From: "Laszlo Ersek" <lersek@redhat.com>
To: David Woodhouse <dwmw2@infradead.org>,
edk2-devel-groups-io <devel@edk2.groups.io>
Cc: Jian J Wang <jian.j.wang@intel.com>,
Jiaxin Wu <jiaxin.wu@intel.com>,
Sivaraman Nainar <sivaramann@amiindia.co.in>,
Xiaoyu Lu <xiaoyux.lu@intel.com>
Subject: Re: [PATCH v2 4/8] CryptoPkg/Crt: satisfy "inet_pton.c" dependencies (CVE-2019-14553)
Date: Tue, 29 Oct 2019 01:47:08 +0100 [thread overview]
Message-ID: <ac647c17-be5f-d48d-f5b7-549a578660ed@redhat.com> (raw)
In-Reply-To: <cb7d9e56448ccf6b01b8adef3728f3ef3e955dd1.camel@infradead.org>
On 10/28/19 14:06, David Woodhouse wrote:
> On Sat, 2019-10-26 at 07:37 +0200, Laszlo Ersek wrote:
>> In a later patch in this series, we're going to resurrect "inet_pton.c"
>> (originally from the StdLib package). That source file has a number of
>> standard C and BSD socket dependencies. Provide those dependencies here:
>>
>> - The header files below will simply #include <CrtLibSupport.h>:
>>
>> - arpa/inet.h
>> - arpa/nameser.h
>> - netinet/in.h
>> - sys/param.h
>> - sys/socket.h
>>
>> - EAFNOSUPPORT comes from "StdLib/Include/errno.h", at commit
>> e2d3a25f1a31; which is the commit immediately preceding the removal of
>> StdLib from edk2 (964f432b9b0a).
>>
>> Note that the other error macro, which we alread #define, namely EINVAL,
>> has a value (22) that also matches "StdLib/Include/errno.h".
>>
>> - The AF_INET and AF_INET6 address family macros come from
>> "StdLib/Include/sys/socket.h".
>>
>> - The NS_INT16SZ, NS_INADDRSZ and NS_IN6ADDRSZ macros come from
>> "StdLib/Include/arpa/nameser.h".
>>
>> - The "u_int" and "u_char" types come from "StdLib/Include/sys/types.h".
>
> Hm.
>
> If you're porting a whole standard C library to EDK2 then I suppose it
> makes sense to build up all this infrastructure for it.
>
> But in this case when it's only the single inet_pton() function that
> you need, perhaps it makes more sense to 'port' that one function to
> UEFI (or just reimplement it looking like EDK2 code), instead of
> bringing all this stuff along with it?
I didn't want to take responsibility for touching any of that code -- I
wanted it to be a piece of the puzzle that we'd just drop in. Its coding
style is very foreign to edk2 norms, so once we started, we wouldn't
stop before rewriting it more or less completely. (For example it quite
frequently consumes the values that assignment expressions evaluate to,
which is a huge no-no in edk2, as far as I understand.) I have no
capacity for such a rework (or additional ownership / responsibility),
sorry.
I worked from Friday evening to Saturday ~6-7AM as my "second sprint" on
this code and its testing, until I was satisfied with the test coverage.
I apologize but I simply cannot repeat that. This is all I can
contribute code-wise (and testing-wise) to fixing this issue.
Thanks
Laszlo
next prev parent reply other threads:[~2019-10-29 0:47 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-10-26 5:37 [PATCH v2 0/8] support server identity validation in HTTPS Boot (CVE-2019-14553) Laszlo Ersek
2019-10-26 5:37 ` [PATCH v2 1/8] MdePkg/Include/Protocol/Tls.h: Add the data type of EfiTlsVerifyHost (CVE-2019-14553) Laszlo Ersek
2019-10-28 8:12 ` [edk2-devel] " Liming Gao
2019-10-26 5:37 ` [PATCH v2 2/8] CryptoPkg/TlsLib: Add the new API "TlsSetVerifyHost" (CVE-2019-14553) Laszlo Ersek
2019-10-26 11:51 ` [edk2-devel] " Philippe Mathieu-Daudé
2019-11-02 11:01 ` Laszlo Ersek
2019-10-28 5:28 ` Wang, Jian J
2019-10-26 5:37 ` [PATCH v2 3/8] CryptoPkg/Crt: turn strchr() into a function (CVE-2019-14553) Laszlo Ersek
2019-10-26 11:47 ` [edk2-devel] " Philippe Mathieu-Daudé
2019-10-28 5:12 ` Wang, Jian J
2019-10-26 5:37 ` [PATCH v2 4/8] CryptoPkg/Crt: satisfy "inet_pton.c" dependencies (CVE-2019-14553) Laszlo Ersek
2019-10-28 5:34 ` Wang, Jian J
2019-10-28 13:06 ` David Woodhouse
2019-10-29 0:47 ` Laszlo Ersek [this message]
2019-10-29 2:44 ` [edk2-devel] " Wu, Jiaxin
2019-10-29 3:19 ` Wang, Jian J
2019-10-26 5:37 ` [PATCH v2 5/8] CryptoPkg/Crt: import "inet_pton.c" (CVE-2019-14553) Laszlo Ersek
2019-10-28 6:16 ` Wang, Jian J
2019-10-26 5:37 ` [PATCH v2 6/8] CryptoPkg/TlsLib: TlsSetVerifyHost: parse IP address literals as such (CVE-2019-14553) Laszlo Ersek
2019-10-28 6:12 ` Wang, Jian J
2019-10-26 5:37 ` [PATCH v2 7/8] NetworkPkg/TlsDxe: Add the support of host validation to TlsDxe driver (CVE-2019-14553) Laszlo Ersek
2019-10-26 5:37 ` [PATCH v2 8/8] NetworkPkg/HttpDxe: Set the HostName for the verification (CVE-2019-14553) Laszlo Ersek
2019-10-29 2:37 ` [edk2-devel] [PATCH v2 0/8] support server identity validation in HTTPS Boot (CVE-2019-14553) Wu, Jiaxin
2019-11-02 11:15 ` Laszlo Ersek
2019-10-31 9:28 ` Laszlo Ersek
2019-11-02 11:23 ` Laszlo Ersek
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ac647c17-be5f-d48d-f5b7-549a578660ed@redhat.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox