From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [216.205.24.124])
 by mx.groups.io with SMTP id smtpd.web10.11278.1623260026753856019
 for <devel@edk2.groups.io>;
 Wed, 09 Jun 2021 10:33:47 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=bkWvgXa4;
 spf=pass (domain: redhat.com, ip: 216.205.24.124, mailfrom: lersek@redhat.com)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1623260025;
	h=from:from:reply-to:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=CYdDv7SdVqAZEDonYpp/dF2gtNZsa/M58RiUUjTyk84=;
	b=bkWvgXa4HVuxDm/T3VojLxD1hHR2mhwIczBUhDy2eAmu9utv77mGtG0AuTvFRODicOyPlK
	QbCLUTWWK/5aT35AY6Fe0MRIjgKHJn7Pc8ZFt6fYTUIzzZqUX1xNWjsaPOBZA67OdaBh8k
	awW+u4Kiwv3hKD8fIF2jv9DKx3+tAYg=
Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com
 [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id
 us-mta-169-JS838AVEMMOtztEx9W6ltg-1; Wed, 09 Jun 2021 13:33:42 -0400
X-MC-Unique: JS838AVEMMOtztEx9W6ltg-1
Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.12])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 34B59100D680;
	Wed,  9 Jun 2021 17:33:41 +0000 (UTC)
Received: from lacos-laptop-7.usersys.redhat.com (ovpn-112-54.ams2.redhat.com [10.36.112.54])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id D983860CC9;
	Wed,  9 Jun 2021 17:33:39 +0000 (UTC)
Subject: Re: [edk2-devel] [PUBLIC edk2 PATCH v2 00/10] NetworkPkg/IScsiDxe: fix IScsiHexToBin() security and functionality bugs
From: "Laszlo Ersek" <lersek@redhat.com>
To: edk2-devel-groups-io <devel@edk2.groups.io>
Cc: Jiaxin Wu <jiaxin.wu@intel.com>,
 Maciej Rabeda <maciej.rabeda@linux.intel.com>,
 =?UTF-8?Q?Philippe_Mathieu-Daud=c3=a9?= <philmd@redhat.com>,
 Siyuan Fu <siyuan.fu@intel.com>
Reply-To: devel@edk2.groups.io, lersek@redhat.com
References: <20210608121259.32451-1-lersek@redhat.com>
Message-ID: <ab9a2876-dec1-6b1f-d93e-77b83292afde@redhat.com>
Date: Wed, 9 Jun 2021 19:33:38 +0200
MIME-Version: 1.0
In-Reply-To: <20210608121259.32451-1-lersek@redhat.com>
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12
Authentication-Results: relay.mimecast.com;
	auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=lersek@redhat.com
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: 8bit

On 06/08/21 14:12, Laszlo Ersek wrote:
> Bugzilla: https://bugzilla.tianocore.org/show_bug.cgi?id=3356
> Repo:     https://pagure.io/lersek/edk2.git
> Branch:   iscsi_overflow_bz3356
> 
> The main goal of this series is to fix a remotely exploitable buffer
> overflow in the IScsiHexToBin() function.
> 
> This posting corresponds to:
> 
>   https://bugzilla.tianocore.org/show_bug.cgi?id=3356#c22
> 
> meaning that it corresponds to the v2 patches attached to, and tested
> in,
> 
>   https://bugzilla.tianocore.org/show_bug.cgi?id=3356#c17
> 
> and that it carries Phil's and Maciej's R-b's that were given up to
> comment#22.
> 
> Today is the Public Date for this embargoed security issue; I intend to
> merge the patches tomorrow, based on Maciej's (already given) R-b.
> (Simultaneously with this posting, I'm opening up the BZ publicly.) No
> further review is required; the one day delay on the list is just to
> give the community a (brief) opportunity to speak up, before the patches
> are merged.
> 
> Cc: Jiaxin Wu <jiaxin.wu@intel.com>
> Cc: Maciej Rabeda <maciej.rabeda@linux.intel.com>
> Cc: Philippe Mathieu-Daudé <philmd@redhat.com>
> Cc: Siyuan Fu <siyuan.fu@intel.com>
> 
> Thanks,
> Laszlo
> 
> Laszlo Ersek (10):
>   NetworkPkg/IScsiDxe: wrap IScsiCHAP source files to 80 characters
>   NetworkPkg/IScsiDxe: simplify "ISCSI_CHAP_AUTH_DATA.InChallenge" size
>   NetworkPkg/IScsiDxe: clean up
>     "ISCSI_CHAP_AUTH_DATA.OutChallengeLength"
>   NetworkPkg/IScsiDxe: clean up library class dependencies
>   NetworkPkg/IScsiDxe: fix potential integer overflow in IScsiBinToHex()
>   NetworkPkg/IScsiDxe: assert that IScsiBinToHex() always succeeds
>   NetworkPkg/IScsiDxe: reformat IScsiHexToBin() leading comment block
>   NetworkPkg/IScsiDxe: fix IScsiHexToBin() hex parsing
>   NetworkPkg/IScsiDxe: fix IScsiHexToBin() buffer overflow
>   NetworkPkg/IScsiDxe: check IScsiHexToBin() return values
> 
>  NetworkPkg/IScsiDxe/IScsiCHAP.c  | 108 +++++++++++++++-----
>  NetworkPkg/IScsiDxe/IScsiCHAP.h  |  14 ++-
>  NetworkPkg/IScsiDxe/IScsiDxe.inf |   7 +-
>  NetworkPkg/IScsiDxe/IScsiImpl.h  |  18 ++--
>  NetworkPkg/IScsiDxe/IScsiMisc.c  |  65 +++++++++---
>  NetworkPkg/IScsiDxe/IScsiMisc.h  |  19 ++--
>  6 files changed, 166 insertions(+), 65 deletions(-)
> 

Merged as commit range 702ba436ed8e..b8649cf2a3e6, via
<https://github.com/tianocore/edk2/pull/1698>.

Thanks,
Laszlo