From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <lersek@redhat.com>
Received-SPF: Pass (sender SPF authorized) identity=mailfrom;
 client-ip=209.132.183.28; helo=mx1.redhat.com; envelope-from=lersek@redhat.com;
 receiver=edk2-devel@lists.01.org 
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by ml01.01.org (Postfix) with ESMTPS id C41622117D289
 for <edk2-devel@lists.01.org>; Tue, 23 Oct 2018 03:32:15 -0700 (PDT)
Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com
 [10.5.11.13])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by mx1.redhat.com (Postfix) with ESMTPS id 301AE4E4C6;
 Tue, 23 Oct 2018 10:32:15 +0000 (UTC)
Received: from lacos-laptop-7.usersys.redhat.com (ovpn-120-214.rdu2.redhat.com
 [10.10.120.214])
 by smtp.corp.redhat.com (Postfix) with ESMTP id 896C153C40;
 Tue, 23 Oct 2018 10:32:14 +0000 (UTC)
To: Liming Gao <liming.gao@intel.com>, edk2-devel@lists.01.org
References: <20181022151811.29644-1-liming.gao@intel.com>
From: Laszlo Ersek <lersek@redhat.com>
Message-ID: <c727e0d6-fb16-9103-a190-00dea422edeb@redhat.com>
Date: Tue, 23 Oct 2018 12:32:13 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101
 Thunderbird/52.9.1
MIME-Version: 1.0
In-Reply-To: <20181022151811.29644-1-liming.gao@intel.com>
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16
 (mx1.redhat.com [10.5.110.38]); Tue, 23 Oct 2018 10:32:15 +0000 (UTC)
Subject: Re: [PATCH v2 0/3] Add more checker for Tianocompress and Ueficompress(CVE FIX)
X-BeenThere: edk2-devel@lists.01.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: EDK II Development  <edk2-devel.lists.01.org>
List-Unsubscribe: <https://lists.01.org/mailman/options/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=unsubscribe>
List-Archive: <http://lists.01.org/pipermail/edk2-devel/>
List-Post: <mailto:edk2-devel@lists.01.org>
List-Help: <mailto:edk2-devel-request@lists.01.org?subject=help>
List-Subscribe: <https://lists.01.org/mailman/listinfo/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=subscribe>
X-List-Received-Date: Tue, 23 Oct 2018 10:32:16 -0000
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: 7bit

Hi Liming,

On 10/22/18 17:18, Liming Gao wrote:
> In V2, update commit message with fixed CVE number. 
> 
> Fix CVE-2017-5731,CVE-2017-5732,CVE-2017-5733,CVE-2017-5734,CVE-2017-5735
> https://bugzilla.tianocore.org/show_bug.cgi?id=686
> 
> Liming Gao (3):
>   MdePkg: Add more checker in UefiDecompressLib to access the valid
>     buffer only(CVE FIX)
>   IntelFrameworkModulePkg: Add more checker in
>     UefiTianoDecompressLib(CVE FIX)
>   BaseTools: Add more checker in Decompress algorithm to access the
>     valid buffer(CVE FIX)
> 
>  BaseTools/Source/C/Common/Decompress.c             | 23 +++++++++++++++++--
>  BaseTools/Source/C/TianoCompress/TianoCompress.c   | 26 +++++++++++++++++++++-
>  .../BaseUefiTianoCustomDecompressLib.c             | 16 +++++++++++--
>  .../BaseUefiDecompressLib/BaseUefiDecompressLib.c  | 17 ++++++++++++--
>  4 files changed, 75 insertions(+), 7 deletions(-)
> 

in the subject lines, please add a space character before the string
"(CVE FIX)". This can be done before pushing, of course.

I haven't reviewed the patches for correctness, but formally, they look
OK to me. I'm ACKing the set to confirm that. Thanks for the commit
message updates.

Acked-by: Laszlo Ersek <lersek@redhat.com>

Laszlo