From: "Saloni Kasbekar" <saloni.kasbekar@intel.com>
To: "Douglas Flick [MSFT]" <doug.edk2@gmail.com>,
"devel@edk2.groups.io" <devel@edk2.groups.io>
Cc: Doug Flick <dougflick@microsoft.com>,
"Clark-williams, Zachary" <zachary.clark-williams@intel.com>
Subject: Re: [edk2-devel] [PATCH v2 07/15] NetworkPkg: Ip6Dxe: SECURITY PATCH CVE-2023-45231 Unit Tests
Date: Thu, 1 Feb 2024 19:59:40 +0000 [thread overview]
Message-ID: <SN7PR11MB828157B0902CEAD49BB7CEAEF1432@SN7PR11MB8281.namprd11.prod.outlook.com> (raw)
In-Reply-To: <0e584109537f3cea0b6393d598a69c61dc6912a5.1706219324.git.doug.edk2@gmail.com>
Reviewed-by: Saloni Kasbekar <saloni.kasbekar@intel.com>
-----Original Message-----
From: Douglas Flick [MSFT] <doug.edk2@gmail.com>
Sent: Thursday, January 25, 2024 1:55 PM
To: devel@edk2.groups.io
Cc: Doug Flick <dougflick@microsoft.com>; Kasbekar, Saloni <saloni.kasbekar@intel.com>; Clark-williams, Zachary <zachary.clark-williams@intel.com>; Doug Flick [MSFT] <doug.edk2@gmail.com>
Subject: [PATCH v2 07/15] NetworkPkg: Ip6Dxe: SECURITY PATCH CVE-2023-45231 Unit Tests
From: Doug Flick <dougflick@microsoft.com>
REF:https://bugzilla.tianocore.org/show_bug.cgi?id=4536
Validates that the patch for...
Out-of-bounds read when handling a ND Redirect message with truncated options
.. has been fixed
Tests the following function to ensure that an out of bounds read does not occur Ip6OptionValidation
Cc: Saloni Kasbekar <saloni.kasbekar@intel.com>
Cc: Zachary Clark-williams <zachary.clark-williams@intel.com>
Signed-off-by: Doug Flick [MSFT] <doug.edk2@gmail.com>
---
NetworkPkg/Test/NetworkPkgHostTest.dsc | 1 +
.../Ip6Dxe/GoogleTest/Ip6DxeGoogleTest.inf | 42 ++++++
.../Ip6Dxe/GoogleTest/Ip6DxeGoogleTest.cpp | 20 +++
.../Ip6Dxe/GoogleTest/Ip6OptionGoogleTest.cpp | 129 ++++++++++++++++++
4 files changed, 192 insertions(+)
create mode 100644 NetworkPkg/Ip6Dxe/GoogleTest/Ip6DxeGoogleTest.inf
create mode 100644 NetworkPkg/Ip6Dxe/GoogleTest/Ip6DxeGoogleTest.cpp
create mode 100644 NetworkPkg/Ip6Dxe/GoogleTest/Ip6OptionGoogleTest.cpp
diff --git a/NetworkPkg/Test/NetworkPkgHostTest.dsc b/NetworkPkg/Test/NetworkPkgHostTest.dsc
index 24dee654df2e..7fa7b0f9d5be 100644
--- a/NetworkPkg/Test/NetworkPkgHostTest.dsc
+++ b/NetworkPkg/Test/NetworkPkgHostTest.dsc
@@ -26,6 +26,7 @@ [Components]
# Build HOST_APPLICATION that tests NetworkPkg # NetworkPkg/Dhcp6Dxe/GoogleTest/Dhcp6DxeGoogleTest.inf+ NetworkPkg/Ip6Dxe/GoogleTest/Ip6DxeGoogleTest.inf # Despite these library classes being listed in [LibraryClasses] below, they are not needed for the host-based unit tests. [LibraryClasses]diff --git a/NetworkPkg/Ip6Dxe/GoogleTest/Ip6DxeGoogleTest.inf b/NetworkPkg/Ip6Dxe/GoogleTest/Ip6DxeGoogleTest.inf
new file mode 100644
index 000000000000..6e4de0745fb5
--- /dev/null
+++ b/NetworkPkg/Ip6Dxe/GoogleTest/Ip6DxeGoogleTest.inf
@@ -0,0 +1,42 @@
