From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by spool.mail.gandi.net (Postfix) with ESMTPS id 3CE947803CD for ; Wed, 24 Jan 2024 05:20:29 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=Cyf/hsu9e8NtI2R3PtvdizAHGWP4XMVc2ACEnaDrYjA=; c=relaxed/simple; d=groups.io; h=From:To:Cc:Subject:Date:Message-ID:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Transfer-Encoding; s=20140610; t=1706073627; v=1; b=gYEViOBtNijyoy2E88+vWlhcQntdfYhPwBRiVeEMrMo6umxL6QjaAhHYuFHvRMCVVlebNMtM oKabnwKqshMW3iq9m2wrwZYZ8BdWpomcUOeI4L+NKTDuoc0x6xXQbj7AHiMX8q7VjzGrie0R7YG SH2C+zMfpLTKz4uLK+TeNVi4= X-Received: by 127.0.0.2 with SMTP id W1udYY7687511xXrX89u482N; Tue, 23 Jan 2024 21:20:27 -0800 X-Received: from mail-pg1-f180.google.com (mail-pg1-f180.google.com [209.85.215.180]) by mx.groups.io with SMTP id smtpd.web11.16100.1706073627349795877 for ; Tue, 23 Jan 2024 21:20:27 -0800 X-Received: by mail-pg1-f180.google.com with SMTP id 41be03b00d2f7-5d3912c9a83so843094a12.3 for ; Tue, 23 Jan 2024 21:20:27 -0800 (PST) X-Gm-Message-State: CcLAxLz6yI2XnImU31PLmhkvx7686176AA= X-Google-Smtp-Source: AGHT+IEDhQGKOvRjalI/najosyzi5+yAPtUwhM1+ND8skRChrvyq0NdVGOkp+BoceWf7hsXUQEdKKg== X-Received: by 2002:a17:902:8216:b0:1d7:7133:1850 with SMTP id x22-20020a170902821600b001d771331850mr142847pln.75.1706073626393; Tue, 23 Jan 2024 21:20:26 -0800 (PST) X-Received: from localhost.localdomain ([24.17.138.83]) by smtp.gmail.com with ESMTPSA id w2-20020a170902c78200b001d71f10aa42sm7831709pla.11.2024.01.23.21.20.25 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 23 Jan 2024 21:20:26 -0800 (PST) From: "Doug Flick via groups.io" To: devel@edk2.groups.io Cc: "Douglas Flick [MSFT]" , Saloni Kasbekar , Zachary Clark-williams , Michael D Kinney , Liming Gao , Zhiguang Liu Subject: [edk2-devel] [PATCH 00/14] Security Patches for EDK II Network Stack Date: Tue, 23 Jan 2024 19:33:23 -0800 Message-ID: MIME-Version: 1.0 Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,dougflick@microsoft.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: Content-Transfer-Encoding: 8bit X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20140610 header.b=gYEViOBt; dmarc=none; spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce@groups.io The security patches contained in this series with the exception of "MdePkg/Test: Add gRT_GetTime Google Test Mock" and "NetworkPkg: : Adds a SecurityFix.yaml file" have been reviewed during GHSA-hc6x-cw6p-gj7h infosec review. This patch series contains the following security patches for the security vulnerabilities found by QuarksLab in the EDK II Network Stack: CVE-2023-45229 CVSS 6.5 : CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CWE-125 Out-of-bounds Read CVE-2023-45230 CVSS 8.3 : CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer CVE-2023-45231 CVSS 6.5 : CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CWE-125 Out-of-bounds Read CVE-2023-45232 CVSS 7.5 : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop') CVE-2023-45233 CVSS 7.5 : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop') CVE-2023-45234 CVSS 8.3 : CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer CVE-2023-45235 CVSS 8.3 : CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer NetworkPkg: Cc: Saloni Kasbekar Cc: Zachary Clark-williams MdePkg: Cc: Michael D Kinney Cc: Liming Gao Cc: Zhiguang Liu Doug Flick (8): NetworkPkg: Ip6Dxe: SECURITY PATCH CVE-2023-45231 - Patch NetworkPkg: Ip6Dxe: SECURITY PATCH CVE-2023-45231 - Unit Tests NetworkPkg: Ip6Dxe: SECURITY PATCH CVE-2023-45232 Patch NetworkPkg: Ip6Dxe: SECURITY PATCH CVE-2023-45232 Unit Tests NetworkPkg: UefiPxeBcDxe: SECURITY PATCH CVE-2023-45234 Patch NetworkPkg: UefiPxeBcDxe: SECURITY PATCH CVE-2023-45234 Unit Tests NetworkPkg: UefiPxeBcDxe: SECURITY PATCH CVE-2023-45235 Patch NetworkPkg: UefiPxeBcDxe: SECURITY PATCH CVE-2023-45235 Unit Tests Douglas Flick [MSFT] (6): NetworkPkg: Dhcp6Dxe: SECURITY PATCH CVE-2023-45230 Patch NetworkPkg: Dhcp6Dxe: SECURITY PATCH CVE-2023-45230 Unit Tests NetworkPkg: Dhcp6Dxe: SECURITY PATCH CVE-2023-45229 Patch NetworkPkg: Dhcp6Dxe: SECURITY PATCH CVE-2023-45229 Unit Tests MdePkg: Test: Add gRT_GetTime Google Test Mock NetworkPkg: : Adds a SecurityFix.yaml file NetworkPkg/Test/NetworkPkgHostTest.dsc | 105 +++ .../GoogleTest/Dhcp6DxeGoogleTest.inf | 44 + .../Ip6Dxe/GoogleTest/Ip6DxeGoogleTest.inf | 44 + .../GoogleTest/UefiPxeBcDxeGoogleTest.inf | 48 + .../Library/MockUefiRuntimeServicesTableLib.h | 7 + NetworkPkg/Dhcp6Dxe/Dhcp6Impl.h | 143 +++ NetworkPkg/Dhcp6Dxe/Dhcp6Utility.h | 78 +- .../Dhcp6Dxe/GoogleTest/Dhcp6IoGoogleTest.h | 58 ++ .../Ip6Dxe/GoogleTest/Ip6OptionGoogleTest.h | 40 + NetworkPkg/Ip6Dxe/Ip6Option.h | 89 ++ .../GoogleTest/PxeBcDhcp6GoogleTest.h | 68 ++ NetworkPkg/UefiPxeBcDxe/PxeBcDhcp6.h | 17 + NetworkPkg/Dhcp6Dxe/Dhcp6Io.c | 612 ++++++++----- NetworkPkg/Dhcp6Dxe/Dhcp6Utility.c | 373 ++++++-- NetworkPkg/Ip6Dxe/Ip6Option.c | 84 +- NetworkPkg/UefiPxeBcDxe/PxeBcDhcp6.c | 148 ++- .../MockUefiRuntimeServicesTableLib.cpp | 5 +- .../GoogleTest/Dhcp6DxeGoogleTest.cpp | 20 + .../Dhcp6Dxe/GoogleTest/Dhcp6IoGoogleTest.cpp | 839 ++++++++++++++++++ .../Ip6Dxe/GoogleTest/Ip6DxeGoogleTest.cpp | 20 + .../Ip6Dxe/GoogleTest/Ip6OptionGoogleTest.cpp | 411 +++++++++ NetworkPkg/NetworkPkg.ci.yaml | 118 ++- NetworkPkg/SecurityFixes.yaml | 123 +++ .../GoogleTest/PxeBcDhcp6GoogleTest.cpp | 574 ++++++++++++ .../GoogleTest/UefiPxeBcDxeGoogleTest.cpp | 19 + 25 files changed, 3686 insertions(+), 401 deletions(-) create mode 100644 NetworkPkg/Test/NetworkPkgHostTest.dsc create mode 100644 NetworkPkg/Dhcp6Dxe/GoogleTest/Dhcp6DxeGoogleTest.inf create mode 100644 NetworkPkg/Ip6Dxe/GoogleTest/Ip6DxeGoogleTest.inf create mode 100644 NetworkPkg/UefiPxeBcDxe/GoogleTest/UefiPxeBcDxeGoogleTest.inf create mode 100644 NetworkPkg/Dhcp6Dxe/GoogleTest/Dhcp6IoGoogleTest.h create mode 100644 NetworkPkg/Ip6Dxe/GoogleTest/Ip6OptionGoogleTest.h create mode 100644 NetworkPkg/UefiPxeBcDxe/GoogleTest/PxeBcDhcp6GoogleTest.h create mode 100644 NetworkPkg/Dhcp6Dxe/GoogleTest/Dhcp6DxeGoogleTest.cpp create mode 100644 NetworkPkg/Dhcp6Dxe/GoogleTest/Dhcp6IoGoogleTest.cpp create mode 100644 NetworkPkg/Ip6Dxe/GoogleTest/Ip6DxeGoogleTest.cpp create mode 100644 NetworkPkg/Ip6Dxe/GoogleTest/Ip6OptionGoogleTest.cpp create mode 100644 NetworkPkg/SecurityFixes.yaml create mode 100644 NetworkPkg/UefiPxeBcDxe/GoogleTest/PxeBcDhcp6GoogleTest.cpp create mode 100644 NetworkPkg/UefiPxeBcDxe/GoogleTest/UefiPxeBcDxeGoogleTest.cpp -- 2.43.0 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#114252): https://edk2.groups.io/g/devel/message/114252 Mute This Topic: https://groups.io/mt/103926729/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=-=-=-=-=-=-=-=-=-=-=-