From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga01.intel.com (mga01.intel.com [192.55.52.88]) by mx.groups.io with SMTP id smtpd.web09.2789.1572243382752079072 for ; Sun, 27 Oct 2019 23:16:22 -0700 Authentication-Results: mx.groups.io; dkim=missing; spf=pass (domain: intel.com, ip: 192.55.52.88, mailfrom: jian.j.wang@intel.com) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga007.fm.intel.com ([10.253.24.52]) by fmsmga101.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 27 Oct 2019 23:16:22 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.68,239,1569308400"; d="scan'208";a="198553006" Received: from fmsmsx104.amr.corp.intel.com ([10.18.124.202]) by fmsmga007.fm.intel.com with ESMTP; 27 Oct 2019 23:16:22 -0700 Received: from fmsmsx603.amr.corp.intel.com (10.18.126.83) by fmsmsx104.amr.corp.intel.com (10.18.124.202) with Microsoft SMTP Server (TLS) id 14.3.439.0; Sun, 27 Oct 2019 23:16:22 -0700 Received: from fmsmsx603.amr.corp.intel.com (10.18.126.83) by fmsmsx603.amr.corp.intel.com (10.18.126.83) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1713.5; Sun, 27 Oct 2019 23:16:21 -0700 Received: from shsmsx152.ccr.corp.intel.com (10.239.6.52) by fmsmsx603.amr.corp.intel.com (10.18.126.83) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256) id 15.1.1713.5 via Frontend Transport; Sun, 27 Oct 2019 23:16:21 -0700 Received: from shsmsx107.ccr.corp.intel.com ([169.254.9.63]) by SHSMSX152.ccr.corp.intel.com ([169.254.6.2]) with mapi id 14.03.0439.000; Mon, 28 Oct 2019 14:16:19 +0800 From: "Wang, Jian J" To: Laszlo Ersek , edk2-devel-groups-io CC: David Woodhouse , "Wu, Jiaxin" , Sivaraman Nainar , "Lu, XiaoyuX" Subject: Re: [PATCH v2 5/8] CryptoPkg/Crt: import "inet_pton.c" (CVE-2019-14553) Thread-Topic: [PATCH v2 5/8] CryptoPkg/Crt: import "inet_pton.c" (CVE-2019-14553) Thread-Index: AQHVi7+KjAENQqbCOUerjCyItI/PJ6dvltMA Date: Mon, 28 Oct 2019 06:16:18 +0000 Message-ID: References: <20191026053719.10453-1-lersek@redhat.com> <20191026053719.10453-6-lersek@redhat.com> In-Reply-To: <20191026053719.10453-6-lersek@redhat.com> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-titus-metadata-40: eyJDYXRlZ29yeUxhYmVscyI6IiIsIk1ldGFkYXRhIjp7Im5zIjoiaHR0cDpcL1wvd3d3LnRpdHVzLmNvbVwvbnNcL0ludGVsMyIsImlkIjoiMmM0ZTUyMDItNDlmNS00Y2NmLWI4NGItYzM0MTBmNjlhNjY4IiwicHJvcHMiOlt7Im4iOiJDVFBDbGFzc2lmaWNhdGlvbiIsInZhbHMiOlt7InZhbHVlIjoiQ1RQX05UIn1dfV19LCJTdWJqZWN0TGFiZWxzIjpbXSwiVE1DVmVyc2lvbiI6IjE3LjEwLjE4MDQuNDkiLCJUcnVzdGVkTGFiZWxIYXNoIjoibFwvSXgzcDYrYW5PVjRwNHRJV1Q1c0tPVTdsMUdCTmZQbW9Mbm53YVZGNXh6bEFEUk9Wckt2blVvcDZsMUF2dUkifQ== x-ctpclassification: CTP_NT dlp-product: dlpe-windows dlp-version: 11.2.0.6 dlp-reaction: no-action x-originating-ip: [10.239.127.40] MIME-Version: 1.0 Return-Path: jian.j.wang@intel.com Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Reviewed-by: Jian J Wang Regards, Jian > -----Original Message----- > From: Laszlo Ersek > Sent: Saturday, October 26, 2019 1:37 PM > To: edk2-devel-groups-io > Cc: David Woodhouse ; Wang, Jian J > ; Wu, Jiaxin ; Sivaraman Nain= ar > ; Lu, XiaoyuX > Subject: [PATCH v2 5/8] CryptoPkg/Crt: import "inet_pton.c" (CVE-2019-145= 53) >=20 > For TianoCore BZ#1734, StdLib has been moved from the edk2 project to the > edk2-libc project, in commit 964f432b9b0a ("edk2: Remove AppPkg, StdLib, > StdLibPrivateInternalFiles", 2019-04-29). >=20 > We'd like to use the inet_pton() function in CryptoPkg. Resurrect the > "inet_pton.c" file from just before the StdLib removal, as follows: >=20 > $ git show \ > 964f432b9b0a^:StdLib/BsdSocketLib/inet_pton.c \ > > CryptoPkg/Library/BaseCryptLib/SysCall/inet_pton.c >=20 > The inet_pton() function is only intended for the DXE phase at this time, > therefore only the "BaseCryptLib" instance INF file receives the new file= . >=20 > Cc: David Woodhouse > Cc: Jian J Wang > Cc: Jiaxin Wu > Cc: Sivaraman Nainar > Cc: Xiaoyu Lu > Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=3D960 > CVE: CVE-2019-14553 > Signed-off-by: Laszlo Ersek > --- >=20 > Notes: > v2: > - new patch >=20 > CryptoPkg/Library/Include/CrtLibSupport.h | 1 + > CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf | 1 + > CryptoPkg/Library/BaseCryptLib/SysCall/inet_pton.c | 257 > ++++++++++++++++++++ > 3 files changed, 259 insertions(+) >=20 > diff --git a/CryptoPkg/Library/Include/CrtLibSupport.h > b/CryptoPkg/Library/Include/CrtLibSupport.h > index e603fad763f9..5a20ba636fff 100644 > --- a/CryptoPkg/Library/Include/CrtLibSupport.h > +++ b/CryptoPkg/Library/Include/CrtLibSupport.h > @@ -191,8 +191,9 @@ char *secure_getenv (const char *); > void abort (void) __attribute__((__noreturn__)); > #else > void abort (void); > #endif > +int inet_pton (int, const char *, void *); >=20 > // > // Macros that directly map functions to BaseLib, BaseMemoryLib, and > DebugLib functions > // > diff --git a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf > b/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf > index a98be2cd9590..dc9e6e5d45f9 100644 > --- a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf > +++ b/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf > @@ -57,8 +57,9 @@ [Sources] >=20 > SysCall/CrtWrapper.c > SysCall/TimerWrapper.c > SysCall/BaseMemAllocation.c > + SysCall/inet_pton.c >=20 > [Sources.Ia32] > Rand/CryptRandTsc.c >=20 > diff --git a/CryptoPkg/Library/BaseCryptLib/SysCall/inet_pton.c > b/CryptoPkg/Library/BaseCryptLib/SysCall/inet_pton.c > new file mode 100644 > index 000000000000..32e1ab8690e6 > --- /dev/null > +++ b/CryptoPkg/Library/BaseCryptLib/SysCall/inet_pton.c > @@ -0,0 +1,257 @@ > +/* Copyright (c) 1996 by Internet Software Consortium. > + * > + * Permission to use, copy, modify, and distribute this software for any > + * purpose with or without fee is hereby granted, provided that the abov= e > + * copyright notice and this permission notice appear in all copies. > + * > + * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE > CONSORTIUM DISCLAIMS > + * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL > IMPLIED WARRANTIES > + * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET > SOFTWARE > + * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR > CONSEQUENTIAL > + * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, > DATA OR > + * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER > TORTIOUS > + * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR > PERFORMANCE OF THIS > + * SOFTWARE. > + */ > + > +/* > + * Portions copyright (c) 1999, 2000 > + * Intel Corporation. > + * All rights reserved. > + * > + * Redistribution and use in source and binary forms, with or without > + * modification, are permitted provided that the following conditions > + * are met: > + * > + * 1. Redistributions of source code must retain the above copyright > + * notice, this list of conditions and the following disclaimer. > + * > + * 2. Redistributions in binary form must reproduce the above copyright > + * notice, this list of conditions and the following disclaimer in th= e > + * documentation and/or other materials provided with the distributio= n. > + * > + * 3. All advertising materials mentioning features or use of this softw= are > + * must display the following acknowledgement: > + * > + * This product includes software developed by Intel Corporation and > + * its contributors. > + * > + * 4. Neither the name of Intel Corporation or its contributors may be > + * used to endorse or promote products derived from this software > + * without specific prior written permission. > + * > + * THIS SOFTWARE IS PROVIDED BY INTEL CORPORATION AND CONTRIBUTORS > ``AS IS'' > + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT > LIMITED TO, THE > + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A > PARTICULAR PURPOSE > + * ARE DISCLAIMED. IN NO EVENT SHALL INTEL CORPORATION OR > CONTRIBUTORS BE > + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR > + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, > PROCUREMENT OF > + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR > BUSINESS > + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, > WHETHER IN > + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR > OTHERWISE) > + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF > ADVISED OF > + * THE POSSIBILITY OF SUCH DAMAGE. > + * > + */ > + > +#if defined(LIBC_SCCS) && !defined(lint) > +static char rcsid[] =3D "$Id: inet_pton.c,v 1.1.1.1 2003/11/19 01:51:30 = kyu3 Exp > $"; > +#endif /* LIBC_SCCS and not lint */ > + > +#include > +#include > +#include > +#include > +#include > +#include > +#include > +#include > + > +/* > + * WARNING: Don't even consider trying to compile this on a system where > + * sizeof(int) < 4. sizeof(int) > 4 is fine; all the world's not a VAX. > + */ > + > +static int inet_pton4 (const char *src, u_char *dst); > +static int inet_pton6 (const char *src, u_char *dst); > + > +/* int > + * inet_pton(af, src, dst) > + * convert from presentation format (which usually means ASCII printable= ) > + * to network format (which is usually some kind of binary format). > + * return: > + * 1 if the address was valid for the specified address family > + * 0 if the address wasn't valid (`dst' is untouched in this case) > + * -1 if some other error occurred (`dst' is untouched in this case, too= ) > + * author: > + * Paul Vixie, 1996. > + */ > +int > +inet_pton( > + int af, > + const char *src, > + void *dst > + ) > +{ > + switch (af) { > + case AF_INET: > + return (inet_pton4(src, dst)); > + case AF_INET6: > + return (inet_pton6(src, dst)); > + default: > + errno =3D EAFNOSUPPORT; > + return (-1); > + } > + /* NOTREACHED */ > +} > + > +/* int > + * inet_pton4(src, dst) > + * like inet_aton() but without all the hexadecimal and shorthand. > + * return: > + * 1 if `src' is a valid dotted quad, else 0. > + * notice: > + * does not touch `dst' unless it's returning 1. > + * author: > + * Paul Vixie, 1996. > + */ > +static int > +inet_pton4( > + const char *src, > + u_char *dst > + ) > +{ > + static const char digits[] =3D "0123456789"; > + int saw_digit, octets, ch; > + u_char tmp[NS_INADDRSZ], *tp; > + > + saw_digit =3D 0; > + octets =3D 0; > + *(tp =3D tmp) =3D 0; > + while ((ch =3D *src++) !=3D '\0') { > + const char *pch; > + > + if ((pch =3D strchr(digits, ch)) !=3D NULL) { > + u_int new =3D *tp * 10 + (u_int)(pch - digits); > + > + if (new > 255) > + return (0); > + *tp =3D (u_char)new; > + if (! saw_digit) { > + if (++octets > 4) > + return (0); > + saw_digit =3D 1; > + } > + } else if (ch =3D=3D '.' && saw_digit) { > + if (octets =3D=3D 4) > + return (0); > + *++tp =3D 0; > + saw_digit =3D 0; > + } else > + return (0); > + } > + if (octets < 4) > + return (0); > + > + memcpy(dst, tmp, NS_INADDRSZ); > + return (1); > +} > + > +/* int > + * inet_pton6(src, dst) > + * convert presentation level address to network order binary form. > + * return: > + * 1 if `src' is a valid [RFC1884 2.2] address, else 0. > + * notice: > + * (1) does not touch `dst' unless it's returning 1. > + * (2) :: in a full address is silently ignored. > + * credit: > + * inspired by Mark Andrews. > + * author: > + * Paul Vixie, 1996. > + */ > +static int > +inet_pton6( > + const char *src, > + u_char *dst > + ) > +{ > + static const char xdigits_l[] =3D "0123456789abcdef", > + xdigits_u[] =3D "0123456789ABCDEF"; > + u_char tmp[NS_IN6ADDRSZ], *tp, *endp, *colonp; > + const char *xdigits, *curtok; > + int ch, saw_xdigit; > + u_int val; > + > + memset((tp =3D tmp), '\0', NS_IN6ADDRSZ); > + endp =3D tp + NS_IN6ADDRSZ; > + colonp =3D NULL; > + /* Leading :: requires some special handling. */ > + if (*src =3D=3D ':') > + if (*++src !=3D ':') > + return (0); > + curtok =3D src; > + saw_xdigit =3D 0; > + val =3D 0; > + while ((ch =3D *src++) !=3D '\0') { > + const char *pch; > + > + if ((pch =3D strchr((xdigits =3D xdigits_l), ch)) =3D=3D NULL) > + pch =3D strchr((xdigits =3D xdigits_u), ch); > + if (pch !=3D NULL) { > + val <<=3D 4; > + val |=3D (pch - xdigits); > + if (val > 0xffff) > + return (0); > + saw_xdigit =3D 1; > + continue; > + } > + if (ch =3D=3D ':') { > + curtok =3D src; > + if (!saw_xdigit) { > + if (colonp) > + return (0); > + colonp =3D tp; > + continue; > + } > + if (tp + NS_INT16SZ > endp) > + return (0); > + *tp++ =3D (u_char) (val >> 8) & 0xff; > + *tp++ =3D (u_char) val & 0xff; > + saw_xdigit =3D 0; > + val =3D 0; > + continue; > + } > + if (ch =3D=3D '.' && ((tp + NS_INADDRSZ) <=3D endp) && > + inet_pton4(curtok, tp) > 0) { > + tp +=3D NS_INADDRSZ; > + saw_xdigit =3D 0; > + break; /* '\0' was seen by inet_pton4(). */ > + } > + return (0); > + } > + if (saw_xdigit) { > + if (tp + NS_INT16SZ > endp) > + return (0); > + *tp++ =3D (u_char) (val >> 8) & 0xff; > + *tp++ =3D (u_char) val & 0xff; > + } > + if (colonp !=3D NULL) { > + /* > + * Since some memmove()'s erroneously fail to handle > + * overlapping regions, we'll do the shift by hand. > + */ > + const int n =3D (int)(tp - colonp); > + int i; > + > + for (i =3D 1; i <=3D n; i++) { > + endp[- i] =3D colonp[n - i]; > + colonp[n - i] =3D 0; > + } > + tp =3D endp; > + } > + if (tp !=3D endp) > + return (0); > + memcpy(dst, tmp, NS_IN6ADDRSZ); > + return (1); > +} > -- > 2.19.1.3.g30247aa5d201 >=20