From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga07.intel.com (mga07.intel.com [134.134.136.100]) by mx.groups.io with SMTP id smtpd.web10.2646.1572240861103222202 for ; Sun, 27 Oct 2019 22:34:21 -0700 Authentication-Results: mx.groups.io; dkim=missing; spf=pass (domain: intel.com, ip: 134.134.136.100, mailfrom: jian.j.wang@intel.com) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga006.fm.intel.com ([10.253.24.20]) by orsmga105.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 27 Oct 2019 22:34:20 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.68,238,1569308400"; d="scan'208";a="400709550" Received: from fmsmsx103.amr.corp.intel.com ([10.18.124.201]) by fmsmga006.fm.intel.com with ESMTP; 27 Oct 2019 22:34:20 -0700 Received: from shsmsx102.ccr.corp.intel.com (10.239.4.154) by FMSMSX103.amr.corp.intel.com (10.18.124.201) with Microsoft SMTP Server (TLS) id 14.3.439.0; Sun, 27 Oct 2019 22:34:19 -0700 Received: from shsmsx107.ccr.corp.intel.com ([169.254.9.63]) by shsmsx102.ccr.corp.intel.com ([169.254.2.108]) with mapi id 14.03.0439.000; Mon, 28 Oct 2019 13:34:19 +0800 From: "Wang, Jian J" To: Laszlo Ersek , edk2-devel-groups-io CC: David Woodhouse , "Wu, Jiaxin" , Sivaraman Nainar , "Lu, XiaoyuX" Subject: Re: [PATCH v2 4/8] CryptoPkg/Crt: satisfy "inet_pton.c" dependencies (CVE-2019-14553) Thread-Topic: [PATCH v2 4/8] CryptoPkg/Crt: satisfy "inet_pton.c" dependencies (CVE-2019-14553) Thread-Index: AQHVi7990qlVcfw+KkK8olp6Dtz/eadvixPw Date: Mon, 28 Oct 2019 05:34:18 +0000 Message-ID: References: <20191026053719.10453-1-lersek@redhat.com> <20191026053719.10453-5-lersek@redhat.com> In-Reply-To: <20191026053719.10453-5-lersek@redhat.com> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-titus-metadata-40: eyJDYXRlZ29yeUxhYmVscyI6IiIsIk1ldGFkYXRhIjp7Im5zIjoiaHR0cDpcL1wvd3d3LnRpdHVzLmNvbVwvbnNcL0ludGVsMyIsImlkIjoiY2ZiZmVlMzUtM2E5Mi00ZWI2LThkMTktNDBmMzA3NmRiMzg0IiwicHJvcHMiOlt7Im4iOiJDVFBDbGFzc2lmaWNhdGlvbiIsInZhbHMiOlt7InZhbHVlIjoiQ1RQX05UIn1dfV19LCJTdWJqZWN0TGFiZWxzIjpbXSwiVE1DVmVyc2lvbiI6IjE3LjEwLjE4MDQuNDkiLCJUcnVzdGVkTGFiZWxIYXNoIjoialp6UHlTM1pRczNVU2ozV3NpR2lub2VKalFxdVhtamFRZU9GcUtkeFVLc1k1TVJiT1N0SHFXQlM5NU5YRmVEciJ9 x-ctpclassification: CTP_NT dlp-product: dlpe-windows dlp-version: 11.2.0.6 dlp-reaction: no-action x-originating-ip: [10.239.127.40] MIME-Version: 1.0 Return-Path: jian.j.wang@intel.com Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Reviewed-by: Jian J Wang Regards, Jian > -----Original Message----- > From: Laszlo Ersek > Sent: Saturday, October 26, 2019 1:37 PM > To: edk2-devel-groups-io > Cc: David Woodhouse ; Wang, Jian J > ; Wu, Jiaxin ; Sivaraman Nain= ar > ; Lu, XiaoyuX > Subject: [PATCH v2 4/8] CryptoPkg/Crt: satisfy "inet_pton.c" dependencies= (CVE- > 2019-14553) >=20 > In a later patch in this series, we're going to resurrect "inet_pton.c" > (originally from the StdLib package). That source file has a number of > standard C and BSD socket dependencies. Provide those dependencies here: >=20 > - The header files below will simply #include : >=20 > - arpa/inet.h > - arpa/nameser.h > - netinet/in.h > - sys/param.h > - sys/socket.h >=20 > - EAFNOSUPPORT comes from "StdLib/Include/errno.h", at commit > e2d3a25f1a31; which is the commit immediately preceding the removal of > StdLib from edk2 (964f432b9b0a). >=20 > Note that the other error macro, which we alread #define, namely EINVAL= , > has a value (22) that also matches "StdLib/Include/errno.h". >=20 > - The AF_INET and AF_INET6 address family macros come from > "StdLib/Include/sys/socket.h". >=20 > - The NS_INT16SZ, NS_INADDRSZ and NS_IN6ADDRSZ macros come from > "StdLib/Include/arpa/nameser.h". >=20 > - The "u_int" and "u_char" types come from "StdLib/Include/sys/types.h". >=20 > Cc: David Woodhouse > Cc: Jian J Wang > Cc: Jiaxin Wu > Cc: Sivaraman Nainar > Cc: Xiaoyu Lu > Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=3D960 > CVE: CVE-2019-14553 > Signed-off-by: Laszlo Ersek > --- >=20 > Notes: > v2: > - new patch >=20 > CryptoPkg/Library/Include/CrtLibSupport.h | 16 ++++++++++++++++ > CryptoPkg/Library/Include/arpa/inet.h | 9 +++++++++ > CryptoPkg/Library/Include/arpa/nameser.h | 9 +++++++++ > CryptoPkg/Library/Include/netinet/in.h | 9 +++++++++ > CryptoPkg/Library/Include/sys/param.h | 9 +++++++++ > CryptoPkg/Library/Include/sys/socket.h | 9 +++++++++ > 6 files changed, 61 insertions(+) >=20 > diff --git a/CryptoPkg/Library/Include/CrtLibSupport.h > b/CryptoPkg/Library/Include/CrtLibSupport.h > index b90da20ff7e7..e603fad763f9 100644 > --- a/CryptoPkg/Library/Include/CrtLibSupport.h > +++ b/CryptoPkg/Library/Include/CrtLibSupport.h > @@ -73,22 +73,38 @@ SPDX-License-Identifier: BSD-2-Clause-Patent > // > // Definitions for global constants used by CRT library routines > // > #define EINVAL 22 /* Invalid argument */ > +#define EAFNOSUPPORT 47 /* Address family not supported by > protocol family */ > #define INT_MAX 0x7FFFFFFF /* Maximum (signed) int value */ > #define LONG_MAX 0X7FFFFFFFL /* max value for a long */ > #define LONG_MIN (-LONG_MAX-1) /* min value for a long */ > #define ULONG_MAX 0xFFFFFFFF /* Maximum unsigned long value */ > #define CHAR_BIT 8 /* Number of bits in a char */ >=20 > +// > +// Address families. > +// > +#define AF_INET 2 /* internetwork: UDP, TCP, etc. */ > +#define AF_INET6 24 /* IP version 6 */ > + > +// > +// Define constants based on RFC0883, RFC1034, RFC 1035 > +// > +#define NS_INT16SZ 2 /*%< #/bytes of data in a u_int16_t */ > +#define NS_INADDRSZ 4 /*%< IPv4 T_A */ > +#define NS_IN6ADDRSZ 16 /*%< IPv6 T_AAAA */ > + > // > // Basic types mapping > // > typedef UINTN size_t; > +typedef UINTN u_int; > typedef INTN ssize_t; > typedef INT32 time_t; > typedef UINT8 __uint8_t; > typedef UINT8 sa_family_t; > +typedef UINT8 u_char; > typedef UINT32 uid_t; > typedef UINT32 gid_t; >=20 > // > diff --git a/CryptoPkg/Library/Include/arpa/inet.h > b/CryptoPkg/Library/Include/arpa/inet.h > new file mode 100644 > index 000000000000..988e4e0a73e3 > --- /dev/null > +++ b/CryptoPkg/Library/Include/arpa/inet.h > @@ -0,0 +1,9 @@ > +/** @file > + Include file to support building third-party standard C / BSD sockets = code. > + > + Copyright (C) 2019, Red Hat, Inc. > + > + SPDX-License-Identifier: BSD-2-Clause-Patent > +**/ > + > +#include > diff --git a/CryptoPkg/Library/Include/arpa/nameser.h > b/CryptoPkg/Library/Include/arpa/nameser.h > new file mode 100644 > index 000000000000..988e4e0a73e3 > --- /dev/null > +++ b/CryptoPkg/Library/Include/arpa/nameser.h > @@ -0,0 +1,9 @@ > +/** @file > + Include file to support building third-party standard C / BSD sockets = code. > + > + Copyright (C) 2019, Red Hat, Inc. > + > + SPDX-License-Identifier: BSD-2-Clause-Patent > +**/ > + > +#include > diff --git a/CryptoPkg/Library/Include/netinet/in.h > b/CryptoPkg/Library/Include/netinet/in.h > new file mode 100644 > index 000000000000..988e4e0a73e3 > --- /dev/null > +++ b/CryptoPkg/Library/Include/netinet/in.h > @@ -0,0 +1,9 @@ > +/** @file > + Include file to support building third-party standard C / BSD sockets = code. > + > + Copyright (C) 2019, Red Hat, Inc. > + > + SPDX-License-Identifier: BSD-2-Clause-Patent > +**/ > + > +#include > diff --git a/CryptoPkg/Library/Include/sys/param.h > b/CryptoPkg/Library/Include/sys/param.h > new file mode 100644 > index 000000000000..988e4e0a73e3 > --- /dev/null > +++ b/CryptoPkg/Library/Include/sys/param.h > @@ -0,0 +1,9 @@ > +/** @file > + Include file to support building third-party standard C / BSD sockets = code. > + > + Copyright (C) 2019, Red Hat, Inc. > + > + SPDX-License-Identifier: BSD-2-Clause-Patent > +**/ > + > +#include > diff --git a/CryptoPkg/Library/Include/sys/socket.h > b/CryptoPkg/Library/Include/sys/socket.h > new file mode 100644 > index 000000000000..988e4e0a73e3 > --- /dev/null > +++ b/CryptoPkg/Library/Include/sys/socket.h > @@ -0,0 +1,9 @@ > +/** @file > + Include file to support building third-party standard C / BSD sockets = code. > + > + Copyright (C) 2019, Red Hat, Inc. > + > + SPDX-License-Identifier: BSD-2-Clause-Patent > +**/ > + > +#include > -- > 2.19.1.3.g30247aa5d201 >=20