overflow_bz3356

The main goal of this series is to fix a remotely exploitable buffer
overflow in the IScsiHexToBin() function.

This posting corresponds to:

  https://bugzilla.tianocore.org/show_bug.cgi?id=3356#c22

meaning that it corresponds to the v2 patches attached to, and tested
in,

  https://bugzilla.tianocore.org/show_bug.cgi?id=3356#c17

and that it carries Phil's and Maciej's R-b's that were given up to
comment#22.

Today is the Public Date for this embargoed security issue; I intend to
merge the patches tomorrow, based on Maciej's (already given) R-b.
(Simultaneously with this posting, I'm opening up the BZ publicly.) No
further review is required; the one day delay on the list is just to
give the community a (brief) opportunity to speak up, before the patches
are merged.

Cc: Jiaxin Wu <jiaxin.wu@intel.com>
Cc: Maciej Rabeda <maciej.rabeda@linux.intel.com>
Cc: Philippe Mathieu-Daudé <philmd@redhat.com>
Cc: Siyuan Fu <siyuan.fu@intel.com>

Thanks,
Laszlo

Laszlo Ersek (10):
  NetworkPkg/IScsiDxe: wrap IScsiCHAP source files to 80 characters
  NetworkPkg/IScsiDxe: simplify "ISCSI_CHAP_AUTH_DATA.InChallenge" size
  NetworkPkg/IScsiDxe: clean up
    "ISCSI_CHAP_AUTH_DATA.OutChallengeLength"
  NetworkPkg/IScsiDxe: clean up library class dependencies
  NetworkPkg/IScsiDxe: fix potential integer overflow in IScsiBinToHex()
  NetworkPkg/IScsiDxe: assert that IScsiBinToHex() always succeeds
  NetworkPkg/IScsiDxe: reformat IScsiHexToBin() leading comment block
  NetworkPkg/IScsiDxe: fix IScsiHexToBin() hex parsing
  NetworkPkg/IScsiDxe: fix IScsiHexToBin() buffer overflow
  NetworkPkg/IScsiDxe: check IScsiHexToBin() return values

 NetworkPkg/IScsiDxe/IScsiCHAP.c  | 108 +++++++++++++++-----
 NetworkPkg/IScsiDxe/IScsiCHAP.h  |  14 ++-
 NetworkPkg/IScsiDxe/IScsiDxe.inf |   7 +-
 NetworkPkg/IScsiDxe/IScsiImpl.h  |  18 ++--
 NetworkPkg/IScsiDxe/IScsiMisc.c  |  65 +++++++++---
 NetworkPkg/IScsiDxe/IScsiMisc.h  |  19 ++--
 6 files changed, 166 insertions(+), 65 deletions(-)

-- 
2.19.1.3.g30247aa5d201

next             reply	other threads:[~2021-06-08 12:13 UTC|newest]

Thread overview: 15+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-06-08 12:12 Laszlo Ersek [this message]
2021-06-08 12:12 ` [PUBLIC edk2 PATCH v2 01/10] NetworkPkg/IScsiDxe: wrap IScsiCHAP source files to 80 characters Laszlo Ersek
2021-06-11 11:37   ` [edk2-devel] " Ni, Ray
2021-06-11 11:39     ` Maciej Rabeda
2021-06-22 10:39       ` Laszlo Ersek
2021-06-08 12:12 ` [PUBLIC edk2 PATCH v2 02/10] NetworkPkg/IScsiDxe: simplify "ISCSI_CHAP_AUTH_DATA.InChallenge" size Laszlo Ersek
2021-06-08 12:12 ` [PUBLIC edk2 PATCH v2 03/10] NetworkPkg/IScsiDxe: clean up "ISCSI_CHAP_AUTH_DATA.OutChallengeLength" Laszlo Ersek
2021-06-08 12:12 ` [PUBLIC edk2 PATCH v2 04/10] NetworkPkg/IScsiDxe: clean up library class dependencies Laszlo Ersek
2021-06-08 12:12 ` [PUBLIC edk2 PATCH v2 05/10] NetworkPkg/IScsiDxe: fix potential integer overflow in IScsiBinToHex() Laszlo Ersek
2021-06-08 12:12 ` [PUBLIC edk2 PATCH v2 06/10] NetworkPkg/IScsiDxe: assert that IScsiBinToHex() always succeeds Laszlo Ersek
2021-06-08 12:12 ` [PUBLIC edk2 PATCH v2 07/10] NetworkPkg/IScsiDxe: reformat IScsiHexToBin() leading comment block Laszlo Ersek
2021-06-08 12:12 ` [PUBLIC edk2 PATCH v2 08/10] NetworkPkg/IScsiDxe: fix IScsiHexToBin() hex parsing Laszlo Ersek
2021-06-08 12:12 ` [PUBLIC edk2 PATCH v2 09/10] NetworkPkg/IScsiDxe: fix IScsiHexToBin() buffer overflow Laszlo Ersek
2021-06-08 12:12 ` [PUBLIC edk2 PATCH v2 10/10] NetworkPkg/IScsiDxe: check IScsiHexToBin() return values Laszlo Ersek
2021-06-09 17:33 ` [edk2-devel] [PUBLIC edk2 PATCH v2 00/10] NetworkPkg/IScsiDxe: fix IScsiHexToBin() security and functionality bugs Laszlo Ersek

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-list from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20210608121259.32451-1-lersek@redhat.com \
    --to=devel@edk2.groups.io \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox