From nobody Fri Oct 18 05:17:31 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+114469+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+114469+1787277+3901457@groups.io ARC-Seal: i=1; a=rsa-sha256; t=1706223995; cv=none; d=zohomail.com; s=zohoarc; b=R5gwm83b9jm+uqY6mvFSTAScMvvDt9vGntSQYwReAXNQVr7D80X5TvUf6cDvwvgwTJL9zaZTP1E5O6ztMZM+pkouMRHS0QB6vPIsIyrommHWc3yg0KGxiHQbWbSafaAfUed6Alw84SH/vfDuVyfpW8rimJaoUjLufn5jzVa9gpQ= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1706223995; h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:Reply-To:References:Sender:Subject:Subject:To:To:Message-Id; bh=uUOIe3jJE1iaImEaMI93mnCYuoCr2B8WiCVNOVcU14A=; b=BeZ7tdXrzSfCFbOQlvSlWFviRck2pFRaDGsyJmb+zyKSBT50UP0Hmz0mDwCb2OSIsDDe/Q2fXSpYfRfTs8hekUWTtp+kjVRZS8+5H67K5K55AoN29RXOuqf/NdWmABX2jK0itaxKkBHwKbtJ/mc44eQirmphHonLW+ltzrMKVxU= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+114469+1787277+3901457@groups.io Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1706223995067423.0427903769753; Thu, 25 Jan 2024 15:06:35 -0800 (PST) Return-Path: DKIM-Signature: a=rsa-sha256; bh=bilDKZ60ecaqOrUCblZxGlA7rZr1HoUrDYX5Xz72YBg=; c=relaxed/simple; d=groups.io; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Transfer-Encoding; s=20140610; t=1706223994; v=1; b=vH7k1qE1idcXZaZYa4j6Oimkz2A6qA0zEM7pzqIilxeIkKNSRKpSmS9qoQwy6tZ1pmoyIOD2 QLxqBke1BtT8xLuHO9HVYotkSbBSVuuAJNlEsUsBTw0ERImR+vMMSQXlUUkpmd9fQIlRn6Z0U7J 8zxrpYInp42zfcaTgsx2wyEs= X-Received: by 127.0.0.2 with SMTP id vCXuYY1788612xQdf0DKGZSB; Thu, 25 Jan 2024 15:06:34 -0800 X-Received: from mail-pl1-f169.google.com (mail-pl1-f169.google.com [209.85.214.169]) by mx.groups.io with SMTP id smtpd.web11.783.1706223994172159769 for ; Thu, 25 Jan 2024 15:06:34 -0800 X-Received: by mail-pl1-f169.google.com with SMTP id d9443c01a7336-1d7859efea5so2165295ad.0 for ; Thu, 25 Jan 2024 15:06:34 -0800 (PST) X-Gm-Message-State: CXorY7vLrMaEA4bwVFQFjVhwx1787277AA= X-Google-Smtp-Source: AGHT+IGMW6+4JH3JRCvSFUWvuxLomPXcFebJAk1X2fcMzJAax+TEtM3ALF0TuFNOVzUatA1z8WqDFQ== X-Received: by 2002:a17:903:1c3:b0:1d7:2817:a63a with SMTP id e3-20020a17090301c300b001d72817a63amr476150plh.19.1706223993220; Thu, 25 Jan 2024 15:06:33 -0800 (PST) X-Received: from localhost.localdomain ([24.17.138.83]) by smtp.gmail.com with ESMTPSA id jh1-20020a170903328100b001d752c4f180sm16779plb.94.2024.01.25.15.06.32 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 25 Jan 2024 15:06:32 -0800 (PST) From: "Doug Flick via groups.io" To: devel@edk2.groups.io Cc: Doug Flick , Saloni Kasbekar , Zachary Clark-williams , "Doug Flick [MSFT]" Subject: [edk2-devel] [PATCH v2 07/15] NetworkPkg: Ip6Dxe: SECURITY PATCH CVE-2023-45231 Unit Tests Date: Thu, 25 Jan 2024 13:54:49 -0800 Message-ID: <0e584109537f3cea0b6393d598a69c61dc6912a5.1706219324.git.doug.edk2@gmail.com> In-Reply-To: References: MIME-Version: 1.0 Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,dougflick@microsoft.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1706223995874100028 Content-Type: text/plain; charset="utf-8" From: Doug Flick REF:https://bugzilla.tianocore.org/show_bug.cgi?id=3D4536 Validates that the patch for... Out-of-bounds read when handling a ND Redirect message with truncated options .. has been fixed Tests the following function to ensure that an out of bounds read does not occur Ip6OptionValidation Cc: Saloni Kasbekar Cc: Zachary Clark-williams Signed-off-by: Doug Flick [MSFT] --- NetworkPkg/Test/NetworkPkgHostTest.dsc | 1 + .../Ip6Dxe/GoogleTest/Ip6DxeGoogleTest.inf | 42 ++++++ .../Ip6Dxe/GoogleTest/Ip6DxeGoogleTest.cpp | 20 +++ .../Ip6Dxe/GoogleTest/Ip6OptionGoogleTest.cpp | 129 ++++++++++++++++++ 4 files changed, 192 insertions(+) create mode 100644 NetworkPkg/Ip6Dxe/GoogleTest/Ip6DxeGoogleTest.inf create mode 100644 NetworkPkg/Ip6Dxe/GoogleTest/Ip6DxeGoogleTest.cpp create mode 100644 NetworkPkg/Ip6Dxe/GoogleTest/Ip6OptionGoogleTest.cpp diff --git a/NetworkPkg/Test/NetworkPkgHostTest.dsc b/NetworkPkg/Test/Netwo= rkPkgHostTest.dsc index 24dee654df2e..7fa7b0f9d5be 100644 --- a/NetworkPkg/Test/NetworkPkgHostTest.dsc +++ b/NetworkPkg/Test/NetworkPkgHostTest.dsc @@ -26,6 +26,7 @@ [Components] # Build HOST_APPLICATION that tests NetworkPkg # NetworkPkg/Dhcp6Dxe/GoogleTest/Dhcp6DxeGoogleTest.inf + NetworkPkg/Ip6Dxe/GoogleTest/Ip6DxeGoogleTest.inf =20 # Despite these library classes being listed in [LibraryClasses] below, th= ey are not needed for the host-based unit tests. [LibraryClasses] diff --git a/NetworkPkg/Ip6Dxe/GoogleTest/Ip6DxeGoogleTest.inf b/NetworkPkg= /Ip6Dxe/GoogleTest/Ip6DxeGoogleTest.inf new file mode 100644 index 000000000000..6e4de0745fb5 --- /dev/null +++ b/NetworkPkg/Ip6Dxe/GoogleTest/Ip6DxeGoogleTest.inf @@ -0,0 +1,42 @@ +## @file +# Unit test suite for the Ip6Dxe using Google Test +# +# Copyright (c) Microsoft Corporation.
+# SPDX-License-Identifier: BSD-2-Clause-Patent +## +[Defines] + INF_VERSION =3D 0x00010017 + BASE_NAME =3D Ip6DxeUnitTest + FILE_GUID =3D 4F05D17D-D3E7-4AAE-820C-576D46D2D34A + VERSION_STRING =3D 1.0 + MODULE_TYPE =3D HOST_APPLICATION +# +# The following information is for reference only and not required by the = build tools. +# +# VALID_ARCHITECTURES =3D IA32 X64 AARCH64 +# +[Sources] + Ip6DxeGoogleTest.cpp + Ip6OptionGoogleTest.cpp + ../Ip6Option.c + +[Packages] + MdePkg/MdePkg.dec + MdeModulePkg/MdeModulePkg.dec + UnitTestFrameworkPkg/UnitTestFrameworkPkg.dec + NetworkPkg/NetworkPkg.dec + +[LibraryClasses] + GoogleTestLib + DebugLib + NetLib + PcdLib + +[Protocols] + gEfiDhcp6ServiceBindingProtocolGuid + +[Pcd] + gEfiNetworkPkgTokenSpaceGuid.PcdDhcp6UidType + +[Guids] + gZeroGuid diff --git a/NetworkPkg/Ip6Dxe/GoogleTest/Ip6DxeGoogleTest.cpp b/NetworkPkg= /Ip6Dxe/GoogleTest/Ip6DxeGoogleTest.cpp new file mode 100644 index 000000000000..6ebfd5fdfb70 --- /dev/null +++ b/NetworkPkg/Ip6Dxe/GoogleTest/Ip6DxeGoogleTest.cpp @@ -0,0 +1,20 @@ +/** @file + Acts as the main entry point for the tests for the Ip6Dxe module. + + Copyright (c) Microsoft Corporation + SPDX-License-Identifier: BSD-2-Clause-Patent +**/ +#include + +//////////////////////////////////////////////////////////////////////////= ////// +// Run the tests +//////////////////////////////////////////////////////////////////////////= ////// +int +main ( + int argc, + char *argv[] + ) +{ + testing::InitGoogleTest (&argc, argv); + return RUN_ALL_TESTS (); +} diff --git a/NetworkPkg/Ip6Dxe/GoogleTest/Ip6OptionGoogleTest.cpp b/Network= Pkg/Ip6Dxe/GoogleTest/Ip6OptionGoogleTest.cpp new file mode 100644 index 000000000000..f2cd90e1a952 --- /dev/null +++ b/NetworkPkg/Ip6Dxe/GoogleTest/Ip6OptionGoogleTest.cpp @@ -0,0 +1,129 @@ +/** @file + Tests for Ip6Option.c. + + Copyright (c) Microsoft Corporation + SPDX-License-Identifier: BSD-2-Clause-Patent +**/ +#include + +extern "C" { + #include + #include + #include + #include "../Ip6Impl.h" + #include "../Ip6Option.h" +} + +///////////////////////////////////////////////////////////////////////// +// Defines +/////////////////////////////////////////////////////////////////////// + +#define IP6_PREFIX_INFO_OPTION_DATA_LEN 32 +#define OPTION_HEADER_IP6_PREFIX_DATA_LEN (sizeof (IP6_OPTION_HEADER) + I= P6_PREFIX_INFO_OPTION_DATA_LEN) + +//////////////////////////////////////////////////////////////////////// +// Symbol Definitions +// These functions are not directly under test - but required to compile +//////////////////////////////////////////////////////////////////////// +UINT32 mIp6Id; + +EFI_STATUS +Ip6SendIcmpError ( + IN IP6_SERVICE *IpSb, + IN NET_BUF *Packet, + IN EFI_IPv6_ADDRESS *SourceAddress OPTIONAL, + IN EFI_IPv6_ADDRESS *DestinationAddress, + IN UINT8 Type, + IN UINT8 Code, + IN UINT32 *Pointer OPTIONAL + ) +{ + // .. + return EFI_SUCCESS; +} + +//////////////////////////////////////////////////////////////////////// +// Ip6OptionValidation Tests +//////////////////////////////////////////////////////////////////////// + +// Define a fixture for your tests if needed +class Ip6OptionValidationTest : public ::testing::Test { +protected: + // Add any setup code if needed + virtual void + SetUp ( + ) + { + // Initialize any resources or variables + } + + // Add any cleanup code if needed + virtual void + TearDown ( + ) + { + // Clean up any resources or variables + } +}; + +// Test Description: +// Null option should return false +TEST_F (Ip6OptionValidationTest, NullOptionShouldReturnFalse) { + UINT8 *option =3D nullptr; + UINT16 optionLen =3D 10; // Provide a suitable length + + EXPECT_FALSE (Ip6IsNDOptionValid (option, optionLen)); +} + +// Test Description: +// Truncated option should return false +TEST_F (Ip6OptionValidationTest, TruncatedOptionShouldReturnFalse) { + UINT8 option[] =3D { 0x01 }; // Provide a truncated option + UINT16 optionLen =3D 1; + + EXPECT_FALSE (Ip6IsNDOptionValid (option, optionLen)); +} + +// Test Description: +// Ip6OptionPrefixInfo Option with zero length should return false +TEST_F (Ip6OptionValidationTest, OptionWithZeroLengthShouldReturnFalse) { + IP6_OPTION_HEADER optionHeader; + + optionHeader.Type =3D Ip6OptionPrefixInfo; + optionHeader.Length =3D 0; + UINT8 option[sizeof (IP6_OPTION_HEADER)]; + + CopyMem (option, &optionHeader, sizeof (IP6_OPTION_HEADER)); + UINT16 optionLen =3D sizeof (IP6_OPTION_HEADER); + + EXPECT_FALSE (Ip6IsNDOptionValid (option, optionLen)); +} + +// Test Description: +// Ip6OptionPrefixInfo Option with valid length should return true +TEST_F (Ip6OptionValidationTest, ValidPrefixInfoOptionShouldReturnTrue) { + IP6_OPTION_HEADER optionHeader; + + optionHeader.Type =3D Ip6OptionPrefixInfo; + optionHeader.Length =3D 4; // Length 4 * 8 =3D 32 + UINT8 option[OPTION_HEADER_IP6_PREFIX_DATA_LEN]; + + CopyMem (option, &optionHeader, sizeof (IP6_OPTION_HEADER)); + + EXPECT_TRUE (Ip6IsNDOptionValid (option, IP6_PREFIX_INFO_OPTION_DATA_LEN= )); +} + +// Test Description: +// Ip6OptionPrefixInfo Option with invalid length should return false +TEST_F (Ip6OptionValidationTest, InvalidPrefixInfoOptionLengthShouldReturn= False) { + IP6_OPTION_HEADER optionHeader; + + optionHeader.Type =3D Ip6OptionPrefixInfo; + optionHeader.Length =3D 3; // Length 3 * 8 =3D 24 (Invalid) + UINT8 option[sizeof (IP6_OPTION_HEADER)]; + + CopyMem (option, &optionHeader, sizeof (IP6_OPTION_HEADER)); + UINT16 optionLen =3D sizeof (IP6_OPTION_HEADER); + + EXPECT_FALSE (Ip6IsNDOptionValid (option, optionLen)); +} --=20 2.43.0 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#114469): https://edk2.groups.io/g/devel/message/114469 Mute This Topic: https://groups.io/mt/103964982/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-