From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by spool.mail.gandi.net (Postfix) with ESMTPS id 0C6A37803CC for ; Thu, 1 Feb 2024 22:03:44 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=Q72yCRJxVEsikueqq8kjxM0U1jXMpZ+2YQ5o1yAfcGE=; c=relaxed/simple; d=groups.io; h=ARC-Seal:ARC-Message-Signature:ARC-Authentication-Results:From:To:CC:Subject:Thread-Topic:Thread-Index:Date:Message-ID:References:In-Reply-To:Accept-Language:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Language:Content-Type:Content-Transfer-Encoding; s=20140610; t=1706825023; v=1; b=bhLkc03S54CweBR3B0vDmCwjCZySfqAwYfEPeDQVCQzdjndbWRRsehKherQl8WLfbArmNKcQ 8O/GPvxEy+M634QqftpeXfaEAs8yTGwAemPuRWxkHKJftfhljQWT6Pe+AKJ4yh3MrLNFHQNKjJ0 0Z9cR1N/Uly/6U3vaRW7xESA= X-Received: by 127.0.0.2 with SMTP id djajYY7687511xZiMC5tPKC7; Thu, 01 Feb 2024 14:03:43 -0800 X-Received: from mgamail.intel.com (mgamail.intel.com [192.198.163.9]) by mx.groups.io with SMTP id smtpd.web10.8739.1706825022289351387 for ; Thu, 01 Feb 2024 14:03:42 -0800 X-IronPort-AV: E=McAfee;i="6600,9927,10971"; a="10766389" X-IronPort-AV: E=Sophos;i="6.05,236,1701158400"; d="scan'208";a="10766389" X-Received: from orsmga004.jf.intel.com ([10.7.209.38]) by fmvoesa103.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 01 Feb 2024 14:03:42 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10971"; a="912262184" X-IronPort-AV: E=Sophos;i="6.05,236,1701158400"; d="scan'208";a="912262184" X-Received: from fmsmsx603.amr.corp.intel.com ([10.18.126.83]) by orsmga004.jf.intel.com with ESMTP/TLS/AES256-GCM-SHA384; 01 Feb 2024 14:03:41 -0800 X-Received: from fmsmsx612.amr.corp.intel.com (10.18.126.92) by fmsmsx603.amr.corp.intel.com (10.18.126.83) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Thu, 1 Feb 2024 14:03:40 -0800 X-Received: from fmsmsx610.amr.corp.intel.com (10.18.126.90) by fmsmsx612.amr.corp.intel.com (10.18.126.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Thu, 1 Feb 2024 14:03:39 -0800 X-Received: from FMSEDG603.ED.cps.intel.com (10.1.192.133) by fmsmsx610.amr.corp.intel.com (10.18.126.90) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35 via Frontend Transport; Thu, 1 Feb 2024 14:03:39 -0800 X-Received: from NAM10-MW2-obe.outbound.protection.outlook.com (104.47.55.101) by edgegateway.intel.com (192.55.55.68) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2507.35; Thu, 1 Feb 2024 14:03:39 -0800 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=gHkyPkFi07op6/rVlK1/oMYZSxUSo8KwG/IPouWy3WP6jDLVcc7blFXN3Ug/6T0wPxPKWrTjvY00VLREAKk+jxkwiiZ5u2YdcSqdzjAWQ+WaIMS/c+oTfuCBZU7olHU+p2XEOELQwJ+rhhtfmz6kdZr1Hlh49IZTs/18bFU4w57FPknaRR75wx2IM/yG4LUsXwK/KxHugtwQlF1k9ic0DlYlslNd0LaXJsodCRZe+JN0vvmAxF9lAvxHHZi4uZoyTsa0/k+atyVqQJlIKSBKlkWFK+cnBmt7IN9+sjPh575lGb7MzfGxLZ02IHnhVkzKBSlOxrlMUqlQxoH1YlRJAQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=AHLnyhZxk1rz9SQs1xFbQRwOJgMXQV3Sj4NH2SVyTeM=; b=hUEjk1JxyQvWxywftOga9ORfeGXhaTD+yOoOB7wyZZADLHNZDeakBhtwMfq85NKHqzt2uXA3B22qQj0vS9LHjyANPfw3zo54pIPTyJn0Q4D/v1AKWRKcqNBl9wSbVNyH6F1Hi8kLOMcE9J/e59CGxL3FGKWsvxXHG6SZ4gamQV8hVckWNSs7v1I/ik+m0khkozSWXR3fbkhJ35cpLSjDUGzmOwjRefSatGFDrjF4/YxTbK3UIbmyJV2ZraTOAw0J8yP/Di+qbKRzooR50df3kIPKuPm+uVeCDeHTv7c/O0m3W3SdD3Wgd+3OwAMUpiF/EBiJRl5Z4ENwUanmPuwn4g== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none X-Received: from SN7PR11MB8281.namprd11.prod.outlook.com (2603:10b6:806:26b::20) by LV3PR11MB8603.namprd11.prod.outlook.com (2603:10b6:408:1b6::9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7249.26; Thu, 1 Feb 2024 22:03:35 +0000 X-Received: from SN7PR11MB8281.namprd11.prod.outlook.com ([fe80::bf47:e473:3750:b81f]) by SN7PR11MB8281.namprd11.prod.outlook.com ([fe80::bf47:e473:3750:b81f%5]) with mapi id 15.20.7249.024; Thu, 1 Feb 2024 22:03:35 +0000 From: "Saloni Kasbekar" To: "Douglas Flick [MSFT]" , "devel@edk2.groups.io" CC: Doug Flick , "Clark-williams, Zachary" Subject: Re: [edk2-devel] [PATCH v2 14/15] NetworkPkg: UefiPxeBcDxe: SECURITY PATCH CVE-2023-45235 Unit Tests Thread-Topic: [PATCH v2 14/15] NetworkPkg: UefiPxeBcDxe: SECURITY PATCH CVE-2023-45235 Unit Tests Thread-Index: AQHaT+Mw/hhz0HLsuUSpPepojOdvbLD2AUgA Date: Thu, 1 Feb 2024 22:03:35 +0000 Message-ID: References: In-Reply-To: Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-publictraffictype: Email x-ms-traffictypediagnostic: SN7PR11MB8281:EE_|LV3PR11MB8603:EE_ x-ms-office365-filtering-correlation-id: 06bfaaf6-95b0-4452-3178-08dc2371a35d x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam-message-info: 3E0GUfDeGreroB3CXgTliUrmN3A6b9/gFaTX35Bi2Z/XiLhbJaFbSNU22WsY38SiQ4zwdw1y7eoB7XOgkMeJm6WQWW9XWvVY+N/LeP45pk+GESYTeTUg15ss6LbP5trtc9tni9nhyK5sxnBI2Y1n5+zDUyQ6mj5GwByjVIsM4nqwOpVT9P7NsvRM+f+imzgnKNHIzWUO+4/NcVzdFE2+ph2hbuhjjwqmAtyrTisONzC+/pq1HXnDroD3Vlqz8G/7ZxxpZlqvkKN4DjgywLO39FDVLMnYme1uoTWdB/gRuDoHYNJmuKsyxQaS1YKcsinNBzmpYgXfQXv9hV1L2otO2QrShjbSurj8wgCHb57BNLrBVDs3b2jFHUVSaYYa8GTVYF9ukfU1uMQSxzrZb0X2gujPOaFboiewAkLyAOlpRWP2j2bU2Syz+AT+rXgnctZEuS7mMl56vIeaBEJv6RlUhq+aEJArSSZd7upitiSpkOeq/ery5eS6m1f0nPVgptmWTUJZBiacbfvuNfyUGxht4HvtsuWGfTlHUaH3p0+uWvWp+Y6TgevWEl6prh0YeHMxTCvJEWNOYXjfCs2ZA1+WzFubPqR/hggrrga/pGm+1Nk= x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?w3NRfxme7IwXdAHVqhChwWBjZt0gq/HEGFyRMVoLYiohWwoGZ/fx12kOoAJy?= =?us-ascii?Q?DmaCa5t7wNqNgt7CltQgEkWJIFR3Rpa+cRUshPNTi+BeBUqrkY4zTsQYeIHJ?= =?us-ascii?Q?bonaPHXsO31NVUViQxrUrglVk3TPbkuwPa1iBdQkvqYXDb7OeGmshSDhdEaN?= =?us-ascii?Q?qiH4P4Q/9G18E9hSF/P8aBwbWriWCB4PL9I+BW9NGLHProp4GEOawN9queLt?= =?us-ascii?Q?0MOBMn98LYeEvMIBDxbAJTN+7cW5gyRFc4HOuwCcoVNlCZc1jOFS7YOShmAZ?= =?us-ascii?Q?rnL6qnY/Kpi79NUijScJGMj3LMx+Uj5QuiseNIoyXEzstTIoAHLRUmgzrtVq?= =?us-ascii?Q?g7Ps81nQnEj8eMShn16azsNxGwUI8SNkV9MDV8nFP6UrjIyy/xg+EH65Skb3?= =?us-ascii?Q?ELmMQndQuRdOiAYcv3luJd6D2kux2qflMKB3SE1KUKRsQAqQ5xPFxhR4tumv?= =?us-ascii?Q?mZHQFlhMgTVLmXjwu2mSuOaJWi0nzhOQtwcRYiTKX39IsP7dBHg4Si6j7/aM?= =?us-ascii?Q?3BGOFjpk2LdXqh/PpeeNLHpJkHQv0sj0mmr13GEVHcrUxqfIPQGBsnByzeFX?= =?us-ascii?Q?Nl54tAhGTXpLY0xsQMbJvA8dsLXyF5c6M3t3BDVIGMQjESFZmXlsoKfMLQHC?= =?us-ascii?Q?ePbquyKE7SlWQrTTrJyE7AM7kSYhIvbMsuMg7O22c3h3kjMt9vpq0Hs5vCvP?= =?us-ascii?Q?m8x15laXQw8KAD6Mn9kfGsWjXtu9T6+eVMmSToC2+vda3AlXBLS37QcvMLsT?= =?us-ascii?Q?5zP4Qs+Q4tfy7uo08/nHadBoCf5J/7ihhH5CvcwG5aTqLSjeLUrUfvnJC8s4?= =?us-ascii?Q?bRGtzWTx3CpUaBDfbUJv7ZeNt3KyAWu8OhXdCSDQpO4NQ0cwpACgsiIuJb8Q?= =?us-ascii?Q?iBIyvg+kls8hdToXpLoYRnWJ+9KRzJKH8gZ9GScNc+OtVt9k/IJS2Z8CqLAu?= =?us-ascii?Q?72EywmgOWVBBKtHU6X8cgTjpxaQoNqApyiiY43GrTHytBlMmmzhijOW1OzyR?= =?us-ascii?Q?b7sX4JbBQsPVub5Nrk+U2aLWQytXdw4lbKWFjKBSRGGnLRFHWIxg4LOpbeMb?= =?us-ascii?Q?6fh2fVVIEJgWDSWLC2/gfFUrybtPtS4hewa0wkKN21FiBoAac5x0diHS121d?= =?us-ascii?Q?Prf7Tc5j5r/nuo3RVgS41jN57+3fYcz00yu1jDK6L1nbbgTgjcCEYGg9aopy?= =?us-ascii?Q?UvpmiXzc4hJiRLdY1FjVQE4YbpnAryOtpzXBmb2s3OJ8Pc4LZfUKoZadFAp5?= =?us-ascii?Q?kLIfnA4OLBkwmGrNtbMEIW7NZuKAJvHstW9XyiEQ7tfWrD5FIxO+ycjNNKPJ?= =?us-ascii?Q?Qykymd8l0r/o6etHxa7XQR7g6CRuxVUCfEDefRcaZBJO8NvULzpnTVf+b1oy?= =?us-ascii?Q?zrpMRfUEfEfb44CvBegNjf6sNd9lAWXf1U/dmB5b4BIduYEmOB5BMJkRfGUb?= =?us-ascii?Q?qyI4fRz9xeRaAnOaHqby9QfUwkBkKbNIZeH+vNmjgb+alivgpMIQZk734j+4?= =?us-ascii?Q?yLf8VROVcjSrSMCvkh9dQ+wDtv+I7sqt91SKtWeZtNQaBZD9wHhgWkmgutmS?= =?us-ascii?Q?TJe/Xml0fuhhcUiiI7GjxuZX2LyCLwMRE3Pr6pG2?= MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: SN7PR11MB8281.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 06bfaaf6-95b0-4452-3178-08dc2371a35d X-MS-Exchange-CrossTenant-originalarrivaltime: 01 Feb 2024 22:03:35.8283 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: 7nj+F57lY5JTyQv/2+JohmjPODRsecsgJo8Ibyq5/kyUGJ1aKDzCrzB0cr7qEuf/m6IW9Rtymrbwwg6LNdpRGStKlsnolwBuZEZZPUUYuRw= X-MS-Exchange-Transport-CrossTenantHeadersStamped: LV3PR11MB8603 X-OriginatorOrg: intel.com Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,saloni.kasbekar@intel.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: X-Gm-Message-State: dXoYEDeFKCsvDhxjizgbBDKOx7686176AA= Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20140610 header.b=bhLkc03S; arc=reject ("signature check failed: fail, {[1] = sig:microsoft.com:reject}"); dmarc=fail reason="SPF not aligned (relaxed), DKIM not aligned (relaxed)" header.from=intel.com (policy=none); spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce@groups.io Reviewed-by: Saloni Kasbekar -----Original Message----- From: Douglas Flick [MSFT] =20 Sent: Thursday, January 25, 2024 1:55 PM To: devel@edk2.groups.io Cc: Doug Flick ; Kasbekar, Saloni ; Clark-williams, Zachary ; Do= ug Flick [MSFT] Subject: [PATCH v2 14/15] NetworkPkg: UefiPxeBcDxe: SECURITY PATCH CVE-2023= -45235 Unit Tests From: Doug Flick REF:https://bugzilla.tianocore.org/show_bug.cgi?id=3D4540 Unit tests to confirm that the bug.. Buffer overflow when handling Server ID option from a DHCPv6 proxy Advertis= e message ..has been patched. This patch contains unit tests for the following functions: PxeBcRequestBootService PxeBcDhcp6Discover Cc: Saloni Kasbekar Cc: Zachary Clark-williams Signed-off-by: Doug Flick [MSFT] --- NetworkPkg/Test/NetworkPkgHostTest.dsc | 5 +- .../GoogleTest/PxeBcDhcp6GoogleTest.h | 18 ++ .../GoogleTest/PxeBcDhcp6GoogleTest.cpp | 278 +++++++++++++++++- 3 files changed, 298 insertions(+), 3 deletions(-) diff --git a/NetworkPkg/Test/NetworkPkgHostTest.dsc b/NetworkPkg/Test/Netwo= rkPkgHostTest.dsc index a0273c431025..fa301a7a52ab 100644 --- a/NetworkPkg/Test/NetworkPkgHostTest.dsc +++ b/NetworkPkg/Test/NetworkPkgHostTest.dsc @@ -27,7 +27,10 @@ [Components] # NetworkPkg/Dhcp6Dxe/GoogleTest/Dhcp6DxeGoogleTest.inf NetworkPkg/I= p6Dxe/GoogleTest/Ip6DxeGoogleTest.inf- NetworkPkg/UefiPxeBcDxe/GoogleTest/= UefiPxeBcDxeGoogleTest.inf+ NetworkPkg/UefiPxeBcDxe/GoogleTest/UefiPxeBcDx= eGoogleTest.inf {+ + UefiRuntimeServicesTableLib|Md= ePkg/Test/Mock/Library/GoogleTest/MockUefiRuntimeServicesTableLib/MockUefiR= untimeServicesTableLib.inf+ } # Despite these library classes being liste= d in [LibraryClasses] below, they are not needed for the host-based unit te= sts. [LibraryClasses]diff --git a/NetworkPkg/UefiPxeBcDxe/GoogleTest/PxeBcD= hcp6GoogleTest.h b/NetworkPkg/UefiPxeBcDxe/GoogleTest/PxeBcDhcp6GoogleTest.= h index b17c314791c8..0d825e44250a 100644 --- a/NetworkPkg/UefiPxeBcDxe/GoogleTest/PxeBcDhcp6GoogleTest.h +++ b/NetworkPkg/UefiPxeBcDxe/GoogleTest/PxeBcDhcp6GoogleTest.h @@ -47,4 +47,22 @@ PxeBcCacheDnsServerAddresses ( IN PXEBC_DHCP6_PACKET_CACHE *Cache6 ); +/**+ Build and send out the = request packet for the bootfile, and parse the reply.++ @param[in] Privat= e The pointer to PxeBc private data.+ @param[in] Index = PxeBc option boot item type.++ @retval EFI_SUCCESS = Successfully discovered the boot file.+ @retval EFI_OUT_OF_RESOURCE= S Failed to allocate resources.+ @retval EFI_NOT_FOUND Can't = get the PXE reply packet.+ @retval Others Failed to dis= cover the boot file.++**/+EFI_STATUS+PxeBcRequestBootService (+ IN PXEBC_= PRIVATE_DATA *Private,+ IN UINT32 Index+ );+ #endif // PXE= _BC_DHCP6_GOOGLE_TEST_H_diff --git a/NetworkPkg/UefiPxeBcDxe/GoogleTest/Pxe= BcDhcp6GoogleTest.cpp b/NetworkPkg/UefiPxeBcDxe/GoogleTest/PxeBcDhcp6Google= Test.cpp index 8260eeee50dc..bd423ebadfce 100644 --- a/NetworkPkg/UefiPxeBcDxe/GoogleTest/PxeBcDhcp6GoogleTest.cpp +++ b/NetworkPkg/UefiPxeBcDxe/GoogleTest/PxeBcDhcp6GoogleTest.cpp @@ -4,7 +4,9 @@ Copyright (c) Microsoft Corporation SPDX-License-Identifier: BSD-2-Cla= use-Patent **/-#include +#include += #include +#include extern "C" { #include @@ -19,7 = +21,8 @@ extern "C" { // Definitions ///////////////////////////////////////////////////////////= //////////////////// -#define PACKET_SIZE (1500)+#define PACKET_SIZE = (1500)+#define REQUEST_OPTION_LENGTH (120) typedef struct { UINT1= 6 OptionCode; // The option code for DHCP6_OPT_SERVER_ID (e.g., 0x03)@= @ -76,6 +79,26 @@ MockConfigure ( } // Needed by PxeBcSupport+EFI_STATUS+PxeBcDns6 (+ IN PXEBC_PRIVATE_DAT= A *Private,+ IN CHAR16 *HostName,+ OUT EFI_IPv6_ADDRESS *= IpAddress+ )+{+ return EFI_SUCCESS;+}++UINT32+PxeBcBuildDhcp6Options (+ = IN PXEBC_PRIVATE_DATA *Private,+ OUT EFI_DHCP6_PACKET_OPTION **Opt= List,+ IN UINT8 *Buffer+ )+{+ return EFI_SUCCESS;+}+= EFI_STATUS EFIAPI QueueDpc (@@ -159,6 +182,10 @@ TEST_F (PxeBcHandleDhcp6O= fferTest, BasicUsageTest) { ASSERT_EQ (PxeBcHandleDhcp6Offer (&(PxeBcHandleDhcp6OfferTest::Private))= , EFI_DEVICE_ERROR); } +///////////////////////////////////////////////////= ////////////////////////////+// PxeBcCacheDnsServerAddresses Tests+////////= ///////////////////////////////////////////////////////////////////////+ cl= ass PxeBcCacheDnsServerAddressesTest : public ::testing::Test { public: P= XEBC_PRIVATE_DATA Private =3D { 0 };@@ -298,3 +325,250 @@ TEST_F (PxeBcCach= eDnsServerAddressesTest, MultipleDnsEntries) { FreePool (Private.DnsServer); } }++/////////////////////////////////= //////////////////////////////////////////////+// PxeBcRequestBootServiceTe= st Test Cases+/////////////////////////////////////////////////////////////= //////////////////++class PxeBcRequestBootServiceTest : public ::testing::T= est {+public:+ PXEBC_PRIVATE_DATA Private =3D { 0 };+ EFI_UDP6_PROTOCOL U= dp6Read;++protected:+ // Add any setup code if needed+ virtual void+ Set= Up (+ )+ {+ Private.Dhcp6Request =3D (EFI_DHCP6_PACKET *)AllocateZer= oPool (PACKET_SIZE);++ // Need to setup the EFI_PXE_BASE_CODE_PROTOCOL+ = // The function under test really only needs the following:+ // UdpW= rite+ // UdpRead++ Private.PxeBc.UdpWrite =3D (EFI_PXE_BASE_CODE_UDP= _WRITE)MockUdpWrite;+ Private.PxeBc.UdpRead =3D (EFI_PXE_BASE_CODE_UDP_= READ)MockUdpRead;++ // Need to setup EFI_UDP6_PROTOCOL+ // The functi= on under test really only needs the following:+ // Configure++ Udp6R= ead.Configure =3D (EFI_UDP6_CONFIGURE)MockConfigure;+ Private.Udp6Read = =3D &Udp6Read;+ }++ // Add any cleanup code if needed+ virtual void+ T= earDown (+ )+ {+ if (Private.Dhcp6Request !=3D NULL) {+ FreePoo= l (Private.Dhcp6Request);+ }++ // Clean up any resources or variables= + }+};++TEST_F (PxeBcRequestBootServiceTest, ServerDiscoverBasicUsageTest)= {+ PxeBcRequestBootServiceTest::Private.OfferBuffer[0].Dhcp6.OfferType = =3D PxeOfferTypeProxyBinl;++ DHCP6_OPTION_SERVER_ID Server =3D { 0 };++ = Server.OptionCode =3D HTONS (DHCP6_OPT_SERVER_ID);+ Server.OptionLen =3D= HTONS (16); // valid length+ UINT8 Index =3D 0;++ EFI_DHCP6_PACKET *Pa= cket =3D (EFI_DHCP6_PACKET *)&Private.OfferBuffer[Index].Dhcp6.Packet.Offer= ;++ UINT8 *Cursor =3D (UINT8 *)(Packet->Dhcp6.Option);++ CopyMem (Cursor= , &Server, sizeof (Server));+ Cursor +=3D sizeof (Server);++ // Update th= e packet length+ Packet->Length =3D (UINT16)(Cursor - (UINT8 *)Packet);+ = Packet->Size =3D PACKET_SIZE;++ ASSERT_EQ (PxeBcRequestBootService (&(Px= eBcRequestBootServiceTest::Private), Index), EFI_SUCCESS);+}++TEST_F (PxeBc= RequestBootServiceTest, AttemptDiscoverOverFlowExpectFailure) {+ PxeBcRequ= estBootServiceTest::Private.OfferBuffer[0].Dhcp6.OfferType =3D PxeOfferType= ProxyBinl;++ DHCP6_OPTION_SERVER_ID Server =3D { 0 };++ Server.OptionCod= e =3D HTONS (DHCP6_OPT_SERVER_ID);+ Server.OptionLen =3D HTONS (1500); /= / This length would overflow without a check+ UINT8 Index =3D 0;++ EFI_D= HCP6_PACKET *Packet =3D (EFI_DHCP6_PACKET *)&Private.OfferBuffer[Index].Dh= cp6.Packet.Offer;++ UINT8 *Cursor =3D (UINT8 *)(Packet->Dhcp6.Option);++ = CopyMem (Cursor, &Server, sizeof (Server));+ Cursor +=3D sizeof (Server);= ++ // Update the packet length+ Packet->Length =3D (UINT16)(Cursor - (UIN= T8 *)Packet);+ Packet->Size =3D PACKET_SIZE;++ // This is going to be s= topped by the duid overflow check+ ASSERT_EQ (PxeBcRequestBootService (&(P= xeBcRequestBootServiceTest::Private), Index), EFI_INVALID_PARAMETER);+}++TE= ST_F (PxeBcRequestBootServiceTest, RequestBasicUsageTest) {+ EFI_DHCP6_PAC= KET_OPTION RequestOpt =3D { 0 }; // the data section doesn't really matter= ++ RequestOpt.OpCode =3D HTONS (0x1337);+ RequestOpt.OpLen =3D 0; // val= id length++ UINT8 Index =3D 0;++ EFI_DHCP6_PACKET *Packet =3D (EFI_DHCP= 6_PACKET *)&Private.Dhcp6Request[Index];++ UINT8 *Cursor =3D (UINT8 *)(Pa= cket->Dhcp6.Option);++ CopyMem (Cursor, &RequestOpt, sizeof (RequestOpt));= + Cursor +=3D sizeof (RequestOpt);++ // Update the packet length+ Packet= ->Length =3D (UINT16)(Cursor - (UINT8 *)Packet);+ Packet->Size =3D PACKE= T_SIZE;++ ASSERT_EQ (PxeBcRequestBootService (&(PxeBcRequestBootServiceTes= t::Private), Index), EFI_SUCCESS);+}++TEST_F (PxeBcRequestBootServiceTest, = AttemptRequestOverFlowExpectFailure) {+ EFI_DHCP6_PACKET_OPTION RequestOp= t =3D { 0 }; // the data section doesn't really matter++ RequestOpt.OpCode= =3D HTONS (0x1337);+ RequestOpt.OpLen =3D 1500; // this length would ove= rflow without a check++ UINT8 Index =3D 0;++ EFI_DHCP6_PACKET *Packet = =3D (EFI_DHCP6_PACKET *)&Private.Dhcp6Request[Index];++ UINT8 *Cursor =3D= (UINT8 *)(Packet->Dhcp6.Option);++ CopyMem (Cursor, &RequestOpt, sizeof (= RequestOpt));+ Cursor +=3D sizeof (RequestOpt);++ // Update the packet le= ngth+ Packet->Length =3D (UINT16)(Cursor - (UINT8 *)Packet);+ Packet->Siz= e =3D PACKET_SIZE;++ ASSERT_EQ (PxeBcRequestBootService (&(PxeBcRequestB= ootServiceTest::Private), Index), EFI_OUT_OF_RESOURCES);+}++///////////////= ////////////////////////////////////////////////////////////////+// PxeBcDh= cp6Discover Test+//////////////////////////////////////////////////////////= /////////////////////++class PxeBcDhcp6DiscoverTest : public ::testing::Tes= t {+public:+ PXEBC_PRIVATE_DATA Private =3D { 0 };+ EFI_UDP6_PROTOCOL Udp= 6Read;++protected:+ MockUefiRuntimeServicesTableLib RtServicesMock;++ // = Add any setup code if needed+ virtual void+ SetUp (+ )+ {+ Private= .Dhcp6Request =3D (EFI_DHCP6_PACKET *)AllocateZeroPool (PACKET_SIZE);++ = // Need to setup the EFI_PXE_BASE_CODE_PROTOCOL+ // The function under t= est really only needs the following:+ // UdpWrite+ // UdpRead++ = Private.PxeBc.UdpWrite =3D (EFI_PXE_BASE_CODE_UDP_WRITE)MockUdpWrite;+ P= rivate.PxeBc.UdpRead =3D (EFI_PXE_BASE_CODE_UDP_READ)MockUdpRead;++ // = Need to setup EFI_UDP6_PROTOCOL+ // The function under test really only = needs the following:+ // Configure++ Udp6Read.Configure =3D (EFI_UDP= 6_CONFIGURE)MockConfigure;+ Private.Udp6Read =3D &Udp6Read;+ }++ // = Add any cleanup code if needed+ virtual void+ TearDown (+ )+ {+ if= (Private.Dhcp6Request !=3D NULL) {+ FreePool (Private.Dhcp6Request);+= }++ // Clean up any resources or variables+ }+};++// Test Descripti= on+// This will cause an overflow by an untrusted packet during the option = parsing+TEST_F (PxeBcDhcp6DiscoverTest, BasicOverflowTest) {+ EFI_IPv6_ADD= RESS DestIp =3D { 0 };+ EFI_DHCP6_PACKET_OPTION RequestOpt = =3D { 0 }; // the data section doesn't really matter++ RequestOpt.OpCode = =3D HTONS (0x1337);+ RequestOpt.OpLen =3D HTONS (0xFFFF); // overflow++ = UINT8 *Cursor =3D (UINT8 *)(Private.Dhcp6Request->Dhcp6.Option);++ CopyMe= m (Cursor, &RequestOpt, sizeof (RequestOpt));+ Cursor +=3D sizeof (Request= Opt);++ Private.Dhcp6Request->Length =3D (UINT16)(Cursor - (UINT8 *)Privat= e.Dhcp6Request);++ EXPECT_CALL (RtServicesMock, gRT_GetTime)+ .WillOnce= (::testing::Return (0));++ ASSERT_EQ (+ PxeBcDhcp6Discover (+ &(P= xeBcDhcp6DiscoverTest::Private),+ 0,+ NULL,+ FALSE,+ (E= FI_IP_ADDRESS *)&DestIp+ ),+ EFI_OUT_OF_RESOURCES+ );+}++// Test= Description+// This will test that we can handle a packet with a valid opt= ion length+TEST_F (PxeBcDhcp6DiscoverTest, BasicUsageTest) {+ EFI_IPv6_ADD= RESS DestIp =3D { 0 };+ EFI_DHCP6_PACKET_OPTION RequestOpt = =3D { 0 }; // the data section doesn't really matter++ RequestOpt.OpCode = =3D HTONS (0x1337);+ RequestOpt.OpLen =3D HTONS (0x30);++ UINT8 *Cursor= =3D (UINT8 *)(Private.Dhcp6Request->Dhcp6.Option);++ CopyMem (Cursor, &Re= questOpt, sizeof (RequestOpt));+ Cursor +=3D sizeof (RequestOpt);++ Priva= te.Dhcp6Request->Length =3D (UINT16)(Cursor - (UINT8 *)Private.Dhcp6Request= );++ EXPECT_CALL (RtServicesMock, gRT_GetTime)+ .WillOnce (::testing::R= eturn (0));++ ASSERT_EQ (+ PxeBcDhcp6Discover (+ &(PxeBcDhcp6Disco= verTest::Private),+ 0,+ NULL,+ FALSE,+ (EFI_IP_ADDRESS = *)&DestIp+ ),+ EFI_SUCCESS+ );+}--=20 2.43.0 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#114968): https://edk2.groups.io/g/devel/message/114968 Mute This Topic: https://groups.io/mt/103964992/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-