From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by spool.mail.gandi.net (Postfix) with ESMTPS id E9EFC7803CC for ; Wed, 24 Jan 2024 05:20:36 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=p79p4ffEnsh0LYLb7MkyQlJa2C2whNYOX6MDME8n48Q=; c=relaxed/simple; d=groups.io; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Transfer-Encoding; s=20140610; t=1706073635; v=1; b=ZPhP+Bu9YSdEeEiIyZ9DsfOxgJIFB6Xt0Rb/URXlSFUM2roaHn7fW3TiMDhK+YrUW4Ds7hsQ cJd7sNBvPfQzlv17Jeqy37lPL+aAM+2tytvsH+Qbdyw5/JoBqEgAWjoEKQcpNE8Bzoz8OfoONPW SgSTkq4HawlNhHmiMvpncOFI= X-Received: by 127.0.0.2 with SMTP id ypgQYY7687511xnPfdqWUfbZ; Tue, 23 Jan 2024 21:20:35 -0800 X-Received: from mail-pl1-f180.google.com (mail-pl1-f180.google.com [209.85.214.180]) by mx.groups.io with SMTP id smtpd.web10.16102.1706073633462009143 for ; Tue, 23 Jan 2024 21:20:33 -0800 X-Received: by mail-pl1-f180.google.com with SMTP id d9443c01a7336-1d74dce86f7so24121555ad.2 for ; Tue, 23 Jan 2024 21:20:33 -0800 (PST) X-Gm-Message-State: OIS587JUhnC2TN9NKuLNr0mrx7686176AA= X-Google-Smtp-Source: AGHT+IF3wwVFg2/PdtJhGm1ynaPlAwtu45VkoSNZP7ENIxcrOL8cX0ypuB3mRfc2xbY/M+OICxOl/w== X-Received: by 2002:a17:902:c946:b0:1d7:8553:35c with SMTP id i6-20020a170902c94600b001d78553035cmr256117pla.13.1706073632491; Tue, 23 Jan 2024 21:20:32 -0800 (PST) X-Received: from localhost.localdomain ([24.17.138.83]) by smtp.gmail.com with ESMTPSA id w2-20020a170902c78200b001d71f10aa42sm7831709pla.11.2024.01.23.21.20.31 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 23 Jan 2024 21:20:32 -0800 (PST) From: "Doug Flick via groups.io" To: devel@edk2.groups.io Cc: Doug Flick , Saloni Kasbekar , Zachary Clark-williams , "Doug Flick [MSFT]" Subject: [edk2-devel] [PATCH 08/14] NetworkPkg: Ip6Dxe: SECURITY PATCH CVE-2023-45232 Unit Tests Date: Tue, 23 Jan 2024 19:33:31 -0800 Message-ID: <6acb5c2e7046f8d988b4475accac076d5728354c.1706062164.git.doug.edk2@gmail.com> In-Reply-To: References: MIME-Version: 1.0 Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,dougflick@microsoft.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: Content-Transfer-Encoding: quoted-printable X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20140610 header.b=ZPhP+Bu9; dmarc=none; spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce@groups.io From: Doug Flick REF:https://bugzilla.tianocore.org/show_bug.cgi?id=3D4537 REF:https://bugzilla.tianocore.org/show_bug.cgi?id=3D4538 SECURITY PATCH - Unit Tests TCBZ4537 CVE-2023-45232 CVSS 7.5 : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop') TCBZ4538 CVE-2023-45233 CVSS 7.5 : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop') Cc: Saloni Kasbekar Cc: Zachary Clark-williams Signed-off-by: Doug Flick [MSFT] --- .../Ip6Dxe/GoogleTest/Ip6DxeGoogleTest.inf | 10 +- .../Ip6Dxe/GoogleTest/Ip6OptionGoogleTest.h | 40 +++ .../Ip6Dxe/GoogleTest/Ip6OptionGoogleTest.cpp | 282 ++++++++++++++++++ 3 files changed, 328 insertions(+), 4 deletions(-) create mode 100644 NetworkPkg/Ip6Dxe/GoogleTest/Ip6OptionGoogleTest.h diff --git a/NetworkPkg/Ip6Dxe/GoogleTest/Ip6DxeGoogleTest.inf b/NetworkPkg= /Ip6Dxe/GoogleTest/Ip6DxeGoogleTest.inf index 6e4de0745fb5..ba29dbabadb9 100644 --- a/NetworkPkg/Ip6Dxe/GoogleTest/Ip6DxeGoogleTest.inf +++ b/NetworkPkg/Ip6Dxe/GoogleTest/Ip6DxeGoogleTest.inf @@ -1,13 +1,13 @@ ## @file=0D -# Unit test suite for the Ip6Dxe using Google Test=0D +# Unit test suite for the Ip6DxeGoogleTest using Google Test=0D #=0D # Copyright (c) Microsoft Corporation.
=0D # SPDX-License-Identifier: BSD-2-Clause-Patent=0D ##=0D [Defines]=0D INF_VERSION =3D 0x00010017=0D - BASE_NAME =3D Ip6DxeUnitTest=0D - FILE_GUID =3D 4F05D17D-D3E7-4AAE-820C-576D46D2D34A=0D + BASE_NAME =3D Ip6DxeGoogleTest=0D + FILE_GUID =3D AE39981C-B7FE-41A8-A9C2-F41910477CA3=0D VERSION_STRING =3D 1.0=0D MODULE_TYPE =3D HOST_APPLICATION=0D #=0D @@ -16,9 +16,11 @@ [Defines] # VALID_ARCHITECTURES =3D IA32 X64 AARCH64=0D #=0D [Sources]=0D + ../Ip6Option.c=0D + Ip6OptionGoogleTest.h=0D Ip6DxeGoogleTest.cpp=0D Ip6OptionGoogleTest.cpp=0D - ../Ip6Option.c=0D + Ip6OptionGoogleTest.h=0D =0D [Packages]=0D MdePkg/MdePkg.dec=0D diff --git a/NetworkPkg/Ip6Dxe/GoogleTest/Ip6OptionGoogleTest.h b/NetworkPk= g/Ip6Dxe/GoogleTest/Ip6OptionGoogleTest.h new file mode 100644 index 000000000000..618a7e658e5a --- /dev/null +++ b/NetworkPkg/Ip6Dxe/GoogleTest/Ip6OptionGoogleTest.h @@ -0,0 +1,40 @@ +/** @file=0D + Exposes the functions needed to test the Ip6Option module.=0D +=0D + Copyright (c) Microsoft Corporation=0D + SPDX-License-Identifier: BSD-2-Clause-Patent=0D +**/=0D +=0D +#ifndef EFI_IP6_OPTION_GOOGLE_TEST_H_=0D +#define EFI_IP6_OPTION_GOOGLE_TEST_H_=0D +=0D +#include =0D +#include "../Ip6Impl.h"=0D +=0D +/**=0D + Validate the IP6 option format for both the packets we received=0D + and that we will transmit. It will compute the ICMPv6 error message fiel= ds=0D + if the option is malformatted.=0D +=0D + @param[in] IpSb The IP6 service data.=0D + @param[in] Packet The to be validated packet.=0D + @param[in] Option The first byte of the option.=0D + @param[in] OptionLen The length of the whole option.=0D + @param[in] Pointer Identifies the octet offset within=0D + the invoking packet where the error was de= tected.=0D +=0D +=0D + @retval TRUE The option is properly formatted.=0D + @retval FALSE The option is malformatted.=0D +=0D +**/=0D +BOOLEAN=0D +Ip6IsOptionValid (=0D + IN IP6_SERVICE *IpSb,=0D + IN NET_BUF *Packet,=0D + IN UINT8 *Option,=0D + IN UINT16 OptionLen,=0D + IN UINT32 Pointer=0D + );=0D +=0D +#endif // __EFI_IP6_OPTION_GOOGLE_TEST_H__=0D diff --git a/NetworkPkg/Ip6Dxe/GoogleTest/Ip6OptionGoogleTest.cpp b/Network= Pkg/Ip6Dxe/GoogleTest/Ip6OptionGoogleTest.cpp index f2cd90e1a952..69eef4b98ed2 100644 --- a/NetworkPkg/Ip6Dxe/GoogleTest/Ip6OptionGoogleTest.cpp +++ b/NetworkPkg/Ip6Dxe/GoogleTest/Ip6OptionGoogleTest.cpp @@ -12,6 +12,7 @@ extern "C" { #include =0D #include "../Ip6Impl.h"=0D #include "../Ip6Option.h"=0D + #include "Ip6OptionGoogleTest.h"=0D }=0D =0D /////////////////////////////////////////////////////////////////////////= =0D @@ -127,3 +128,284 @@ TEST_F (Ip6OptionValidationTest, InvalidPrefixInfoOpt= ionLengthShouldReturnFalse) =0D EXPECT_FALSE (Ip6IsNDOptionValid (option, optionLen));=0D }=0D +=0D +////////////////////////////////////////////////////////////////////////=0D +// Ip6IsOptionValid Tests=0D +////////////////////////////////////////////////////////////////////////=0D +=0D +// Define a fixture for your tests if needed=0D +class Ip6IsOptionValidTest : public ::testing::Test {=0D +protected:=0D + // Add any setup code if needed=0D + virtual void=0D + SetUp (=0D + )=0D + {=0D + // Initialize any resources or variables=0D + }=0D +=0D + // Add any cleanup code if needed=0D + virtual void=0D + TearDown (=0D + )=0D + {=0D + // Clean up any resources or variables=0D + }=0D +};=0D +=0D +//////////////////////////////////////////////////////////////////////////= /////=0D +// Ip6IsOptionValidTest Tests=0D +//////////////////////////////////////////////////////////////////////////= /////=0D +=0D +// Test Description=0D +// Verify that a NULL option is Invalid=0D +TEST_F (Ip6IsOptionValidTest, NullOptionShouldReturnTrue) {=0D + NET_BUF Packet =3D { 0 };=0D + // we need to define enough of the packet to make the function work=0D + // The function being tested will pass IpSb to Ip6SendIcmpError which is= defined above=0D + IP6_SERVICE *IpSb =3D NULL;=0D +=0D + EFI_IPv6_ADDRESS SourceAddress =3D { 0x20, 0x01, 0x0d, 0xb8, 0x00,= 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0x00, 0x00, 0x42, 0x83, 0x29 };=0D + EFI_IPv6_ADDRESS DestinationAddress =3D { 0x20, 0x01, 0x0d, 0xb8, 0x00,= 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0x00, 0x00, 0x42, 0x83, 0x29 };=0D + EFI_IP6_HEADER Ip6Header =3D { 0 };=0D +=0D + Ip6Header.SourceAddress =3D SourceAddress;=0D + Ip6Header.DestinationAddress =3D DestinationAddress;=0D + Packet.Ip.Ip6 =3D &Ip6Header;=0D +=0D + EXPECT_FALSE (Ip6IsOptionValid (IpSb, &Packet, NULL, 0, 0));=0D +}=0D +=0D +// Test Description=0D +// Verify that an unknown option with a length of 0 and type of = does not cause an infinite loop=0D +TEST_F (Ip6IsOptionValidTest, VerifyNoInfiniteLoopOnUnknownOptionLength0) = {=0D + NET_BUF Packet =3D { 0 };=0D + // we need to define enough of the packet to make the function work=0D + // The function being tested will pass IpSb to Ip6SendIcmpError which is= defined above=0D + UINT32 DeadCode =3D 0xDeadC0de;=0D + // Don't actually use this pointer, just pass it to the function, nothin= g will be done with it=0D + IP6_SERVICE *IpSb =3D (IP6_SERVICE *)&DeadCode;=0D +=0D + EFI_IPv6_ADDRESS SourceAddress =3D { 0x20, 0x01, 0x0d, 0xb8, 0x00,= 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0x00, 0x00, 0x42, 0x83, 0x29 };=0D + EFI_IPv6_ADDRESS DestinationAddress =3D { 0x20, 0x01, 0x0d, 0xb8, 0x00,= 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0x00, 0x00, 0x42, 0x83, 0x29 };=0D + EFI_IP6_HEADER Ip6Header =3D { 0 };=0D +=0D + Ip6Header.SourceAddress =3D SourceAddress;=0D + Ip6Header.DestinationAddress =3D DestinationAddress;=0D + Packet.Ip.Ip6 =3D &Ip6Header;=0D +=0D + IP6_OPTION_HEADER optionHeader;=0D +=0D + optionHeader.Type =3D 23; // Unknown Option=0D + optionHeader.Length =3D 0; // This will cause an infinite loop if the= function is not working correctly=0D +=0D + // This should be a valid option even though the length is 0=0D + EXPECT_TRUE (Ip6IsOptionValid (IpSb, &Packet, (UINT8 *)&optionHeader, si= zeof (optionHeader), 0));=0D +}=0D +=0D +// Test Description=0D +// Verify that an unknown option with a length of 1 and type of = does not cause an infinite loop=0D +TEST_F (Ip6IsOptionValidTest, VerifyNoInfiniteLoopOnUnknownOptionLength1) = {=0D + NET_BUF Packet =3D { 0 };=0D + // we need to define enough of the packet to make the function work=0D + // The function being tested will pass IpSb to Ip6SendIcmpError which is= defined above=0D + UINT32 DeadCode =3D 0xDeadC0de;=0D + // Don't actually use this pointer, just pass it to the function, nothin= g will be done with it=0D + IP6_SERVICE *IpSb =3D (IP6_SERVICE *)&DeadCode;=0D +=0D + EFI_IPv6_ADDRESS SourceAddress =3D { 0x20, 0x01, 0x0d, 0xb8, 0x00,= 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0x00, 0x00, 0x42, 0x83, 0x29 };=0D + EFI_IPv6_ADDRESS DestinationAddress =3D { 0x20, 0x01, 0x0d, 0xb8, 0x00,= 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0x00, 0x00, 0x42, 0x83, 0x29 };=0D + EFI_IP6_HEADER Ip6Header =3D { 0 };=0D +=0D + Ip6Header.SourceAddress =3D SourceAddress;=0D + Ip6Header.DestinationAddress =3D DestinationAddress;=0D + Packet.Ip.Ip6 =3D &Ip6Header;=0D +=0D + IP6_OPTION_HEADER optionHeader;=0D +=0D + optionHeader.Type =3D 23; // Unknown Option=0D + optionHeader.Length =3D 1; // This will cause an infinite loop if the= function is not working correctly=0D +=0D + EXPECT_TRUE (Ip6IsOptionValid (IpSb, &Packet, (UINT8 *)&optionHeader, si= zeof (optionHeader), 0));=0D +}=0D +=0D +// Test Description=0D +// Verify that an unknown option with a length of 2 and type of = does not cause an infinite loop=0D +TEST_F (Ip6IsOptionValidTest, VerifyIpSkipUnknownOption) {=0D + NET_BUF Packet =3D { 0 };=0D + // we need to define enough of the packet to make the function work=0D + // The function being tested will pass IpSb to Ip6SendIcmpError which is= defined above=0D + UINT32 DeadCode =3D 0xDeadC0de;=0D + // Don't actually use this pointer, just pass it to the function, nothin= g will be done with it=0D + IP6_SERVICE *IpSb =3D (IP6_SERVICE *)&DeadCode;=0D +=0D + EFI_IPv6_ADDRESS SourceAddress =3D { 0x20, 0x01, 0x0d, 0xb8, 0x00,= 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0x00, 0x00, 0x42, 0x83, 0x29 };=0D + EFI_IPv6_ADDRESS DestinationAddress =3D { 0x20, 0x01, 0x0d, 0xb8, 0x00,= 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0x00, 0x00, 0x42, 0x83, 0x29 };=0D + EFI_IP6_HEADER Ip6Header =3D { 0 };=0D +=0D + Ip6Header.SourceAddress =3D SourceAddress;=0D + Ip6Header.DestinationAddress =3D DestinationAddress;=0D + Packet.Ip.Ip6 =3D &Ip6Header;=0D +=0D + IP6_OPTION_HEADER optionHeader;=0D +=0D + optionHeader.Type =3D 23; // Unknown Option=0D + optionHeader.Length =3D 2; // Valid length for an unknown option=0D +=0D + EXPECT_TRUE (Ip6IsOptionValid (IpSb, &Packet, (UINT8 *)&optionHeader, si= zeof (optionHeader), 0));=0D +}=0D +=0D +// Test Description=0D +// Verify that Ip6OptionPad1 is valid with a length of 0=0D +TEST_F (Ip6IsOptionValidTest, VerifyIp6OptionPad1) {=0D + NET_BUF Packet =3D { 0 };=0D + // we need to define enough of the packet to make the function work=0D + // The function being tested will pass IpSb to Ip6SendIcmpError which is= defined above=0D + UINT32 DeadCode =3D 0xDeadC0de;=0D + // Don't actually use this pointer, just pass it to the function, nothin= g will be done with it=0D + IP6_SERVICE *IpSb =3D (IP6_SERVICE *)&DeadCode;=0D +=0D + EFI_IPv6_ADDRESS SourceAddress =3D { 0x20, 0x01, 0x0d, 0xb8, 0x00,= 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0x00, 0x00, 0x42, 0x83, 0x29 };=0D + EFI_IPv6_ADDRESS DestinationAddress =3D { 0x20, 0x01, 0x0d, 0xb8, 0x00,= 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0x00, 0x00, 0x42, 0x83, 0x29 };=0D + EFI_IP6_HEADER Ip6Header =3D { 0 };=0D +=0D + Ip6Header.SourceAddress =3D SourceAddress;=0D + Ip6Header.DestinationAddress =3D DestinationAddress;=0D + Packet.Ip.Ip6 =3D &Ip6Header;=0D +=0D + IP6_OPTION_HEADER optionHeader;=0D +=0D + optionHeader.Type =3D Ip6OptionPad1;=0D + optionHeader.Length =3D 0;=0D +=0D + EXPECT_TRUE (Ip6IsOptionValid (IpSb, &Packet, (UINT8 *)&optionHeader, si= zeof (optionHeader), 0));=0D +}=0D +=0D +// Test Description=0D +// Verify that Ip6OptionPadN doesn't overflow with various lengths=0D +TEST_F (Ip6IsOptionValidTest, VerifyIp6OptionPadN) {=0D + NET_BUF Packet =3D { 0 };=0D + // we need to define enough of the packet to make the function work=0D + // The function being tested will pass IpSb to Ip6SendIcmpError which is= defined above=0D + UINT32 DeadCode =3D 0xDeadC0de;=0D + // Don't actually use this pointer, just pass it to the function, nothin= g will be done with it=0D + IP6_SERVICE *IpSb =3D (IP6_SERVICE *)&DeadCode;=0D +=0D + EFI_IPv6_ADDRESS SourceAddress =3D { 0x20, 0x01, 0x0d, 0xb8, 0x00,= 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0x00, 0x00, 0x42, 0x83, 0x29 };=0D + EFI_IPv6_ADDRESS DestinationAddress =3D { 0x20, 0x01, 0x0d, 0xb8, 0x00,= 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0x00, 0x00, 0x42, 0x83, 0x29 };=0D + EFI_IP6_HEADER Ip6Header =3D { 0 };=0D +=0D + Ip6Header.SourceAddress =3D SourceAddress;=0D + Ip6Header.DestinationAddress =3D DestinationAddress;=0D + Packet.Ip.Ip6 =3D &Ip6Header;=0D +=0D + IP6_OPTION_HEADER optionHeader;=0D +=0D + optionHeader.Type =3D Ip6OptionPadN;=0D + optionHeader.Length =3D 0xFF;=0D + EXPECT_TRUE (Ip6IsOptionValid (IpSb, &Packet, (UINT8 *)&optionHeader, si= zeof (optionHeader), 0));=0D +=0D + optionHeader.Length =3D 0xFE;=0D + EXPECT_TRUE (Ip6IsOptionValid (IpSb, &Packet, (UINT8 *)&optionHeader, si= zeof (optionHeader), 0));=0D +=0D + optionHeader.Length =3D 0xFD;=0D + EXPECT_TRUE (Ip6IsOptionValid (IpSb, &Packet, (UINT8 *)&optionHeader, si= zeof (optionHeader), 0));=0D +=0D + optionHeader.Length =3D 0xFC;=0D + EXPECT_TRUE (Ip6IsOptionValid (IpSb, &Packet, (UINT8 *)&optionHeader, si= zeof (optionHeader), 0));=0D +}=0D +=0D +// Test Description=0D +// Verify an unknown option doesn't cause an infinite loop with various le= ngths=0D +TEST_F (Ip6IsOptionValidTest, VerifyNoInfiniteLoopOnUnknownOptionLengthAtt= emptOverflow) {=0D + NET_BUF Packet =3D { 0 };=0D + // we need to define enough of the packet to make the function work=0D + // The function being tested will pass IpSb to Ip6SendIcmpError which is= defined above=0D + UINT32 DeadCode =3D 0xDeadC0de;=0D + // Don't actually use this pointer, just pass it to the function, nothin= g will be done with it=0D + IP6_SERVICE *IpSb =3D (IP6_SERVICE *)&DeadCode;=0D +=0D + EFI_IPv6_ADDRESS SourceAddress =3D { 0x20, 0x01, 0x0d, 0xb8, 0x00,= 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0x00, 0x00, 0x42, 0x83, 0x29 };=0D + EFI_IPv6_ADDRESS DestinationAddress =3D { 0x20, 0x01, 0x0d, 0xb8, 0x00,= 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0x00, 0x00, 0x42, 0x83, 0x29 };=0D + EFI_IP6_HEADER Ip6Header =3D { 0 };=0D +=0D + Ip6Header.SourceAddress =3D SourceAddress;=0D + Ip6Header.DestinationAddress =3D DestinationAddress;=0D + Packet.Ip.Ip6 =3D &Ip6Header;=0D +=0D + IP6_OPTION_HEADER optionHeader;=0D +=0D + optionHeader.Type =3D 23; // Unknown Option=0D + optionHeader.Length =3D 0xFF;=0D + EXPECT_TRUE (Ip6IsOptionValid (IpSb, &Packet, (UINT8 *)&optionHeader, si= zeof (optionHeader), 0));=0D +=0D + optionHeader.Length =3D 0xFE;=0D + EXPECT_TRUE (Ip6IsOptionValid (IpSb, &Packet, (UINT8 *)&optionHeader, si= zeof (optionHeader), 0));=0D +=0D + optionHeader.Length =3D 0xFD;=0D + EXPECT_TRUE (Ip6IsOptionValid (IpSb, &Packet, (UINT8 *)&optionHeader, si= zeof (optionHeader), 0));=0D +=0D + optionHeader.Length =3D 0xFC;=0D + EXPECT_TRUE (Ip6IsOptionValid (IpSb, &Packet, (UINT8 *)&optionHeader, si= zeof (optionHeader), 0));=0D +}=0D +=0D +// Test Description=0D +// Verify that the function supports multiple options=0D +TEST_F (Ip6IsOptionValidTest, MultiOptionSupport) {=0D + UINT16 HdrLen;=0D + NET_BUF Packet =3D { 0 };=0D + // we need to define enough of the packet to make the function work=0D + // The function being tested will pass IpSb to Ip6SendIcmpError which is= defined above=0D + UINT32 DeadCode =3D 0xDeadC0de;=0D + // Don't actually use this pointer, just pass it to the function, nothin= g will be done with it=0D + IP6_SERVICE *IpSb =3D (IP6_SERVICE *)&DeadCode;=0D +=0D + EFI_IPv6_ADDRESS SourceAddress =3D { 0x20, 0x01, 0x0d, 0xb8, 0x00,= 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0x00, 0x00, 0x42, 0x83, 0x29 };=0D + EFI_IPv6_ADDRESS DestinationAddress =3D { 0x20, 0x01, 0x0d, 0xb8, 0x00,= 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0x00, 0x00, 0x42, 0x83, 0x29 };=0D + EFI_IP6_HEADER Ip6Header =3D { 0 };=0D +=0D + Ip6Header.SourceAddress =3D SourceAddress;=0D + Ip6Header.DestinationAddress =3D DestinationAddress;=0D + Packet.Ip.Ip6 =3D &Ip6Header;=0D +=0D + UINT8 ExtHdr[1024] =3D { 0 };=0D + UINT8 *Cursor =3D ExtHdr;=0D + IP6_OPTION_HEADER *Option =3D (IP6_OPTION_HEADER *)ExtHdr;=0D +=0D + // Let's start chaining options=0D +=0D + Option->Type =3D 23; // Unknown Option=0D + Option->Length =3D 0xFC;=0D +=0D + Cursor +=3D sizeof (IP6_OPTION_HEADER) + 0xFC;=0D +=0D + Option =3D (IP6_OPTION_HEADER *)Cursor;=0D + Option->Type =3D Ip6OptionPad1;=0D +=0D + Cursor +=3D sizeof (1);=0D +=0D + // Type and length aren't processed, instead it just moves the pointer f= orward by 4 bytes=0D + Option =3D (IP6_OPTION_HEADER *)Cursor;=0D + Option->Type =3D Ip6OptionRouterAlert;=0D + Option->Length =3D 4;=0D +=0D + Cursor +=3D sizeof (IP6_OPTION_HEADER) + 4;=0D +=0D + Option =3D (IP6_OPTION_HEADER *)Cursor;=0D + Option->Type =3D Ip6OptionPadN;=0D + Option->Length =3D 0xFC;=0D +=0D + Cursor +=3D sizeof (IP6_OPTION_HEADER) + 0xFC;=0D +=0D + Option =3D (IP6_OPTION_HEADER *)Cursor;=0D + Option->Type =3D Ip6OptionRouterAlert;=0D + Option->Length =3D 4;=0D +=0D + Cursor +=3D sizeof (IP6_OPTION_HEADER) + 4;=0D +=0D + // Total 524=0D +=0D + HdrLen =3D (UINT16)(Cursor - ExtHdr);=0D +=0D + EXPECT_TRUE (Ip6IsOptionValid (IpSb, &Packet, ExtHdr, HdrLen, 0));=0D +}=0D --=20 2.43.0 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#114260): https://edk2.groups.io/g/devel/message/114260 Mute This Topic: https://groups.io/mt/103926739/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=-=-=-=-=-=-=-=-=-=-=-