From: "Saloni Kasbekar" <saloni.kasbekar@intel.com>
To: Doug Flick <doug.edk2@gmail.com>,
"devel@edk2.groups.io" <devel@edk2.groups.io>
Cc: "Clark-williams, Zachary" <zachary.clark-williams@intel.com>
Subject: Re: [edk2-devel] [PATCH v2 13/13] NetworkPkg: Update the PxeBcDhcp6GoogleTest due to underlying changes
Date: Fri, 24 May 2024 04:24:03 +0000 [thread overview]
Message-ID: <MW4PR11MB82915A070438ED4898B037D4F1F52@MW4PR11MB8291.namprd11.prod.outlook.com> (raw)
In-Reply-To: <20240509055633.828642-14-doug.edk2@gmail.com>
Reviewed-by: Saloni Kasbekar <saloni.kasbekar@intel.com>
-----Original Message-----
From: Doug Flick <doug.edk2@gmail.com>
Sent: Wednesday, May 8, 2024 10:57 PM
To: devel@edk2.groups.io
Cc: Kasbekar, Saloni <saloni.kasbekar@intel.com>; Clark-williams, Zachary <zachary.clark-williams@intel.com>
Subject: [PATCH v2 13/13] NetworkPkg: Update the PxeBcDhcp6GoogleTest due to underlying changes
From: Doug Flick <dougflick@microsoft.com>
This patch updates the PxeBcDhcp6GoogleTest due to the changes in the underlying code. The changes are as follows:
- Random now comes from the RngLib Protocol
- The TCP ISN is now generated by the hash function
Cc: Saloni Kasbekar <saloni.kasbekar@intel.com>
Cc: Zachary Clark-williams <zachary.clark-williams@intel.com>
Signed-off-by: Doug Flick [MSFT] <doug.edk2@gmail.com>
---
NetworkPkg/Test/NetworkPkgHostTest.dsc | 1 +
NetworkPkg/UefiPxeBcDxe/GoogleTest/UefiPxeBcDxeGoogleTest.inf | 3 +-
NetworkPkg/UefiPxeBcDxe/GoogleTest/PxeBcDhcp6GoogleTest.cpp | 102 +++++++++++++++++++-
3 files changed, 100 insertions(+), 6 deletions(-)
diff --git a/NetworkPkg/Test/NetworkPkgHostTest.dsc b/NetworkPkg/Test/NetworkPkgHostTest.dsc
index fa301a7a52ab..1772afb05815 100644
--- a/NetworkPkg/Test/NetworkPkgHostTest.dsc
+++ b/NetworkPkg/Test/NetworkPkgHostTest.dsc
@@ -30,6 +30,7 @@ [Components]
NetworkPkg/UefiPxeBcDxe/GoogleTest/UefiPxeBcDxeGoogleTest.inf { <LibraryClasses> UefiRuntimeServicesTableLib|MdePkg/Test/Mock/Library/GoogleTest/MockUefiRuntimeServicesTableLib/MockUefiRuntimeServicesTableLib.inf+ UefiBootServicesTableLib|MdePkg/Test/Mock/Library/GoogleTest/MockUefiBootServicesTableLib/MockUefiBootServicesTableLib.inf } # Despite these library classes being listed in [LibraryClasses] below, they are not needed for the host-based unit tests.diff --git a/NetworkPkg/UefiPxeBcDxe/GoogleTest/UefiPxeBcDxeGoogleTest.inf b/NetworkPkg/UefiPxeBcDxe/GoogleTest/UefiPxeBcDxeGoogleTest.inf
index 301dcdf61109..8b092d9291d4 100644
--- a/NetworkPkg/UefiPxeBcDxe/GoogleTest/UefiPxeBcDxeGoogleTest.inf
+++ b/NetworkPkg/UefiPxeBcDxe/GoogleTest/UefiPxeBcDxeGoogleTest.inf
@@ -14,7 +14,7 @@ [Defines]
# # The following information is for reference only and not required by the build tools. #-# VALID_ARCHITECTURES = IA32 X64+# VALID_ARCHITECTURES = IA32 X64 AARCH64 # [Sources]@@ -23,6 +23,7 @@ [Sources]
PxeBcDhcp6GoogleTest.h ../PxeBcDhcp6.c ../PxeBcSupport.c+ ../../../MdePkg/Test/Mock/Library/GoogleTest/Protocol/MockRng.cpp [Packages] MdePkg/MdePkg.decdiff --git a/NetworkPkg/UefiPxeBcDxe/GoogleTest/PxeBcDhcp6GoogleTest.cpp b/NetworkPkg/UefiPxeBcDxe/GoogleTest/PxeBcDhcp6GoogleTest.cpp
index bd423ebadfce..61736ff79e83 100644
--- a/NetworkPkg/UefiPxeBcDxe/GoogleTest/PxeBcDhcp6GoogleTest.cpp
+++ b/NetworkPkg/UefiPxeBcDxe/GoogleTest/PxeBcDhcp6GoogleTest.cpp
@@ -7,6 +7,8 @@
#include <Library/GoogleTestLib.h> #include <GoogleTest/Library/MockUefiLib.h> #include <GoogleTest/Library/MockUefiRuntimeServicesTableLib.h>+#include <GoogleTest/Library/MockUefiBootServicesTableLib.h>+#include <GoogleTest/Protocol/MockRng.h> extern "C" { #include <Uefi.h>@@ -165,7 +167,7 @@ protected:
// Note: // Testing PxeBcHandleDhcp6Offer() is difficult because it depends on a // properly setup Private structure. Attempting to properly test this function-// without a signficant refactor is a fools errand. Instead, we will test+// without a significant refactor is a fools errand. Instead, we will test // that we can prevent an overflow in the function. TEST_F (PxeBcHandleDhcp6OfferTest, BasicUsageTest) { PXEBC_DHCP6_PACKET_CACHE *Cache6 = NULL;@@ -238,6 +240,7 @@ TEST_F (PxeBcCacheDnsServerAddressesTest, BasicUsageTest) {
FreePool (Option); } }+ // Test Description // Test that we can prevent an overflow in the function TEST_F (PxeBcCacheDnsServerAddressesTest, AttemptOverflowTest) {@@ -470,10 +473,15 @@ TEST_F (PxeBcRequestBootServiceTest, AttemptRequestOverFlowExpectFailure) {
class PxeBcDhcp6DiscoverTest : public ::testing::Test { public: PXEBC_PRIVATE_DATA Private = { 0 };+ // create a mock md5 hash+ UINT8 Md5Hash[16] = { 0 };+ EFI_UDP6_PROTOCOL Udp6Read; protected: MockUefiRuntimeServicesTableLib RtServicesMock;+ MockUefiBootServicesTableLib BsMock;+ MockRng RngMock; // Add any setup code if needed virtual void@@ -527,8 +535,21 @@ TEST_F (PxeBcDhcp6DiscoverTest, BasicOverflowTest) {
Private.Dhcp6Request->Length = (UINT16)(Cursor - (UINT8 *)Private.Dhcp6Request); - EXPECT_CALL (RtServicesMock, gRT_GetTime)- .WillOnce (::testing::Return (0));+ EXPECT_CALL (BsMock, gBS_LocateProtocol)+ .WillOnce (+ ::testing::DoAll (+ ::testing::SetArgPointee<2> (::testing::ByRef (gRngProtocol)),+ ::testing::Return (EFI_SUCCESS)+ )+ );++ EXPECT_CALL (RngMock, GetRng)+ .WillOnce (+ ::testing::DoAll (+ ::testing::SetArgPointee<3> (::testing::ByRef (Md5Hash[0])),+ ::testing::Return (EFI_SUCCESS)+ )+ ); ASSERT_EQ ( PxeBcDhcp6Discover (@@ -558,8 +579,21 @@ TEST_F (PxeBcDhcp6DiscoverTest, BasicUsageTest) {
Private.Dhcp6Request->Length = (UINT16)(Cursor - (UINT8 *)Private.Dhcp6Request); - EXPECT_CALL (RtServicesMock, gRT_GetTime)- .WillOnce (::testing::Return (0));+ EXPECT_CALL (BsMock, gBS_LocateProtocol)+ .WillOnce (+ ::testing::DoAll (+ ::testing::SetArgPointee<2> (::testing::ByRef (gRngProtocol)),+ ::testing::Return (EFI_SUCCESS)+ )+ );++ EXPECT_CALL (RngMock, GetRng)+ .WillOnce (+ ::testing::DoAll (+ ::testing::SetArgPointee<3> (::testing::ByRef (Md5Hash[0])),+ ::testing::Return (EFI_SUCCESS)+ )+ ); ASSERT_EQ ( PxeBcDhcp6Discover (@@ -572,3 +606,61 @@ TEST_F (PxeBcDhcp6DiscoverTest, BasicUsageTest) {
EFI_SUCCESS ); }++TEST_F (PxeBcDhcp6DiscoverTest, MultipleRequestsAttemptOverflow) {+ EFI_IPv6_ADDRESS DestIp = { 0 };+ EFI_DHCP6_PACKET_OPTION RequestOpt = { 0 }; // the data section doesn't really matter++ RequestOpt.OpCode = HTONS (0x1337);+ RequestOpt.OpLen = HTONS (REQUEST_OPTION_LENGTH); // this length would overflow without a check+ UINT8 RequestOptBuffer[REQUEST_OPTION_LENGTH] = { 0 };++ // make sure we have enough space for 10 of these options+ ASSERT_TRUE (REQUEST_OPTION_LENGTH * 10 <= PACKET_SIZE);++ UINT8 Index = 0;+ EFI_DHCP6_PACKET *Packet = (EFI_DHCP6_PACKET *)&Private.Dhcp6Request[Index];+ UINT8 *Cursor = (UINT8 *)(Packet->Dhcp6.Option);++ // let's add 10 of these options - this should overflow+ for (UINT8 i = 0; i < 10; i++) {+ CopyMem (Cursor, &RequestOpt, sizeof (RequestOpt));+ Cursor += sizeof (RequestOpt) - 1;+ CopyMem (Cursor, RequestOptBuffer, REQUEST_OPTION_LENGTH);+ Cursor += REQUEST_OPTION_LENGTH;+ }++ // Update the packet length+ Packet->Length = (UINT16)(Cursor - (UINT8 *)Packet);+ Packet->Size = PACKET_SIZE;++ // Make sure we're larger than the buffer we're trying to write into+ ASSERT_TRUE (Packet->Length > sizeof (EFI_PXE_BASE_CODE_DHCPV6_PACKET));++ EXPECT_CALL (BsMock, gBS_LocateProtocol)+ .WillOnce (+ ::testing::DoAll (+ ::testing::SetArgPointee<2> (::testing::ByRef (gRngProtocol)),+ ::testing::Return (EFI_SUCCESS)+ )+ );++ EXPECT_CALL (RngMock, GetRng)+ .WillOnce (+ ::testing::DoAll (+ ::testing::SetArgPointee<3> (::testing::ByRef (Md5Hash[0])),+ ::testing::Return (EFI_SUCCESS)+ )+ );++ ASSERT_EQ (+ PxeBcDhcp6Discover (+ &(PxeBcDhcp6DiscoverTest::Private),+ 0,+ NULL,+ FALSE,+ (EFI_IP_ADDRESS *)&DestIp+ ),+ EFI_OUT_OF_RESOURCES+ );+}--
2.34.1
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#119200): https://edk2.groups.io/g/devel/message/119200
Mute This Topic: https://groups.io/mt/105996592/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
next prev parent reply other threads:[~2024-05-24 4:24 UTC|newest]
Thread overview: 43+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-05-09 5:56 [edk2-devel] [PATCH v2 00/13] NetworkPkg: CVE-2023-45236 and CVE-2023-45237 Doug Flick via groups.io
2024-05-09 5:56 ` [edk2-devel] [PATCH v2 01/13] EmulatorPkg: : Add RngDxe to EmulatorPkg Doug Flick via groups.io
2024-05-10 3:10 ` Ni, Ray
2024-05-09 5:56 ` [edk2-devel] [PATCH v2 02/13] EmulatorPkg: : Add Hash2DxeCrypto " Doug Flick via groups.io
2024-05-09 5:56 ` [edk2-devel] [PATCH v2 03/13] OvmfPkg:PlatformCI: Support virtio-rng-pci Doug Flick via groups.io
2024-05-09 8:45 ` Ard Biesheuvel
2024-05-09 8:45 ` Ard Biesheuvel
2024-05-09 18:21 ` Doug Flick via groups.io
2024-05-10 0:54 ` 回复: " gaoliming via groups.io
2024-05-10 17:13 ` [edk2-devel] " Doug Flick via groups.io
2024-05-11 8:40 ` Ard Biesheuvel
2024-05-13 9:22 ` Gerd Hoffmann
2024-05-13 17:24 ` Ard Biesheuvel
2024-05-17 3:27 ` Doug Flick via groups.io
2024-05-17 7:27 ` Ard Biesheuvel
2024-05-17 9:48 ` Gerd Hoffmann
2024-05-24 3:02 ` 回复: " gaoliming via groups.io
2024-05-14 19:55 ` Pedro Falcato
2024-05-09 5:56 ` [edk2-devel] [PATCH v2 04/13] OvmfPkg: : Add Hash2DxeCrypto to OvmfPkg Doug Flick via groups.io
2024-05-09 5:56 ` [edk2-devel] [PATCH v2 05/13] ArmVirtPkg:PlatformCI: Support virtio-rng-pci Doug Flick via groups.io
2024-05-09 5:56 ` [edk2-devel] [PATCH v2 06/13] ArmVirtPkg: : Add Hash2DxeCrypto to ArmVirtPkg Doug Flick via groups.io
2024-05-09 5:56 ` [edk2-devel] [PATCH v2 07/13] SecurityPkg: RngDxe: Remove incorrect limitation on GetRng Doug Flick via groups.io
2024-05-10 10:23 ` Yao, Jiewen
2024-05-10 21:12 ` Doug Flick via groups.io
2024-05-11 0:24 ` Yao, Jiewen
2024-05-13 15:53 ` PierreGondois
2024-05-11 8:26 ` Ard Biesheuvel
2024-05-09 5:56 ` [edk2-devel] [PATCH v2 08/13] NetworkPkg:: SECURITY PATCH CVE-2023-45237 Doug Flick via groups.io
2024-05-13 14:30 ` Ard Biesheuvel
2024-05-15 19:14 ` Saloni Kasbekar
2024-05-09 5:56 ` [edk2-devel] [PATCH v2 09/13] NetworkPkg: TcpDxe: SECURITY PATCH CVE-2023-45236 Doug Flick via groups.io
2024-05-15 21:38 ` Saloni Kasbekar
2024-05-21 19:28 ` Doug Flick via groups.io
2024-05-24 1:24 ` 回复: " gaoliming via groups.io
2024-05-24 4:23 ` Saloni Kasbekar
2024-05-09 5:56 ` [edk2-devel] [PATCH v2 10/13] MdePkg: : Add MockUefiBootServicesTableLib Doug Flick via groups.io
2024-05-09 5:56 ` [edk2-devel] [PATCH v2 11/13] MdePkg: : Adds Protocol for MockRng Doug Flick via groups.io
2024-05-09 5:56 ` [edk2-devel] [PATCH v2 12/13] MdePkg: Add MockHash2 Protocol for testing Doug Flick via groups.io
2024-05-09 5:56 ` [edk2-devel] [PATCH v2 13/13] NetworkPkg: Update the PxeBcDhcp6GoogleTest due to underlying changes Doug Flick via groups.io
2024-05-24 4:24 ` Saloni Kasbekar [this message]
2024-05-09 9:40 ` 回复: [edk2-devel][edk2-stable202405] [PATCH v2 00/13] NetworkPkg: CVE-2023-45236 and CVE-2023-45237 gaoliming via groups.io
2024-05-09 18:26 ` [edk2-devel] " Doug Flick via groups.io
2024-05-15 0:41 ` 回复: " gaoliming via groups.io
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=MW4PR11MB82915A070438ED4898B037D4F1F52@MW4PR11MB8291.namprd11.prod.outlook.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox