From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by spool.mail.gandi.net (Postfix) with ESMTPS id B1174740034 for ; Thu, 1 Feb 2024 21:16:54 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=LcjhneSLUvkdxC/wSpYUR5PLS8Uo4t55uMiQBNkKFAU=; c=relaxed/simple; d=groups.io; h=ARC-Seal:ARC-Message-Signature:ARC-Authentication-Results:From:To:CC:Subject:Thread-Topic:Thread-Index:Date:Message-ID:References:In-Reply-To:Accept-Language:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Language:Content-Type:Content-Transfer-Encoding; s=20140610; t=1706822213; v=1; b=fEgLGNYVLkJjJwUtKlD04k6IRv7iGbZVeNpnwYbotNZcZxV2rMpOCCdsFx3I7BEX8fIYo1PS jtvGhldnIxSVxJtPfnBGxJxjyvMVLiWZT1VfWzl7QIDHgevj/EHiJniqgCYAxbXDe+jeywkl0oR BMX6GAMd0eyikghLXvIJv+4s= X-Received: by 127.0.0.2 with SMTP id WZd1YY7687511xxqrhK4Ln3K; Thu, 01 Feb 2024 13:16:53 -0800 X-Received: from mgamail.intel.com (mgamail.intel.com [192.198.163.7]) by mx.groups.io with SMTP id smtpd.web10.7525.1706822212576043519 for ; Thu, 01 Feb 2024 13:16:52 -0800 X-IronPort-AV: E=McAfee;i="6600,9927,10971"; a="25467497" X-IronPort-AV: E=Sophos;i="6.05,236,1701158400"; d="scan'208";a="25467497" X-Received: from orsmga004.jf.intel.com ([10.7.209.38]) by fmvoesa101.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 01 Feb 2024 13:16:52 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10971"; a="912249011" X-IronPort-AV: E=Sophos;i="6.05,236,1701158400"; d="scan'208";a="912249011" X-Received: from orsmsx603.amr.corp.intel.com ([10.22.229.16]) by orsmga004.jf.intel.com with ESMTP/TLS/AES256-GCM-SHA384; 01 Feb 2024 13:16:51 -0800 X-Received: from orsmsx601.amr.corp.intel.com (10.22.229.14) by ORSMSX603.amr.corp.intel.com (10.22.229.16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Thu, 1 Feb 2024 13:16:51 -0800 X-Received: from ORSEDG601.ED.cps.intel.com (10.7.248.6) by orsmsx601.amr.corp.intel.com (10.22.229.14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35 via Frontend Transport; Thu, 1 Feb 2024 13:16:51 -0800 X-Received: from NAM11-CO1-obe.outbound.protection.outlook.com (104.47.56.169) by edgegateway.intel.com (134.134.137.102) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2507.35; Thu, 1 Feb 2024 13:16:50 -0800 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=NKjR7jjDk7dPGvORQHbGAZPURLpOzx01nGnji0gzAFJvHC5wD3SqruSlQtWSrm0bpRkyZQ+gNjVIbR4LJcIA9QQD/Xr3QTVCRWitjGFadsufSM8Z4kruAAqbHddpTEKvi/WiaMWH2oFF2vprxol+o0tTu/zW+lgZ8kaPiR50dwEfsO8/I8wwTXaKuJUc/vXHN8KdGzPfhAnDmSXkY/VtQmUVfgKf0Y26aC5X/vtR6jQiTW2IfLDRM8uq/NXvWangjWRvc8xRFDMw8sl7rvrc1VccXTGuQwe3WR4ri7abF38CuCXngQM6otdrHoutUpt0mvhNp58XFDPOVXIV47oDjQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=VQ3rQ7nhvAVRD8OiAZ2hnfImPsWyERl+/SxRLooWqh4=; b=ORPX2TOrYVwhPg4rmWXReEbIRyhmhrmkOutova0fg4ZF9sVkkkS0aol4XeEo5XxzxY8SZZWRsFs/PA2yi5fbAAmpHt6FenRH1q5wWLAzqcorZ/tOtprgPoB2UEPC4+WrpcARWrMIn3Zw2J69WUy6uvX4fwL5HlUQRZeM8VvpktG/JzSJ081gr1h/YKdc7LAtJ799qDTrwhsQ9/p50m0EwcoGfemkxdkaBI1CrVRgUSl2ES8IKqsfNA+BUMEwklcz9a0CANqzhUzBvu1qRfek7djH0AdymOFaN4BLAcNqXpFrBQCN+nxGNuD5NfiAMiCHf9CTO9++WhBRZDEDzbYxDw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none X-Received: from SN7PR11MB8281.namprd11.prod.outlook.com (2603:10b6:806:26b::20) by SA1PR11MB8593.namprd11.prod.outlook.com (2603:10b6:806:3ab::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7249.24; Thu, 1 Feb 2024 21:16:48 +0000 X-Received: from SN7PR11MB8281.namprd11.prod.outlook.com ([fe80::bf47:e473:3750:b81f]) by SN7PR11MB8281.namprd11.prod.outlook.com ([fe80::bf47:e473:3750:b81f%5]) with mapi id 15.20.7249.024; Thu, 1 Feb 2024 21:16:48 +0000 From: "Saloni Kasbekar" To: "Douglas Flick [MSFT]" , "devel@edk2.groups.io" CC: Doug Flick , "Clark-williams, Zachary" Subject: Re: [edk2-devel] [PATCH v2 09/15] NetworkPkg: Ip6Dxe: SECURITY PATCH CVE-2023-45232 Unit Tests Thread-Topic: [PATCH v2 09/15] NetworkPkg: Ip6Dxe: SECURITY PATCH CVE-2023-45232 Unit Tests Thread-Index: AQHaT+Mz3EUa8iQ090KCcYXkp82wSLD2AF6Q Date: Thu, 1 Feb 2024 21:16:48 +0000 Message-ID: References: <79694c13f6babf55e33e298eee6e60de44691c0f.1706219324.git.doug.edk2@gmail.com> In-Reply-To: <79694c13f6babf55e33e298eee6e60de44691c0f.1706219324.git.doug.edk2@gmail.com> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-publictraffictype: Email x-ms-traffictypediagnostic: SN7PR11MB8281:EE_|SA1PR11MB8593:EE_ x-ms-office365-filtering-correlation-id: 95f1ce56-0ef1-4613-e476-08dc236b1a37 x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam-message-info: xwZp/bmdIecOEAdLg4Mspt3uFJHssfOTCfdVQIx4UCnvjGbwJNq/3rXT0w3dFVnNsfFtx8T5LbB2wg1VnhP3wIFjIgUCdo5PRgOTGwcro+Zx1heFOl3/K/ZWan9wMAf7gOGEwxKSNMXbR5OgxMcxaDzF+CIqRCS1dqokkpXNMNv9+di5ftjbXHbLFy2FMBsMKYW9z9xZ6QHvYBJEYQ7haBqVzwSDCUxFe+pUvSSpW3pYMKMI4Q/enXSFFqwxJpuOdiC7DFIyH1riGlq6kMpjtdNQ+5LT6SYi4OLjptKHylaTiUf9n7PkQplL7qVEmUrecETl5oh8ZVBeSQ9C0cxQMpPcp8KNgfcp5sM18rXJgr8GNohTEu77yzNJss3LilxG1XDja7N02mBvlEJxdzyZTtrVD7vuY64zPqeGmBPJgZHCpCzVF6aGzyIdkXDEjA2lbdxnMEaFZN2h1xeD94EybrtlWLUfEdmgNAafU/61MKcvjstwgIpyT3FaMlBqoW6rPK5A+l/0a5CYvA/v1n5/EM7+pXD9CZPt2q8cHuGx4XujpfhqocWiYX/WZ1PnVJQYtFVn8bSV/7ZHZ37PSvcFi7NGYP51OVgwI44MDz8rqxvy/hDnd4CLvkAP96mdDg48KiOEVp+Ci4jLgP+RcmW/Oua3FAWAtWNOQ6yeaYeIBEU= x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?DnH0vJi4Hx9eFj2PvXIbr39RBQG0JXDLDCurWNirzywxyBjm5/QubldYAojc?= =?us-ascii?Q?3IasL2fIjXflE1OUhLIavCtyVV+05Z6iWcLwrlWGyfFv7tHtLrSQwIOp5+Y4?= =?us-ascii?Q?97tS5xMLc+954ho7HVcd8bwLGm0WKbd+cchZbfp4YAlsYj9Yy33OcvxrsywX?= =?us-ascii?Q?R6agXf++hJ58KmF3SscuMuGLnxufcfgtnB7o0nf9Qn64NbCgrRu8pIaRtNqS?= =?us-ascii?Q?izPRbUNuneCvfhSEQdMiOBKA/pkQgfH2ryeNiTdRDvGGzcmzRl5hnrtd+OYn?= =?us-ascii?Q?S0iplMFacXh/JWAV69JTNYK2iuEq+yp530Y21nfEH71hkn7sPI32IT4LJGhB?= =?us-ascii?Q?AyfsrY7ATob3Bx8hBZKmOuOTq6B3sWKyPwhdNdYYuGthhcy2te+9GELGIYDr?= =?us-ascii?Q?MRGhAIWohkKUh+vwk8SmT3DHZkU1C6W769EMp7HW7n3HQ2rM553oe+BzOxIU?= =?us-ascii?Q?7YsF5pCMzroKOsbTM5q9IX5ABSm3RnXIeQNHGcVyjdaSAkb8zClXEgYLkoT8?= =?us-ascii?Q?lKtFBmAieGsj/m4DC4DcosoeOpkddyNoXiU9s3C0vu8QPOeljgiBFbUj0lc3?= =?us-ascii?Q?PeenlwM4CFlzCSi66nzQveqiHVx9GdT1R8BHSiGmI4BfE7GtaAAiLTar2wag?= =?us-ascii?Q?FYhlMr7DrTcDUZEuAUDx8y2xhBE8xNUn3gGf18eYOgPewOgKss61il+XeH8Z?= =?us-ascii?Q?ZihCTomQ5gD1JblgYJ0Q90JLQVBK/OcmKO64J3ClyeYT1t2xrQjSGfTdbij9?= =?us-ascii?Q?Fymw8dCdPuV92Ds9hBNwQjiENyww5UhHX5r/oIUHIMc0roejp+eVS5EgGYYl?= =?us-ascii?Q?tNRIab9dPGV+vedDQrWOw5l/1Kmu1Qp50SJQTxAdmC7vI1XvAezeSXRGMzRo?= =?us-ascii?Q?kdKHE6lIQUXZs3HGOzNk0TU2Rz1diVs/jTGHB6mpNo7TKjMwuRdIhP4oDlGb?= =?us-ascii?Q?n1Z4zLMn0Hf2fSYZvenfskd7xY7LeMx3toms6VK9597eXdSw1b8ORyEVgoQ4?= =?us-ascii?Q?pciFnIuOtIXGvwP/KeyNpDqPA0+z0B3c2XMfwMWszBIvQ8l13OeCo/QF1UxF?= =?us-ascii?Q?HMK0rNdILNC8UYWlx0icsb4juli/ZFuApHKIM61Q2bLQxVfSFBS3xwlvHUJD?= =?us-ascii?Q?piBJotXpWb0r69gIQkVxWCj1ALjHe8yaSTmRHsFzts0gwBz9Sum8jBI+YEWn?= =?us-ascii?Q?6Jq12mn1j1wnWG3huKBuCQsjySYu5xllgJoaWz51mmwNOYVqov4lbpofAINn?= =?us-ascii?Q?ShEQqdQIHup9b1nMkKteozuXx/H3oNS/27ZWg01IU9HFECAQJ8MOY7W3nGZ7?= =?us-ascii?Q?PLmUBdemm7qTRL+kBgFf/TpeLvPvWCBs5ZpL0F/yQkQAZF7tvcF+buJOCJbx?= =?us-ascii?Q?Djbs9FjtaY62WmTfxLovKGABPZCDKKLNilI/8QZo1e68R4Q5sJoCMFdt3Nzj?= =?us-ascii?Q?GvAJYSM2lo85BNMJH3+HYSo2eZHwv3Y3Gnh9boKU4EkX32f3uxLoHl4+UQ1L?= =?us-ascii?Q?2DkyNHiIyWkyC+/UyBh3VnrxC0yTNhT1yFQ29eWce1Mx1MkbB4c5oeFaDsZ/?= =?us-ascii?Q?oHehfrEprfhTbaaGhrbAefjveMQLbgvCm8V4iJEi?= MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: SN7PR11MB8281.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 95f1ce56-0ef1-4613-e476-08dc236b1a37 X-MS-Exchange-CrossTenant-originalarrivaltime: 01 Feb 2024 21:16:48.7753 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: PH8bZ/KsCxRCx4RvdXsuSe1I1q/zFqR4QfniWX8t7dCAKjpLF3fsaiJ06ZgY0TxDPOYRnUjUIsP/0KH+MpRdFleDYXpiHb90Ee9vIlYui1k= X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA1PR11MB8593 X-OriginatorOrg: intel.com Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,saloni.kasbekar@intel.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: X-Gm-Message-State: DQGD1OHXPO4XDqJiN6CV8pQmx7686176AA= Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20140610 header.b=fEgLGNYV; dmarc=fail reason="SPF not aligned (relaxed), DKIM not aligned (relaxed)" header.from=intel.com (policy=none); spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce@groups.io; arc=reject ("signature check failed: fail, {[1] = sig:microsoft.com:reject}") Reviewed-by: Saloni Kasbekar -----Original Message----- From: Douglas Flick [MSFT] =20 Sent: Thursday, January 25, 2024 1:55 PM To: devel@edk2.groups.io Cc: Doug Flick ; Kasbekar, Saloni ; Clark-williams, Zachary ; Do= ug Flick [MSFT] Subject: [PATCH v2 09/15] NetworkPkg: Ip6Dxe: SECURITY PATCH CVE-2023-45232= Unit Tests From: Doug Flick REF:https://bugzilla.tianocore.org/show_bug.cgi?id=3D4537 REF:https://bugzilla.tianocore.org/show_bug.cgi?id=3D4538 Unit tests to confirm that.. Infinite loop when parsing unknown options in the Destination Options heade= r and Infinite loop when parsing a PadN option in the Destination Options header ... have been patched This patch tests the following functions: Ip6IsOptionValid Cc: Saloni Kasbekar Cc: Zachary Clark-williams Signed-off-by: Doug Flick [MSFT] --- .../Ip6Dxe/GoogleTest/Ip6DxeGoogleTest.inf | 10 +- .../Ip6Dxe/GoogleTest/Ip6OptionGoogleTest.h | 40 +++ .../Ip6Dxe/GoogleTest/Ip6OptionGoogleTest.cpp | 278 ++++++++++++++++++ 3 files changed, 324 insertions(+), 4 deletions(-) create mode 100644 Net= workPkg/Ip6Dxe/GoogleTest/Ip6OptionGoogleTest.h diff --git a/NetworkPkg/Ip6Dxe/GoogleTest/Ip6DxeGoogleTest.inf b/NetworkPkg= /Ip6Dxe/GoogleTest/Ip6DxeGoogleTest.inf index 6e4de0745fb5..ba29dbabadb9 100644 --- a/NetworkPkg/Ip6Dxe/GoogleTest/Ip6DxeGoogleTest.inf +++ b/NetworkPkg/Ip6Dxe/GoogleTest/Ip6DxeGoogleTest.inf @@ -1,13 +1,13 @@ ## @file-# Unit test suite for the Ip6Dxe using Google Test+# Unit test su= ite for the Ip6DxeGoogleTest using Google Test # # Copyright (c) Microsoft = Corporation.
# SPDX-License-Identifier: BSD-2-Clause-Patent ## [Defines= ] INF_VERSION =3D 0x00010017- BASE_NAME =3D Ip6DxeUnit= Test- FILE_GUID =3D 4F05D17D-D3E7-4AAE-820C-576D46D2D34A+ BASE_= NAME =3D Ip6DxeGoogleTest+ FILE_GUID =3D AE39981C-B7FE= -41A8-A9C2-F41910477CA3 VERSION_STRING =3D 1.0 MODULE_TYPE = =3D HOST_APPLICATION #@@ -16,9 +16,11 @@ [Defines] # VALID_ARCHITECTURES =3D IA32 X64 AARCH64 # [Sources]+ ../Ip6= Option.c+ Ip6OptionGoogleTest.h Ip6DxeGoogleTest.cpp Ip6OptionGoogleTe= st.cpp- ../Ip6Option.c+ Ip6OptionGoogleTest.h [Packages] MdePkg/MdePkg= .decdiff --git a/NetworkPkg/Ip6Dxe/GoogleTest/Ip6OptionGoogleTest.h b/Netwo= rkPkg/Ip6Dxe/GoogleTest/Ip6OptionGoogleTest.h new file mode 100644 index 000000000000..0509b6ae30d2 --- /dev/null +++ b/NetworkPkg/Ip6Dxe/GoogleTest/Ip6OptionGoogleTest.h @@ -0,0 +1,40 @@ +/** @file+ Exposes the functions needed to test the Ip6Option module.++ = Copyright (c) Microsoft Corporation+ SPDX-License-Identifier: BSD-2-Clause= -Patent+**/++#ifndef IP6_OPTION_HEADER_GOOGLE_TEST_H_+#define IP6_OPTION_HE= ADER_GOOGLE_TEST_H_++#include +#include "../Ip6Impl.h"++/**+ Valid= ate the IP6 option format for both the packets we received+ and that we wi= ll transmit. It will compute the ICMPv6 error message fields+ if the optio= n is malformatted.++ @param[in] IpSb The IP6 service data.+ = @param[in] Packet The to be validated packet.+ @param[in] Op= tion The first byte of the option.+ @param[in] OptionLen = The length of the whole option.+ @param[in] Pointer Identifi= es the octet offset within+ the invoking pac= ket where the error was detected.+++ @retval TRUE The option is proper= ly formatted.+ @retval FALSE The option is malformatted.++**/+BOOLEAN+I= p6IsOptionValid (+ IN IP6_SERVICE *IpSb,+ IN NET_BUF *Packet,+ IN = UINT8 *Option,+ IN UINT16 OptionLen,+ IN UINT32 Pointe= r+ );++#endif // __IP6_OPTION_HEADER_GOOGLE_TEST_H__diff --git a/NetworkPk= g/Ip6Dxe/GoogleTest/Ip6OptionGoogleTest.cpp b/NetworkPkg/Ip6Dxe/GoogleTest/= Ip6OptionGoogleTest.cpp index f2cd90e1a952..29f8a4a96e4c 100644 --- a/NetworkPkg/Ip6Dxe/GoogleTest/Ip6OptionGoogleTest.cpp +++ b/NetworkPkg/Ip6Dxe/GoogleTest/Ip6OptionGoogleTest.cpp @@ -12,6 +12,7 @@ extern "C" { #include #include "../Ip6Impl.h" #include "../I= p6Option.h"+ #include "Ip6OptionGoogleTest.h" } /////////////////////////= ////////////////////////////////////////////////@@ -127,3 +128,280 @@ TEST_= F (Ip6OptionValidationTest, InvalidPrefixInfoOptionLengthShouldReturnFalse) EXPECT_FALSE (Ip6IsNDOptionValid (option, optionLen)); }++/////////////= ///////////////////////////////////////////////////////////+// Ip6IsOptionV= alid Tests+////////////////////////////////////////////////////////////////= ////////++// Define a fixture for your tests if needed+class Ip6IsOptionVal= idTest : public ::testing::Test {+protected:+ // Add any setup code if nee= ded+ virtual void+ SetUp (+ )+ {+ // Initialize any resources or v= ariables+ }++ // Add any cleanup code if needed+ virtual void+ TearDown= (+ )+ {+ // Clean up any resources or variables+ }+};++// Test Des= cription+// Verify that a NULL option is Invalid+TEST_F (Ip6IsOptionValidTe= st, NullOptionShouldReturnTrue) {+ NET_BUF Packet =3D { 0 };+ // we need= to define enough of the packet to make the function work+ // The function= being tested will pass IpSb to Ip6SendIcmpError which is defined above+ I= P6_SERVICE *IpSb =3D NULL;++ EFI_IPv6_ADDRESS SourceAddress =3D { 0= x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0x00, 0x00= , 0x42, 0x83, 0x29 };+ EFI_IPv6_ADDRESS DestinationAddress =3D { 0x20, 0x= 01, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0x00, 0x00, 0x42,= 0x83, 0x29 };+ EFI_IP6_HEADER Ip6Header =3D { 0 };++ Ip6Head= er.SourceAddress =3D SourceAddress;+ Ip6Header.DestinationAddress =3D= DestinationAddress;+ Packet.Ip.Ip6 =3D &Ip6Header;++ EXPE= CT_FALSE (Ip6IsOptionValid (IpSb, &Packet, NULL, 0, 0));+}++// Test Descrip= tion+// Verify that an unknown option with a length of 0 and type of does not cause an infinite loop+TEST_F (Ip6IsOptionValidTest, VerifyNoI= nfiniteLoopOnUnknownOptionLength0) {+ NET_BUF Packet =3D { 0 };+ // we n= eed to define enough of the packet to make the function work+ // The funct= ion being tested will pass IpSb to Ip6SendIcmpError which is defined above+= UINT32 DeadCode =3D 0xDeadC0de;+ // Don't actually use this pointer, ju= st pass it to the function, nothing will be done with it+ IP6_SERVICE *Ip= Sb =3D (IP6_SERVICE *)&DeadCode;++ EFI_IPv6_ADDRESS SourceAddress = =3D { 0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0x0= 0, 0x00, 0x42, 0x83, 0x29 };+ EFI_IPv6_ADDRESS DestinationAddress =3D { 0= x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0x00, 0x00= , 0x42, 0x83, 0x29 };+ EFI_IP6_HEADER Ip6Header =3D { 0 };++ = Ip6Header.SourceAddress =3D SourceAddress;+ Ip6Header.DestinationAddr= ess =3D DestinationAddress;+ Packet.Ip.Ip6 =3D &Ip6Header;+= + IP6_OPTION_HEADER optionHeader;++ optionHeader.Type =3D 23; // Unk= nown Option+ optionHeader.Length =3D 0; // This will cause an infinite = loop if the function is not working correctly++ // This should be a valid = option even though the length is 0+ EXPECT_TRUE (Ip6IsOptionValid (IpSb, &= Packet, (UINT8 *)&optionHeader, sizeof (optionHeader), 0));+}++// Test Desc= ription+// Verify that an unknown option with a length of 1 and type of does not cause an infinite loop+TEST_F (Ip6IsOptionValidTest, Verify= NoInfiniteLoopOnUnknownOptionLength1) {+ NET_BUF Packet =3D { 0 };+ // w= e need to define enough of the packet to make the function work+ // The fu= nction being tested will pass IpSb to Ip6SendIcmpError which is defined abo= ve+ UINT32 DeadCode =3D 0xDeadC0de;+ // Don't actually use this pointer,= just pass it to the function, nothing will be done with it+ IP6_SERVICE = *IpSb =3D (IP6_SERVICE *)&DeadCode;++ EFI_IPv6_ADDRESS SourceAddress = =3D { 0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0x= 00, 0x00, 0x42, 0x83, 0x29 };+ EFI_IPv6_ADDRESS DestinationAddress =3D { = 0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0x00, 0x0= 0, 0x42, 0x83, 0x29 };+ EFI_IP6_HEADER Ip6Header =3D { 0 };++ = Ip6Header.SourceAddress =3D SourceAddress;+ Ip6Header.DestinationAdd= ress =3D DestinationAddress;+ Packet.Ip.Ip6 =3D &Ip6Header;= ++ IP6_OPTION_HEADER optionHeader;++ optionHeader.Type =3D 23; // Un= known Option+ optionHeader.Length =3D 1; // This will cause an infinite= loop if the function is not working correctly++ EXPECT_TRUE (Ip6IsOptionV= alid (IpSb, &Packet, (UINT8 *)&optionHeader, sizeof (optionHeader), 0));+}+= +// Test Description+// Verify that an unknown option with a length of 2 an= d type of does not cause an infinite loop+TEST_F (Ip6IsOptionVali= dTest, VerifyIpSkipUnknownOption) {+ NET_BUF Packet =3D { 0 };+ // we ne= ed to define enough of the packet to make the function work+ // The functi= on being tested will pass IpSb to Ip6SendIcmpError which is defined above+ = UINT32 DeadCode =3D 0xDeadC0de;+ // Don't actually use this pointer, jus= t pass it to the function, nothing will be done with it+ IP6_SERVICE *IpS= b =3D (IP6_SERVICE *)&DeadCode;++ EFI_IPv6_ADDRESS SourceAddress =3D= { 0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0x00, = 0x00, 0x42, 0x83, 0x29 };+ EFI_IPv6_ADDRESS DestinationAddress =3D { 0x20= , 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0x00, 0x00, 0= x42, 0x83, 0x29 };+ EFI_IP6_HEADER Ip6Header =3D { 0 };++ Ip6= Header.SourceAddress =3D SourceAddress;+ Ip6Header.DestinationAddress= =3D DestinationAddress;+ Packet.Ip.Ip6 =3D &Ip6Header;++ = IP6_OPTION_HEADER optionHeader;++ optionHeader.Type =3D 23; // Unknow= n Option+ optionHeader.Length =3D 2; // Valid length for an unknown opt= ion++ EXPECT_TRUE (Ip6IsOptionValid (IpSb, &Packet, (UINT8 *)&optionHeader= , sizeof (optionHeader), 0));+}++// Test Description+// Verify that Ip6Opti= onPad1 is valid with a length of 0+TEST_F (Ip6IsOptionValidTest, VerifyIp6O= ptionPad1) {+ NET_BUF Packet =3D { 0 };+ // we need to define enough of = the packet to make the function work+ // The function being tested will pa= ss IpSb to Ip6SendIcmpError which is defined above+ UINT32 DeadCode =3D 0= xDeadC0de;+ // Don't actually use this pointer, just pass it to the functi= on, nothing will be done with it+ IP6_SERVICE *IpSb =3D (IP6_SERVICE *)&D= eadCode;++ EFI_IPv6_ADDRESS SourceAddress =3D { 0x20, 0x01, 0x0d, 0x= b8, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0x00, 0x00, 0x42, 0x83, 0x29 = };+ EFI_IPv6_ADDRESS DestinationAddress =3D { 0x20, 0x01, 0x0d, 0xb8, 0x0= 0, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0x00, 0x00, 0x42, 0x83, 0x29 };+ EF= I_IP6_HEADER Ip6Header =3D { 0 };++ Ip6Header.SourceAddress = =3D SourceAddress;+ Ip6Header.DestinationAddress =3D DestinationAddress= ;+ Packet.Ip.Ip6 =3D &Ip6Header;++ IP6_OPTION_HEADER opti= onHeader;++ optionHeader.Type =3D Ip6OptionPad1;+ optionHeader.Length = =3D 0;++ EXPECT_TRUE (Ip6IsOptionValid (IpSb, &Packet, (UINT8 *)&optionHea= der, sizeof (optionHeader), 0));+}++// Test Description+// Verify that Ip6O= ptionPadN doesn't overflow with various lengths+TEST_F (Ip6IsOptionValidTes= t, VerifyIp6OptionPadN) {+ NET_BUF Packet =3D { 0 };+ // we need to defi= ne enough of the packet to make the function work+ // The function being t= ested will pass IpSb to Ip6SendIcmpError which is defined above+ UINT32 D= eadCode =3D 0xDeadC0de;+ // Don't actually use this pointer, just pass it = to the function, nothing will be done with it+ IP6_SERVICE *IpSb =3D (IP6= _SERVICE *)&DeadCode;++ EFI_IPv6_ADDRESS SourceAddress =3D { 0x20, 0= x01, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0x00, 0x00, 0x42= , 0x83, 0x29 };+ EFI_IPv6_ADDRESS DestinationAddress =3D { 0x20, 0x01, 0x= 0d, 0xb8, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0x00, 0x00, 0x42, 0x83,= 0x29 };+ EFI_IP6_HEADER Ip6Header =3D { 0 };++ Ip6Header.Sou= rceAddress =3D SourceAddress;+ Ip6Header.DestinationAddress =3D Desti= nationAddress;+ Packet.Ip.Ip6 =3D &Ip6Header;++ IP6_OPTION= _HEADER optionHeader;++ optionHeader.Type =3D Ip6OptionPadN;+ optionHe= ader.Length =3D 0xFF;+ EXPECT_TRUE (Ip6IsOptionValid (IpSb, &Packet, (UINT= 8 *)&optionHeader, sizeof (optionHeader), 0));++ optionHeader.Length =3D 0= xFE;+ EXPECT_TRUE (Ip6IsOptionValid (IpSb, &Packet, (UINT8 *)&optionHeader= , sizeof (optionHeader), 0));++ optionHeader.Length =3D 0xFD;+ EXPECT_TRU= E (Ip6IsOptionValid (IpSb, &Packet, (UINT8 *)&optionHeader, sizeof (optionH= eader), 0));++ optionHeader.Length =3D 0xFC;+ EXPECT_TRUE (Ip6IsOptionVal= id (IpSb, &Packet, (UINT8 *)&optionHeader, sizeof (optionHeader), 0));+}++/= / Test Description+// Verify an unknown option doesn't cause an infinite lo= op with various lengths+TEST_F (Ip6IsOptionValidTest, VerifyNoInfiniteLoopO= nUnknownOptionLengthAttemptOverflow) {+ NET_BUF Packet =3D { 0 };+ // we= need to define enough of the packet to make the function work+ // The fun= ction being tested will pass IpSb to Ip6SendIcmpError which is defined abov= e+ UINT32 DeadCode =3D 0xDeadC0de;+ // Don't actually use this pointer, = just pass it to the function, nothing will be done with it+ IP6_SERVICE *= IpSb =3D (IP6_SERVICE *)&DeadCode;++ EFI_IPv6_ADDRESS SourceAddress = =3D { 0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0x0= 0, 0x00, 0x42, 0x83, 0x29 };+ EFI_IPv6_ADDRESS DestinationAddress =3D { 0= x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0x00, 0x00= , 0x42, 0x83, 0x29 };+ EFI_IP6_HEADER Ip6Header =3D { 0 };++ = Ip6Header.SourceAddress =3D SourceAddress;+ Ip6Header.DestinationAddr= ess =3D DestinationAddress;+ Packet.Ip.Ip6 =3D &Ip6Header;+= + IP6_OPTION_HEADER optionHeader;++ optionHeader.Type =3D 23; // Unk= nown Option+ optionHeader.Length =3D 0xFF;+ EXPECT_TRUE (Ip6IsOptionValid= (IpSb, &Packet, (UINT8 *)&optionHeader, sizeof (optionHeader), 0));++ opt= ionHeader.Length =3D 0xFE;+ EXPECT_TRUE (Ip6IsOptionValid (IpSb, &Packet, = (UINT8 *)&optionHeader, sizeof (optionHeader), 0));++ optionHeader.Length = =3D 0xFD;+ EXPECT_TRUE (Ip6IsOptionValid (IpSb, &Packet, (UINT8 *)&optionH= eader, sizeof (optionHeader), 0));++ optionHeader.Length =3D 0xFC;+ EXPEC= T_TRUE (Ip6IsOptionValid (IpSb, &Packet, (UINT8 *)&optionHeader, sizeof (op= tionHeader), 0));+}++// Test Description+// Verify that the function suppor= ts multiple options+TEST_F (Ip6IsOptionValidTest, MultiOptionSupport) {+ U= INT16 HdrLen;+ NET_BUF Packet =3D { 0 };+ // we need to define enough = of the packet to make the function work+ // The function being tested will= pass IpSb to Ip6SendIcmpError which is defined above+ UINT32 DeadCode = =3D 0xDeadC0de;+ // Don't actually use this pointer, just pass it to the f= unction, nothing will be done with it+ IP6_SERVICE *IpSb =3D (IP6_SERVICE= *)&DeadCode;++ EFI_IPv6_ADDRESS SourceAddress =3D { 0x20, 0x01, 0x0= d, 0xb8, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0x00, 0x00, 0x42, 0x83, = 0x29 };+ EFI_IPv6_ADDRESS DestinationAddress =3D { 0x20, 0x01, 0x0d, 0xb8= , 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0x00, 0x00, 0x42, 0x83, 0x29 };= + EFI_IP6_HEADER Ip6Header =3D { 0 };++ Ip6Header.SourceAddre= ss =3D SourceAddress;+ Ip6Header.DestinationAddress =3D DestinationAd= dress;+ Packet.Ip.Ip6 =3D &Ip6Header;++ UINT8 = ExtHdr[1024] =3D { 0 };+ UINT8 *Cursor =3D ExtHdr;+ IP= 6_OPTION_HEADER *Option =3D (IP6_OPTION_HEADER *)ExtHdr;++ // Let's = start chaining options++ Option->Type =3D 23; // Unknown Option+ Opti= on->Length =3D 0xFC;++ Cursor +=3D sizeof (IP6_OPTION_HEADER) + 0xFC;++ O= ption =3D (IP6_OPTION_HEADER *)Cursor;+ Option->Type =3D Ip6OptionPa= d1;++ Cursor +=3D sizeof (1);++ // Type and length aren't processed, inst= ead it just moves the pointer forward by 4 bytes+ Option =3D (IP6_= OPTION_HEADER *)Cursor;+ Option->Type =3D Ip6OptionRouterAlert;+ Option= ->Length =3D 4;++ Cursor +=3D sizeof (IP6_OPTION_HEADER) + 4;++ Option = =3D (IP6_OPTION_HEADER *)Cursor;+ Option->Type =3D Ip6OptionPadN;+= Option->Length =3D 0xFC;++ Cursor +=3D sizeof (IP6_OPTION_HEADER) + 0xFC= ;++ Option =3D (IP6_OPTION_HEADER *)Cursor;+ Option->Type =3D I= p6OptionRouterAlert;+ Option->Length =3D 4;++ Cursor +=3D sizeof (IP6_OPT= ION_HEADER) + 4;++ // Total 524++ HdrLen =3D (UINT16)(Cursor - ExtHdr);++= EXPECT_TRUE (Ip6IsOptionValid (IpSb, &Packet, ExtHdr, HdrLen, 0));+}--=20 2.43.0 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#114964): https://edk2.groups.io/g/devel/message/114964 Mute This Topic: https://groups.io/mt/103964985/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-