From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga18.intel.com (mga18.intel.com [134.134.136.126]) by mx.groups.io with SMTP id smtpd.web11.4789.1581916060125030300 for ; Sun, 16 Feb 2020 21:07:40 -0800 Authentication-Results: mx.groups.io; dkim=missing; spf=pass (domain: intel.com, ip: 134.134.136.126, mailfrom: liming.gao@intel.com) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga007.fm.intel.com ([10.253.24.52]) by orsmga106.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 16 Feb 2020 21:07:39 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.70,451,1574150400"; d="scan'208";a="227937644" Received: from fmsmsx105.amr.corp.intel.com ([10.18.124.203]) by fmsmga007.fm.intel.com with ESMTP; 16 Feb 2020 21:07:39 -0800 Received: from shsmsx601.ccr.corp.intel.com (10.109.6.141) by FMSMSX105.amr.corp.intel.com (10.18.124.203) with Microsoft SMTP Server (TLS) id 14.3.439.0; Sun, 16 Feb 2020 21:07:38 -0800 Received: from shsmsx606.ccr.corp.intel.com (10.109.6.216) by SHSMSX601.ccr.corp.intel.com (10.109.6.141) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1713.5; Mon, 17 Feb 2020 13:07:36 +0800 Received: from shsmsx606.ccr.corp.intel.com ([10.109.6.216]) by SHSMSX606.ccr.corp.intel.com ([10.109.6.216]) with mapi id 15.01.1713.004; Mon, 17 Feb 2020 13:07:36 +0800 From: "Liming Gao" To: "devel@edk2.groups.io" , "Armour, Nicholas" CC: "Wu, Jiaxin" , Maciej Rabeda , "Fu, Siyuan" , "Laszlo Ersek" Subject: Re: [edk2-devel] [PATCH 1/1] NetworkPkg/ArpDxe: Recycle invalid ARP packets(CVE-2019-14559). Thread-Topic: [edk2-devel] [PATCH 1/1] NetworkPkg/ArpDxe: Recycle invalid ARP packets(CVE-2019-14559). Thread-Index: AQHV4m+rhZ08oyqo/0qr/+k0n2Z2GqgaX28w Date: Mon, 17 Feb 2020 05:07:36 +0000 Message-ID: <681fd8fac1d44da9b9422bdbe0633404@intel.com> References: In-Reply-To: Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: dlp-version: 11.2.0.6 dlp-product: dlpe-windows dlp-reaction: no-action x-originating-ip: [10.239.127.36] MIME-Version: 1.0 Return-Path: liming.gao@intel.com Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Jiaxin, Maciej and Siyuan: I suggest to catch this CVE fix for edk2 Q1 stable tag. Can you help rev= iew this patch soon?=20 Thanks Liming > -----Original Message----- > From: devel@edk2.groups.io On Behalf Of Armour, N= icholas > Sent: Thursday, February 13, 2020 7:54 AM > To: devel@edk2.groups.io > Cc: Armour, Nicholas ; Wu, Jiaxin ; Maciej Rabeda > ; Fu, Siyuan > Subject: [edk2-devel] [PATCH 1/1] NetworkPkg/ArpDxe: Recycle invalid ARP= packets(CVE-2019-14559). >=20 > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D2031 >=20 > This patch triggers the RecycleEvent for invalid ARP packets. > Prior to this, we would just ignore invalid ARP packets, > and never free them. >=20 > Cc: Jiaxin Wu > Cc: Maciej Rabeda > Cc: Siyuan Fu > Signed-off-by: Nicholas Armour > --- > NetworkPkg/ArpDxe/ArpImpl.c | 1 + > 1 file changed, 1 insertion(+) >=20 > diff --git a/NetworkPkg/ArpDxe/ArpImpl.c b/NetworkPkg/ArpDxe/ArpImpl.c > index 9cdb33f2bd66..09fc8811f125 100644 > --- a/NetworkPkg/ArpDxe/ArpImpl.c > +++ b/NetworkPkg/ArpDxe/ArpImpl.c > @@ -125,6 +125,7 @@ ArpOnFrameRcvdDpc ( > Head->OpCode =3D NTOHS (Head->OpCode); >=20 > if (RxData->DataLength < (sizeof (ARP_HEAD) + 2 * Head->HwAddrLen + 2= * Head->ProtoAddrLen)) { > + gBS->SignalEvent (RxData->RecycleEvent); > goto RESTART_RECEIVE; > } >=20 > -- > 2.16.2.windows.1 >=20 >=20 >=20