From: "Wu, Jiaxin" <jiaxin.wu@intel.com>
To: Laszlo Ersek <lersek@redhat.com>,
"edk2-devel@lists.01.org" <edk2-devel@lists.01.org>
Cc: "Ye, Ting" <ting.ye@intel.com>, "Wang, Fan" <fan.wang@intel.com>,
"Fu, Siyuan" <siyuan.fu@intel.com>
Subject: Re: [PATCH v1] NetworkPkg/DnsDxe: Check the received packet size before parsing the message.
Date: Wed, 27 Feb 2019 03:17:06 +0000 [thread overview]
Message-ID: <895558F6EA4E3B41AC93A00D163B727416ED4555@SHSMSX107.ccr.corp.intel.com> (raw)
In-Reply-To: <46aa146d-addb-b14e-37be-12e29b1bc4f4@redhat.com>
Thanks Laszlo, I will update the subject to include the CVE number when commit the patch.
> -----Original Message-----
> From: Laszlo Ersek [mailto:lersek@redhat.com]
> Sent: Tuesday, February 26, 2019 7:17 PM
> To: Wu, Jiaxin <jiaxin.wu@intel.com>; edk2-devel@lists.01.org
> Cc: Ye, Ting <ting.ye@intel.com>; Wang, Fan <fan.wang@intel.com>; Fu, Siyuan
> <siyuan.fu@intel.com>
> Subject: Re: [edk2] [PATCH v1] NetworkPkg/DnsDxe: Check the received packet
> size before parsing the message.
>
> On 02/26/19 09:14, Jiaxin Wu wrote:
> > Fix CVE-2018-12178
> > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=809
> >
> > The DNS driver only checks the received packet size against the
> > minimum DNS header size in DnsOnPacketReceived(), later it accesses
> > the QueryName and QuerySection beyond the header scope, which might
> > cause the pointer within DNS driver points to an invalid entry or
> > modifies the memory content beyond the header scope.
> >
> > This patch is to fix above problem.
> >
> > Cc: Ye Ting <ting.ye@intel.com>
> > Cc: Fu Siyuan <siyuan.fu@intel.com>
> > Cc: Wang Fan <fan.wang@intel.com>
> > Contributed-under: TianoCore Contribution Agreement 1.0
> > Signed-off-by: Wu Jiaxin <jiaxin.wu@intel.com>
> > ---
> > NetworkPkg/DnsDxe/DnsImpl.c | 77 ++++++++++++++++++++++++++++++++--
> ---
> > NetworkPkg/DnsDxe/DnsImpl.h | 2 +
> > 2 files changed, 69 insertions(+), 10 deletions(-)
>
> Please put the precise CVE number in the subject line.
>
> Laszlo
prev parent reply other threads:[~2019-02-27 3:17 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-02-26 8:14 [PATCH v1] NetworkPkg/DnsDxe: Check the received packet size before parsing the message Jiaxin Wu
2019-02-26 8:24 ` Fu, Siyuan
2019-02-26 11:16 ` Laszlo Ersek
2019-02-27 3:17 ` Wu, Jiaxin [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=895558F6EA4E3B41AC93A00D163B727416ED4555@SHSMSX107.ccr.corp.intel.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox