From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by spool.mail.gandi.net (Postfix) with ESMTPS id 6C258740034 for ; Thu, 1 Feb 2024 20:01:08 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=Igh/DImqbrkpULaLpPrGIKcRa74gx4Izvyg/SB6cpNw=; c=relaxed/simple; d=groups.io; h=ARC-Seal:ARC-Message-Signature:ARC-Authentication-Results:From:To:CC:Subject:Thread-Topic:Thread-Index:Date:Message-ID:References:In-Reply-To:Accept-Language:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Language:Content-Type:Content-Transfer-Encoding; s=20140610; t=1706817666; v=1; b=mTjBqDFLqaQTOEYKAUktDovXNHYXpqSJbTo79iYJ4Pdt7bbGbDatFqFGwhe7s0CzS7XFn/oi Hs9kaP0InfuDvu+F5a4VDKY6e5QnhCWfsLDSkWq+xbkTdwBaiYVUq5/WiFqQNYwl5M508YIm2Z4 GEM3uREHR+56N4SGxm6a0V+w= X-Received: by 127.0.0.2 with SMTP id RK9tYY7687511xWCacIrDfaO; Thu, 01 Feb 2024 12:01:06 -0800 X-Received: from mgamail.intel.com (mgamail.intel.com [192.198.163.10]) by mx.groups.io with SMTP id smtpd.web10.5593.1706817666162970371 for ; Thu, 01 Feb 2024 12:01:06 -0800 X-IronPort-AV: E=McAfee;i="6600,9927,10971"; a="11359176" X-IronPort-AV: E=Sophos;i="6.05,236,1701158400"; d="scan'208";a="11359176" X-Received: from orsmga002.jf.intel.com ([10.7.209.21]) by fmvoesa104.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 01 Feb 2024 11:52:09 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10971"; a="789033968" X-IronPort-AV: E=Sophos;i="6.05,236,1701158400"; d="scan'208";a="789033968" X-Received: from orsmsx603.amr.corp.intel.com ([10.22.229.16]) by orsmga002.jf.intel.com with ESMTP/TLS/AES256-GCM-SHA384; 01 Feb 2024 11:52:07 -0800 X-Received: from orsmsx610.amr.corp.intel.com (10.22.229.23) by ORSMSX603.amr.corp.intel.com (10.22.229.16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Thu, 1 Feb 2024 11:52:07 -0800 X-Received: from orsmsx610.amr.corp.intel.com (10.22.229.23) by ORSMSX610.amr.corp.intel.com (10.22.229.23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Thu, 1 Feb 2024 11:52:06 -0800 X-Received: from ORSEDG602.ED.cps.intel.com (10.7.248.7) by orsmsx610.amr.corp.intel.com (10.22.229.23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35 via Frontend Transport; Thu, 1 Feb 2024 11:52:06 -0800 X-Received: from NAM12-DM6-obe.outbound.protection.outlook.com (104.47.59.169) by edgegateway.intel.com (134.134.137.103) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2507.35; Thu, 1 Feb 2024 11:52:06 -0800 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=duf57mywWK97v9RtVFoAjXZPR1v8ZST2S11E0al8qNr1YEP0yVJIMSovwEyacY8DJMYigbfChdUL1Wb8slob/WssNzZGii0v1bXLLVK0hd3WAv/56wXDzQBeCGyr0kbv7p/6oMnmcxAsQDGbDxRLxbF1Dyq74jpdKlBPT0vs2k/gsT1oy+dNvuyIcknPvXp+vDku6sZTZLNiy1pRx7OAgouDN6B9Tnu09LOKV4D9mYhWaJ5FegIMRMBCEaZoUVcHmBlpTB6aMynpNfbMh7tVVajs2zBWLTev41G3xKsk6Jtpbth/SDrlAV/7oSW2O9ew2HyBVUrjFH7Hy5hutqWmQQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=iOhhZtDQSbKSOZNiyltK7TEzrkqpbY1TPvcLWbxxuE4=; b=KG8auH2q6PAQFugYgn4OK5kC9HBzPST0fHytaGBqCtVjYccutrscy1fvZNm+87AtRcKPq1Z3rwwqahS+iCEJGYSd5Da9JV6DBFXVdbjzBIdOkcaCYY41AXqHo86jJz4T9tIgwzYLQOhYN2u40lWqz80weLKVahf1hKpJYWMY7kJkC2ktVK49s0r8SJFC1L4nkUnhmFKvQoWdYE80uxJV5I+fXdJfe8aRaxg/GZXbqIDNtX1HV40FGyyO9A+8iUJEaivVjLEIErfVm/UAY9m5dDnvWvMwRtrLIk//I4fH+BlFoyP5WIou4y1QQcCgDoRrxPKjAl77SEUtyhitf+zntA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none X-Received: from SN7PR11MB8281.namprd11.prod.outlook.com (2603:10b6:806:26b::20) by DM4PR11MB5456.namprd11.prod.outlook.com (2603:10b6:5:39c::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7249.22; Thu, 1 Feb 2024 19:52:04 +0000 X-Received: from SN7PR11MB8281.namprd11.prod.outlook.com ([fe80::bf47:e473:3750:b81f]) by SN7PR11MB8281.namprd11.prod.outlook.com ([fe80::bf47:e473:3750:b81f%5]) with mapi id 15.20.7249.024; Thu, 1 Feb 2024 19:52:04 +0000 From: "Saloni Kasbekar" To: "Douglas Flick [MSFT]" , "devel@edk2.groups.io" CC: Doug Flick , "Clark-williams, Zachary" Subject: Re: [edk2-devel] [PATCH v2 06/15] NetworkPkg: Ip6Dxe: SECURITY PATCH CVE-2023-45231 Patch Thread-Topic: [PATCH v2 06/15] NetworkPkg: Ip6Dxe: SECURITY PATCH CVE-2023-45231 Patch Thread-Index: AQHaT+Mu261T53qyMUW15MmdOJJM2bD1786w Date: Thu, 1 Feb 2024 19:52:04 +0000 Message-ID: References: <03b422eb7b3f88136810da4ed290d2e2374483fe.1706219324.git.doug.edk2@gmail.com> In-Reply-To: <03b422eb7b3f88136810da4ed290d2e2374483fe.1706219324.git.doug.edk2@gmail.com> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-publictraffictype: Email x-ms-traffictypediagnostic: SN7PR11MB8281:EE_|DM4PR11MB5456:EE_ x-ms-office365-filtering-correlation-id: c36639ba-0e45-4932-0d2a-08dc235f43d5 x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam-message-info: A+AiFFhweMmWxOG551YSHlNVOfGvQR4zdlUA+FCkupj5aJAugMNReSk1mLzJrEVOa7BTWMdgVSoAzOcvmoj795NREQjECVRBeCIE5PUbXV3v2tmVZEQZebyOBg2iYgI9VFti/AjiVBcfZIFq4cme5aF33jv6HJDnjHl3rqqO2Jl/jc2UOTu0K3syhZr2bR5LkWkJB1K8sJSWbDpb3JA67H9bKC+2zVRsbJWrVNLqBpwaatzgVgI9lgjgNfAfYcbqd/QIsKQkHgxrHVXiFvYNsdMnq0YWae7imhweaj4YUTwkLeYNNt0qjteO9pjvxmkejityxq3fuuCkXY/I+pJeFR87lu+1+ma04DaKoOMJJ5ONQR8j0+XWEmqHYTLXjKiBTZLytS0UvOIiNk26eifNSAyW2me5MM6CgFwQUqLgJ/70sK3L+FT/gei6DAf0zlSC66oOV5idpAstJvqmijQDWQz5amibZv4l9Ql5EWC0Tym8dalJ1wpiREKx+AxBeweU2RZjDhBxJhuyjQJ8r84DXvVFQRNfWtT5stxYZXw0deRib46xTcQ+4kHFGn7pyZoN/cap0tbZGaKvw+LTtMSWgCp+tGp5sTVcu70Z6IrhSKvc4Bg9s7+qDDv8t3aSo8rU x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?XxuD+yCIwEgt6zUylzZiGPPkKUCGef/ozKTDOcBgTN5jwVRaUJ9k4hec9YkR?= =?us-ascii?Q?+KmNB+1qXRzr+x2ha00z6mTa4lPL9WhE0XuDJJPeAu4Th1BYh1waVJ4BcyQx?= =?us-ascii?Q?t5JmIhD4lKI2Ft/8FRj7t6O6yOfKjzpV3kweeTSvNQoWnzb7r3gJXBSmZuxG?= =?us-ascii?Q?7G8KZMAzdL+uvJMu47ODoJ/nKsOnsUT0AYt6roWxG2U+/3WGoYmOAM25XPx+?= =?us-ascii?Q?tOsFncx2syROvByCjy3+DGF9xKda45EX9IE10m7Jv6KuE13G5Xv5WvJrxAWq?= =?us-ascii?Q?BoC9DPpeHpFKKNw+wxNOeQaXC3tz/Ov24tBSQFJy8fUrjGquqKhEvChwD2kD?= =?us-ascii?Q?Gd6lv0yb913nAMyuhOhN0+KrLviUYlTAVEvO/xmSy6kS4Ytvg5Q7YMkd5xRU?= =?us-ascii?Q?wdM4Nwgd+HQyfTlE98MMrvSf1LVPEeK2gLJHlksaYiQP3GI8Low3zUftzW2A?= =?us-ascii?Q?rcGc8ybLvo0tmzgrm+tdS93w0Xq4EMNUlWCWhGwil9mjIq2HnbOAOOQJbtuA?= =?us-ascii?Q?W+a6eNByRMly6yR8RZCyFWROWx9zoyUFzUE5c9xjtvi4YVjfroGi8IuhbYvQ?= =?us-ascii?Q?A3gew34EjISSn+80fx+prQ56sjNLpyq6mPYB1q1zVF2Q7q8W15g9a9+xUThf?= =?us-ascii?Q?tk0IsbYKxvBPS90XyHjqvJ8/MhuWjtVLNbF/8y3kFTXfs4UlBT5yJ3M47mDW?= =?us-ascii?Q?SFNAgXpkx00g6/1YnsYZ34/2ymNHPJS+tybJJ9kgytDqgJxL1zrMXdVyroVz?= =?us-ascii?Q?oGRVpw/88q3TnTVh9RdejApNyYRNTVsn6wGFrWT9DKe6ky9J4pNdwx1wk5Or?= =?us-ascii?Q?h1gA7leJaXOyXAfxgcIm1DSyS/NOICOv0mDjqrv9Ln1nGLxi3acCol7yFCUf?= =?us-ascii?Q?y0h5X35boqcBvGWN4Nft79ZSPdoN0wdCVL2hsyggGcJzvTLoOG2Elt2bpm9u?= =?us-ascii?Q?jZofmJp3hQlxKLisMuw9Shik1yJ6lUyOPciwmriXuht3+qU6aVeb44DS0FJy?= =?us-ascii?Q?htjEmHDwjJR96hlG/PR848o47qaUnYxMV7Wbqy5aXcjZbEg2BOSF3ts0J4xX?= =?us-ascii?Q?4mpgYTSkuycL/02sfmgFMORSLKorTVhrmE/tjLMgvXRygSjpluHwGubYsP8Y?= =?us-ascii?Q?JUsUxX4/UnS5rdKCRhnTfyamyLSEatYZzvFDXyA0Qvf1E8eMMkW43V5oihqy?= =?us-ascii?Q?PpqON2EqqHfh5AO4K3l9P0KNIDCZVG/fAfPVos9UTv9FoVzXVpetcUH7F6y0?= =?us-ascii?Q?cbP4XVW7ICEaYy7MVw3/gd7V7XS2oSALSVZ9bF3lox/yw1VCCGoBVOYA+Ini?= =?us-ascii?Q?0z1mtHMVIk2Zetsl7tPSCm9Ix/B0q33Y4M8bFcBbzeUvyNL8hQCqlvACrJra?= =?us-ascii?Q?nL58dpWY5h5LrO1N28igoUeTSS6A28gWb+keku01xNAgC+AHRf9/RtpIy/Qs?= =?us-ascii?Q?idm4yAM2/iJ2lGdU7caFKISvGeX57pzNOHzn3OWoNaHNrHSfRL8HV4PhFG+9?= =?us-ascii?Q?EAZYQYfSfVi1uuUErmfD60HKonqg4YNdDr+tKBzjNR0/6kq70FPx7S485KvB?= =?us-ascii?Q?IszRCJ00mCIeiYej1OeqDpQ/lw7gk0zIDdsnhx1C?= MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: SN7PR11MB8281.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: c36639ba-0e45-4932-0d2a-08dc235f43d5 X-MS-Exchange-CrossTenant-originalarrivaltime: 01 Feb 2024 19:52:04.6342 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: 0DZknUWqHZimwAa8dBhlzigIMaZ/2DGt+S6VNMLGJJ9Da90A8eIHpDUh8XR+ZKB3t6SrtGhkDvgTxomtkZ+G3Mq24GZFrwjyEUaLdSuhUHE= X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM4PR11MB5456 X-OriginatorOrg: intel.com Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,saloni.kasbekar@intel.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: X-Gm-Message-State: VcWM6Pu1APPBRouJHuWHKJd7x7686176AA= Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20140610 header.b=mTjBqDFL; dmarc=fail reason="SPF not aligned (relaxed), DKIM not aligned (relaxed)" header.from=intel.com (policy=none); spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce@groups.io; arc=reject ("signature check failed: fail, {[1] = sig:microsoft.com:reject}") Reviewed-by: Saloni Kasbekar -----Original Message----- From: Douglas Flick [MSFT] =20 Sent: Thursday, January 25, 2024 1:55 PM To: devel@edk2.groups.io Cc: Doug Flick ; Kasbekar, Saloni ; Clark-williams, Zachary ; Do= ug Flick [MSFT] Subject: [PATCH v2 06/15] NetworkPkg: Ip6Dxe: SECURITY PATCH CVE-2023-45231= Patch From: Doug Flick REF:https://bugzilla.tianocore.org/show_bug.cgi?id=3D4536 Bug Overview: PixieFail Bug #3 CVE-2023-45231 CVSS 6.5 : CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CWE-125 Out-of-bounds Read Out-of-bounds read when handling a ND Redirect message with truncated optio= ns Change Overview: Adds a check to prevent truncated options from being parsed + // + // Cannot process truncated options. + // Cannot process options with a length of 0 as there is no Type field. + // + if (OptionLen < sizeof (IP6_OPTION_HEADER)) { + return FALSE; + } Cc: Saloni Kasbekar Cc: Zachary Clark-williams Signed-off-by: Doug Flick [MSFT] --- NetworkPkg/Ip6Dxe/Ip6Option.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/NetworkPkg/Ip6Dxe/Ip6Option.c b/NetworkPkg/Ip6Dxe/Ip6Option.c = index 199eea124dfe..8718d5d8756a 100644 --- a/NetworkPkg/Ip6Dxe/Ip6Option.c +++ b/NetworkPkg/Ip6Dxe/Ip6Option.c @@ -137,6 +137,14 @@ Ip6IsNDOptionValid ( return FALSE; } + //+ // Cannot process truncated options.+ // Ca= nnot process options with a length of 0 as there is no Type field.+ //+ i= f (OptionLen < sizeof (IP6_OPTION_HEADER)) {+ return FALSE;+ }+ Offse= t =3D 0; //--=20 2.43.0 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#114961): https://edk2.groups.io/g/devel/message/114961 Mute This Topic: https://groups.io/mt/103964981/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-