Thanks for the details Doug.
I have applied the Rb tags and opened a PR:
https://github.com/tianocore/edk2/pull/5372
Mike
From: devel@edk2.groups.io <devel@edk2.groups.io>
On Behalf Of Doug Flick via groups.io
Sent: Tuesday, February 13, 2024 3:31 PM
To: Kasbekar, Saloni <saloni.kasbekar@intel.com>; devel@edk2.groups.io
Subject: Re: [edk2-devel] [PATCH v2 1/4] NetworkPkg: Dhcp6Dxe: SECURITY PATCH CVE-2023-45229 Related Patch
Saloni,
Yeah there was never any tests that showed this bug exists mostly it was brought up through static analysis since it's related to a known CVE. I have written some unit tests (that I'm not particularly satisfied with) that show that I'm hitting the desired
code paths that can trigger the issue. However this code path is not particularly nice to unit tests because the first option I have for a status code that isn't EFI_DEVICE_ERROR occurs in Dhcp6GenerateIaCb and I had to do some gross things to satisfy Dhcp6ParseAddrOption.
Regardless through that testing I can confirm that I can hit the code paths that I need to be testing for this change. The Dhcp6SeekInnerOptionSafe function is well unit tested, and the code pattern is used elsewhere and is unit tested. So, I feel confident
with the unit testing I have done that this change is successful, and I would like to follow up with unit tests / more code cleanup once we're out of code cleanup.
Further, I've performed a PxeBoot to ensure the device still boots - but that test generally doesn't feel like it's good enough for any confidence since I have no control over the code path.
If you would like I can upload the Unit tests, but they're likely to undergo more changes and I wouldn't recommend getting them in right now.