From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <bounce+27952+115364+7686176+12367111@groups.io>
Received: from mail02.groups.io (mail02.groups.io [66.175.222.108])
	by spool.mail.gandi.net (Postfix) with ESMTPS id DCD527803DF
	for <rebecca@openfw.io>; Mon, 12 Feb 2024 17:15:11 +0000 (UTC)
DKIM-Signature: a=rsa-sha256; bh=N0pNvsKMeAIm3m2MI2vIQPX7UmhLZ1Fii6X0GYF1O/Q=;
 c=relaxed/simple; d=groups.io;
 h=MIME-Version:References:In-Reply-To:From:Date:Message-ID:Subject:To:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Type:Content-Transfer-Encoding;
 s=20140610; t=1707758110; v=1;
 b=EVjGgajxOj/n4BBlcWoeByZ4PXzHeBGOm7YWtis5K707caKAl9W/tU4AejbRVYN6hVJCYjqO
 Mlj+HvaiI7YPuuZGHCCNGC2nYjKZ0iE/cdbKRMcQT0wVfYvuRtlGogoa3am4g5wAJbZg6NBgI2W
 SJpH9HTB5M6o0IaRa8EC/qBc=
X-Received: by 127.0.0.2 with SMTP id YRdAYY7687511xTHRyiQVhh7; Mon, 12 Feb 2024 09:15:10 -0800
X-Received: from mail-ot1-f46.google.com (mail-ot1-f46.google.com [209.85.210.46])
 by mx.groups.io with SMTP id smtpd.web11.12190.1707758110142773365
 for <devel@edk2.groups.io>;
 Mon, 12 Feb 2024 09:15:10 -0800
X-Received: by mail-ot1-f46.google.com with SMTP id 46e09a7af769-6e2e096e2ccso755114a34.2
        for <devel@edk2.groups.io>; Mon, 12 Feb 2024 09:15:10 -0800 (PST)
X-Gm-Message-State: X1SEzDEhmWdc2MGh6UaQZ3gJx7686176AA=
X-Google-Smtp-Source: AGHT+IFtjErqQQenNGN1xUNRW0b8MQjIToQrSSnuK5lg1DDYMJ7MkUr5j/QgbIdaxAjN9gmxaEQhVaxzS05G2uFQimg=
X-Received: by 2002:a05:6358:b08c:b0:178:f47f:e5ac with SMTP id
 b12-20020a056358b08c00b00178f47fe5acmr5481030rwo.13.1707758109197; Mon, 12
 Feb 2024 09:15:09 -0800 (PST)
MIME-Version: 1.0
References: <cover.1707534069.git.doug.edk2@gmail.com>
In-Reply-To: <cover.1707534069.git.doug.edk2@gmail.com>
From: "Doug Flick via groups.io" <dougflick=microsoft.com@groups.io>
Date: Mon, 12 Feb 2024 09:14:58 -0800
Message-ID: <CAFV7jSX-DyvqqJ5QkBZaCOzek1yhwHGoDSa8nib_bk=jaGFqoA@mail.gmail.com>
Subject: Re: [edk2-devel] [PATCH 0/3] [edk2-stable202402] Corrects additional concern in NetworkPkg
To: devel@edk2.groups.io
Precedence: Bulk
List-Subscribe: <mailto:devel+subscribe@edk2.groups.io>
List-Help: <mailto:devel+help@edk2.groups.io>
Sender: devel@edk2.groups.io
List-Id: <devel.edk2.groups.io>
Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io
Reply-To: devel@edk2.groups.io,dougflick@microsoft.com
List-Unsubscribe-Post: List-Unsubscribe=One-Click
List-Unsubscribe: <https://edk2.groups.io/g/devel/leave/12367111/7686176/1913456212/plugh>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-GND-Status: LEGIT
Authentication-Results: spool.mail.gandi.net;
	dkim=pass header.d=groups.io header.s=20140610 header.b=EVjGgajx;
	dmarc=pass (policy=none) header.from=groups.io;
	spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce@groups.io

Additional details requested for why this change should go in this
release after the code freeze.

1. The additional security concern refers to  4673 =E2=80=93 edk2/NetworkPk=
g:
Out-of-bounds read when processing IA_NA/IA_TA options in a DHCPv6
Advertise message (tianocore.org). Which was seen as:

"[...] this is very closely related to CVE-2023-45229, which is
already public, see no need to embargo. Making this BZ public.

CVE-2023-45229 was very recently mitigated under BZ 4518.  We Will fix
this as an enhancement to the patches for BZ 4518."

While no PoC exists for this bug of an abundance of caution, it's
critical that this "enhancement" make it into the release

2. Corrects an incorrect offset

    - StsCode =3D NTOHS (ReadUnaligned16 ((UINT16
*)(DHCP6_OFFSET_OF_OPT_LEN (Option))));
    + StsCode =3D NTOHS (ReadUnaligned16 ((UINT16
*)(DHCP6_OFFSET_OF_STATUS_CODE (Option))));

3. Adds the additional commits to a security yaml file so downstream
consumer may find the commits and ensure they have the patches - or
have the commits so they can cherry pick them appropriately.



On Fri, Feb 9, 2024 at 6:04=E2=80=AFPM Douglas Flick [MSFT] <doug.edk2@gmai=
l.com> wrote:
>
> After talking with Micheal Kinney, I was advised to resend
> these with edk2-stable202402, and CC Stewards.
>
> These patches are time sensitive and need reviews.
>
> This patch series corrects an additional security concern
> found in Dhc6Dxe related to CVE-2023-45229.
>
> Additionally this fixes some issues on the mailing list
> that were not pulled in before merging into Edk2.
>
> Cc: Saloni Kasbekar <saloni.kasbekar@intel.com>
> Cc: Zachary Clark-williams <zachary.clark-williams@intel.com>
>
> Cc: Andrew Fish <afish@apple.com>
> Cc: Leif Lindholm <quic_llindhol@quicinc.com>
> Cc: Michael D Kinney <michael.d.kinney@intel.com>
>
> Doug Flick (3):
>   [edk2-stable202402] NetworkPkg: Dhcp6Dxe: SECURITY PATCH
>     CVE-2023-45229 Related Patch
>   [edk2-stable202402] NetworkPkg: Dhcp6Dxe: Additional Code Cleanup
>   [edk2-stable202402] NetworkPkg: : Updating SecurityFixes.yaml
>
>  NetworkPkg/Dhcp6Dxe/Dhcp6Io.c      | 232 +++++++++++++++++------------
>  NetworkPkg/Dhcp6Dxe/Dhcp6Utility.c |  20 +--
>  NetworkPkg/SecurityFixes.yaml      |   1 +
>  3 files changed, 141 insertions(+), 112 deletions(-)
>
> --
> 2.43.0


-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#115364): https://edk2.groups.io/g/devel/message/115364
Mute This Topic: https://groups.io/mt/104272125/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-