+## @file+# Unit test suite for the Ip6Dxe using Google Test+#+# Copyright (c) Microsoft Corporation.<BR>+# SPDX-License-Identifier: BSD-2-Clause-Patent+##+[Defines]+ INF_VERSION = 0x00010017+ BASE_NAME = Ip6DxeUnitTest+ FILE_GUID = 4F05D17D-D3E7-4AAE-820C-576D46D2D34A+ VERSION_STRING = 1.0+ MODULE_TYPE = HOST_APPLICATION+#+# The following information is for reference only and not required by the build tools.+#+# VALID_ARCHITECTURES = IA32 X64 AARCH64+#+[Sources]+ Ip6DxeGoogleTest.cpp+ Ip6OptionGoogleTest.cpp+ ../Ip6Option.c++[Packages]+ MdePkg/MdePkg.dec+ MdeModulePkg/MdeModulePkg.dec+ UnitTestFrameworkPkg/UnitTestFrameworkPkg.dec+ NetworkPkg/NetworkPkg.dec++[LibraryClasses]+ GoogleTestLib+ DebugLib+ NetLib+ PcdLib++[Protocols]+ gEfiDhcp6ServiceBindingProtocolGuid++[Pcd]+ gEfiNetworkPkgTokenSpaceGuid.PcdDhcp6UidType++[Guids]+ gZeroGuiddiff --git a/NetworkPkg/Ip6Dxe/GoogleTest/Ip6DxeGoogleTest.cpp b/NetworkPkg/Ip6Dxe/GoogleTest/Ip6DxeGoogleTest.cpp
new file mode 100644
index 000000000000..6ebfd5fdfb70
--- /dev/null
+++ b/NetworkPkg/Ip6Dxe/GoogleTest/Ip6DxeGoogleTest.cpp
@@ -0,0 +1,20 @@
+/** @file+ Acts as the main entry point for the tests for the Ip6Dxe module.++ Copyright (c) Microsoft Corporation+ SPDX-License-Identifier: BSD-2-Clause-Patent+**/+#include <gtest/gtest.h>++////////////////////////////////////////////////////////////////////////////////+// Run the tests+////////////////////////////////////////////////////////////////////////////////+int+main (+ int argc,+ char *argv[]+ )+{+ testing::InitGoogleTest (&argc, argv);+ return RUN_ALL_TESTS ();+}diff --git a/NetworkPkg/Ip6Dxe/GoogleTest/Ip6OptionGoogleTest.cpp b/NetworkPkg/Ip6Dxe/GoogleTest/Ip6OptionGoogleTest.cpp
new file mode 100644
index 000000000000..f2cd90e1a952
--- /dev/null
+++ b/NetworkPkg/Ip6Dxe/GoogleTest/Ip6OptionGoogleTest.cpp
@@ -0,0 +1,129 @@
+/** @file+ Tests for Ip6Option.c.++ Copyright (c) Microsoft Corporation+ SPDX-License-Identifier: BSD-2-Clause-Patent+**/+#include <gtest/gtest.h>++extern "C" {+ #include <Uefi.h>+ #include <Library/BaseLib.h>+ #include <Library/DebugLib.h>+ #include "../Ip6Impl.h"+ #include "../Ip6Option.h"+}++/////////////////////////////////////////////////////////////////////////+// Defines+///////////////////////////////////////////////////////////////////////++#define IP6_PREFIX_INFO_OPTION_DATA_LEN 32+#define OPTION_HEADER_IP6_PREFIX_DATA_LEN (sizeof (IP6_OPTION_HEADER) + IP6_PREFIX_INFO_OPTION_DATA_LEN)++////////////////////////////////////////////////////////////////////////+// Symbol Definitions+// These functions are not directly under test - but required to compile+////////////////////////////////////////////////////////////////////////+UINT32 mIp6Id;++EFI_STATUS+Ip6SendIcmpError (+ IN IP6_SERVICE *IpSb,+ IN NET_BUF *Packet,+ IN EFI_IPv6_ADDRESS *SourceAddress OPTIONAL,+ IN EFI_IPv6_ADDRESS *DestinationAddress,+ IN UINT8 Type,+ IN UINT8 Code,+ IN UINT32 *Pointer OPTIONAL+ )+{+ // ..+ return EFI_SUCCESS;+}++////////////////////////////////////////////////////////////////////////+// Ip6OptionValidation Tests+////////////////////////////////////////////////////////////////////////++// Define a fixture for your tests if needed+class Ip6OptionValidationTest : public ::testing::Test {+protected:+ // Add any setup code if needed+ virtual void+ SetUp (+ )+ {+ // Initialize any resources or variables+ }++ // Add any cleanup code if needed+ virtual void+ TearDown (+ )+ {+ // Clean up any resources or variables+ }+};++// Test Description:+// Null option should return false+TEST_F (Ip6OptionValidationTest, NullOptionShouldReturnFalse) {+ UINT8 *option = nullptr;+ UINT16 optionLen = 10; // Provide a suitable length++ EXPECT_FALSE (Ip6IsNDOptionValid (option, optionLen));+}++// Test Description:+// Truncated option should return false+TEST_F (Ip6OptionValidationTest, TruncatedOptionShouldReturnFalse) {+ UINT8 option[] = { 0x01 }; // Provide a truncated option+ UINT16 optionLen = 1;++ EXPECT_FALSE (Ip6IsNDOptionValid (option, optionLen));+}++// Test Description:+// Ip6OptionPrefixInfo Option with zero length should return false+TEST_F (Ip6OptionValidationTest, OptionWithZeroLengthShouldReturnFalse) {+ IP6_OPTION_HEADER optionHeader;++ optionHeader.Type = Ip6OptionPrefixInfo;+ optionHeader.Length = 0;+ UINT8 option[sizeof (IP6_OPTION_HEADER)];++ CopyMem (option, &optionHeader, sizeof (IP6_OPTION_HEADER));+ UINT16 optionLen = sizeof (IP6_OPTION_HEADER);++ EXPECT_FALSE (Ip6IsNDOptionValid (option, optionLen));+}++// Test Description:+// Ip6OptionPrefixInfo Option with valid length should return true+TEST_F (Ip6OptionValidationTest, ValidPrefixInfoOptionShouldReturnTrue) {+ IP6_OPTION_HEADER optionHeader;++ optionHeader.Type = Ip6OptionPrefixInfo;+ optionHeader.Length = 4; // Length 4 * 8 = 32+ UINT8 option[OPTION_HEADER_IP6_PREFIX_DATA_LEN];++ CopyMem (option, &optionHeader, sizeof (IP6_OPTION_HEADER));++ EXPECT_TRUE (Ip6IsNDOptionValid (option, IP6_PREFIX_INFO_OPTION_DATA_LEN));+}++// Test Description:+// Ip6OptionPrefixInfo Option with invalid length should return false+TEST_F (Ip6OptionValidationTest, InvalidPrefixInfoOptionLengthShouldReturnFalse) {+ IP6_OPTION_HEADER optionHeader;++ optionHeader.Type = Ip6OptionPrefixInfo;+ optionHeader.Length = 3; // Length 3 * 8 = 24 (Invalid)+ UINT8 option[sizeof (IP6_OPTION_HEADER)];++ CopyMem (option, &optionHeader, sizeof (IP6_OPTION_HEADER));+ UINT16 optionLen = sizeof (IP6_OPTION_HEADER);++ EXPECT_FALSE (Ip6IsNDOptionValid (option, optionLen));+}--
2.43.0
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#114960): https://edk2.groups.io/g/devel/message/114960
Mute This Topic: https://groups.io/mt/103964982/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
next prev parent reply other threads:[~2024-02-01 19:59 UTC|newest]
Thread overview: 35+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-01-25 21:54 [edk2-devel] [PATCH v2 00/15] Security Patches for EDK II Network Stack Doug Flick via groups.io
2024-01-25 21:54 ` [edk2-devel] [PATCH v2 01/15] NetworkPkg: Dhcp6Dxe: SECURITY PATCH CVE-2023-45230 Patch Doug Flick via groups.io
2024-02-01 19:35 ` Saloni Kasbekar
2024-02-05 13:41 ` bryan-bt.tan via groups.io
2024-01-25 21:54 ` [edk2-devel] [PATCH v2 02/15] NetworkPkg: : Add Unit tests to CI and create Host Test DSC Doug Flick via groups.io
2024-02-01 19:36 ` Saloni Kasbekar
2024-01-25 21:54 ` [edk2-devel] [PATCH v2 03/15] NetworkPkg: Dhcp6Dxe: SECURITY PATCH CVE-2023-45230 Unit Tests Doug Flick via groups.io
2024-02-01 19:40 ` Saloni Kasbekar
2024-01-25 21:54 ` [edk2-devel] [PATCH v2 04/15] NetworkPkg: Dhcp6Dxe: SECURITY PATCH CVE-2023-45229 Patch Doug Flick via groups.io
2024-02-01 19:42 ` Saloni Kasbekar
2024-02-05 13:46 ` bryan-bt.tan via groups.io
2024-01-25 21:54 ` [edk2-devel] [PATCH v2 05/15] NetworkPkg: Dhcp6Dxe: SECURITY PATCH CVE-2023-45229 Unit Tests Doug Flick via groups.io
2024-02-01 19:49 ` Saloni Kasbekar
2024-01-25 21:54 ` [edk2-devel] [PATCH v2 06/15] NetworkPkg: Ip6Dxe: SECURITY PATCH CVE-2023-45231 Patch Doug Flick via groups.io
2024-02-01 19:52 ` Saloni Kasbekar
2024-01-25 21:54 ` [edk2-devel] [PATCH v2 07/15] NetworkPkg: Ip6Dxe: SECURITY PATCH CVE-2023-45231 Unit Tests Doug Flick via groups.io
2024-02-01 19:59 ` Saloni Kasbekar [this message]
2024-01-25 21:54 ` [edk2-devel] [PATCH v2 08/15] NetworkPkg: Ip6Dxe: SECURITY PATCH CVE-2023-45232 Patch Doug Flick via groups.io
2024-02-01 20:48 ` Saloni Kasbekar
2024-01-25 21:54 ` [edk2-devel] [PATCH v2 09/15] NetworkPkg: Ip6Dxe: SECURITY PATCH CVE-2023-45232 Unit Tests Doug Flick via groups.io
2024-02-01 21:16 ` Saloni Kasbekar
2024-01-25 21:54 ` [edk2-devel] [PATCH v2 10/15] NetworkPkg: UefiPxeBcDxe: SECURITY PATCH CVE-2023-45234 Patch Doug Flick via groups.io
2024-02-01 21:22 ` Saloni Kasbekar
2024-01-25 21:54 ` [edk2-devel] [PATCH v2 11/15] NetworkPkg: UefiPxeBcDxe: SECURITY PATCH CVE-2023-45234 Unit Tests Doug Flick via groups.io
2024-02-01 21:32 ` Saloni Kasbekar
2024-01-25 21:54 ` [edk2-devel] [PATCH v2 12/15] MdePkg: Test: Add gRT_GetTime Google Test Mock Doug Flick via groups.io
2024-01-26 19:52 ` Michael D Kinney
2024-01-25 21:54 ` [edk2-devel] [PATCH v2 13/15] NetworkPkg: UefiPxeBcDxe: SECURITY PATCH CVE-2023-45235 Patch Doug Flick via groups.io
2024-02-01 21:37 ` Saloni Kasbekar
2024-01-25 21:54 ` [edk2-devel] [PATCH v2 14/15] NetworkPkg: UefiPxeBcDxe: SECURITY PATCH CVE-2023-45235 Unit Tests Doug Flick via groups.io
2024-02-01 22:03 ` Saloni Kasbekar
2024-01-25 21:54 ` [edk2-devel] [PATCH v2 15/15] NetworkPkg: : Adds a SecurityFix.yaml file Doug Flick via groups.io
2024-02-01 22:18 ` Saloni Kasbekar
2024-01-31 5:22 ` [edk2-devel] 回复: [edk2-stable202402][PATCH v2 00/15] Security Patches for EDK II Network Stack gaoliming via groups.io
[not found] ` <17AF5718015C1866.16460@groups.io>
2024-02-07 14:26 ` 回复: " gaoliming via groups.io
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=SN7PR11MB828157B0902CEAD49BB7CEAEF1432@SN7PR11MB8281.namprd11.prod.outlook.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox