1. Patchew
  2. EDK2
  3. [edk2-devel] [PATCH v2 0/8] support server identity validation in HTTPS Boot (CVE-2019-14553)
  4. View patch

[edk2-devel] [PATCH v2 4/8] CryptoPkg/Crt: satisfy "inet_pton.c" dependencies (CVE-2019-14553)

Laszlo Ersek posted 8 patches 6 years, 3 months ago
[edk2-devel] [PATCH v2 4/8] CryptoPkg/Crt: satisfy "inet_pton.c" dependencies (CVE-2019-14553)
Posted by Laszlo Ersek 6 years, 3 months ago 
In a later patch in this series, we're going to resurrect "inet_pton.c"
(originally from the StdLib package). That source file has a number of
standard C and BSD socket dependencies. Provide those dependencies here:

- The header files below will simply #include <CrtLibSupport.h>:

  - arpa/inet.h
  - arpa/nameser.h
  - netinet/in.h
  - sys/param.h
  - sys/socket.h

- EAFNOSUPPORT comes from "StdLib/Include/errno.h", at commit
  e2d3a25f1a31; which is the commit immediately preceding the removal of
  StdLib from edk2 (964f432b9b0a).

  Note that the other error macro, which we alread #define, namely EINVAL,
  has a value (22) that also matches "StdLib/Include/errno.h".

- The AF_INET and AF_INET6 address family macros come from
  "StdLib/Include/sys/socket.h".

- The NS_INT16SZ, NS_INADDRSZ and NS_IN6ADDRSZ macros come from
  "StdLib/Include/arpa/nameser.h".

- The "u_int" and "u_char" types come from "StdLib/Include/sys/types.h".

Cc: David Woodhouse <dwmw2@infradead.org>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Jiaxin Wu <jiaxin.wu@intel.com>
Cc: Sivaraman Nainar <sivaramann@amiindia.co.in>
Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=960
CVE: CVE-2019-14553
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
---

Notes:
    v2:
    - new patch

 CryptoPkg/Library/Include/CrtLibSupport.h | 16 ++++++++++++++++
 CryptoPkg/Library/Include/arpa/inet.h     |  9 +++++++++
 CryptoPkg/Library/Include/arpa/nameser.h  |  9 +++++++++
 CryptoPkg/Library/Include/netinet/in.h    |  9 +++++++++
 CryptoPkg/Library/Include/sys/param.h     |  9 +++++++++
 CryptoPkg/Library/Include/sys/socket.h    |  9 +++++++++
 6 files changed, 61 insertions(+)

diff --git a/CryptoPkg/Library/Include/CrtLibSupport.h b/CryptoPkg/Library/Include/CrtLibSupport.h
index b90da20ff7e7..e603fad763f9 100644
--- a/CryptoPkg/Library/Include/CrtLibSupport.h
+++ b/CryptoPkg/Library/Include/CrtLibSupport.h
@@ -73,22 +73,38 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
 //
 // Definitions for global constants used by CRT library routines
 //
 #define EINVAL       22               /* Invalid argument */
+#define EAFNOSUPPORT 47               /* Address family not supported by protocol family */
 #define INT_MAX      0x7FFFFFFF       /* Maximum (signed) int value */
 #define LONG_MAX     0X7FFFFFFFL      /* max value for a long */
 #define LONG_MIN     (-LONG_MAX-1)    /* min value for a long */
 #define ULONG_MAX    0xFFFFFFFF       /* Maximum unsigned long value */
 #define CHAR_BIT     8                /* Number of bits in a char */
 
+//
+// Address families.
+//
+#define AF_INET   2     /* internetwork: UDP, TCP, etc. */
+#define AF_INET6  24    /* IP version 6 */
+
+//
+// Define constants based on RFC0883, RFC1034, RFC 1035
+//
+#define NS_INT16SZ    2   /*%< #/bytes of data in a u_int16_t */
+#define NS_INADDRSZ   4   /*%< IPv4 T_A */
+#define NS_IN6ADDRSZ  16  /*%< IPv6 T_AAAA */
+
 //
 // Basic types mapping
 //
 typedef UINTN          size_t;
+typedef UINTN          u_int;
 typedef INTN           ssize_t;
 typedef INT32          time_t;
 typedef UINT8          __uint8_t;
 typedef UINT8          sa_family_t;
+typedef UINT8          u_char;
 typedef UINT32         uid_t;
 typedef UINT32         gid_t;
 
 //
diff --git a/CryptoPkg/Library/Include/arpa/inet.h b/CryptoPkg/Library/Include/arpa/inet.h
new file mode 100644
index 000000000000..988e4e0a73e3
--- /dev/null
+++ b/CryptoPkg/Library/Include/arpa/inet.h
@@ -0,0 +1,9 @@
+/** @file
+  Include file to support building third-party standard C / BSD sockets code.
+
+  Copyright (C) 2019, Red Hat, Inc.
+
+  SPDX-License-Identifier: BSD-2-Clause-Patent
+**/
+
+#include <CrtLibSupport.h>
diff --git a/CryptoPkg/Library/Include/arpa/nameser.h b/CryptoPkg/Library/Include/arpa/nameser.h
new file mode 100644
index 000000000000..988e4e0a73e3
--- /dev/null
+++ b/CryptoPkg/Library/Include/arpa/nameser.h
@@ -0,0 +1,9 @@
+/** @file
+  Include file to support building third-party standard C / BSD sockets code.
+
+  Copyright (C) 2019, Red Hat, Inc.
+
+  SPDX-License-Identifier: BSD-2-Clause-Patent
+**/
+
+#include <CrtLibSupport.h>
diff --git a/CryptoPkg/Library/Include/netinet/in.h b/CryptoPkg/Library/Include/netinet/in.h
new file mode 100644
index 000000000000..988e4e0a73e3
--- /dev/null
+++ b/CryptoPkg/Library/Include/netinet/in.h
@@ -0,0 +1,9 @@
+/** @file
+  Include file to support building third-party standard C / BSD sockets code.
+
+  Copyright (C) 2019, Red Hat, Inc.
+
+  SPDX-License-Identifier: BSD-2-Clause-Patent
+**/
+
+#include <CrtLibSupport.h>
diff --git a/CryptoPkg/Library/Include/sys/param.h b/CryptoPkg/Library/Include/sys/param.h
new file mode 100644
index 000000000000..988e4e0a73e3
--- /dev/null
+++ b/CryptoPkg/Library/Include/sys/param.h
@@ -0,0 +1,9 @@
+/** @file
+  Include file to support building third-party standard C / BSD sockets code.
+
+  Copyright (C) 2019, Red Hat, Inc.
+
+  SPDX-License-Identifier: BSD-2-Clause-Patent
+**/
+
+#include <CrtLibSupport.h>
diff --git a/CryptoPkg/Library/Include/sys/socket.h b/CryptoPkg/Library/Include/sys/socket.h
new file mode 100644
index 000000000000..988e4e0a73e3
--- /dev/null
+++ b/CryptoPkg/Library/Include/sys/socket.h
@@ -0,0 +1,9 @@
+/** @file
+  Include file to support building third-party standard C / BSD sockets code.
+
+  Copyright (C) 2019, Red Hat, Inc.
+
+  SPDX-License-Identifier: BSD-2-Clause-Patent
+**/
+
+#include <CrtLibSupport.h>
-- 
2.19.1.3.g30247aa5d201



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.

View/Reply Online (#49466): https://edk2.groups.io/g/devel/message/49466
Mute This Topic: https://groups.io/mt/37952588/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub  [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-
Re: [edk2-devel] [PATCH v2 4/8] CryptoPkg/Crt: satisfy "inet_pton.c" dependencies (CVE-2019-14553)
Posted by Wang, Jian J 6 years, 3 months ago 
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>

Regards,
Jian



> -----Original Message-----
> From: Laszlo Ersek <lersek@redhat.com>
> Sent: Saturday, October 26, 2019 1:37 PM
> To: edk2-devel-groups-io <devel@edk2.groups.io>
> Cc: David Woodhouse <dwmw2@infradead.org>; Wang, Jian J
> <jian.j.wang@intel.com>; Wu, Jiaxin <jiaxin.wu@intel.com>; Sivaraman Nainar
> <sivaramann@amiindia.co.in>; Lu, XiaoyuX <xiaoyux.lu@intel.com>
> Subject: [PATCH v2 4/8] CryptoPkg/Crt: satisfy "inet_pton.c" dependencies (CVE-
> 2019-14553)
> 
> In a later patch in this series, we're going to resurrect "inet_pton.c"
> (originally from the StdLib package). That source file has a number of
> standard C and BSD socket dependencies. Provide those dependencies here:
> 
> - The header files below will simply #include <CrtLibSupport.h>:
> 
>   - arpa/inet.h
>   - arpa/nameser.h
>   - netinet/in.h
>   - sys/param.h
>   - sys/socket.h
> 
> - EAFNOSUPPORT comes from "StdLib/Include/errno.h", at commit
>   e2d3a25f1a31; which is the commit immediately preceding the removal of
>   StdLib from edk2 (964f432b9b0a).
> 
>   Note that the other error macro, which we alread #define, namely EINVAL,
>   has a value (22) that also matches "StdLib/Include/errno.h".
> 
> - The AF_INET and AF_INET6 address family macros come from
>   "StdLib/Include/sys/socket.h".
> 
> - The NS_INT16SZ, NS_INADDRSZ and NS_IN6ADDRSZ macros come from
>   "StdLib/Include/arpa/nameser.h".
> 
> - The "u_int" and "u_char" types come from "StdLib/Include/sys/types.h".
> 
> Cc: David Woodhouse <dwmw2@infradead.org>
> Cc: Jian J Wang <jian.j.wang@intel.com>
> Cc: Jiaxin Wu <jiaxin.wu@intel.com>
> Cc: Sivaraman Nainar <sivaramann@amiindia.co.in>
> Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
> Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=960
> CVE: CVE-2019-14553
> Signed-off-by: Laszlo Ersek <lersek@redhat.com>
> ---
> 
> Notes:
>     v2:
>     - new patch
> 
>  CryptoPkg/Library/Include/CrtLibSupport.h | 16 ++++++++++++++++
>  CryptoPkg/Library/Include/arpa/inet.h     |  9 +++++++++
>  CryptoPkg/Library/Include/arpa/nameser.h  |  9 +++++++++
>  CryptoPkg/Library/Include/netinet/in.h    |  9 +++++++++
>  CryptoPkg/Library/Include/sys/param.h     |  9 +++++++++
>  CryptoPkg/Library/Include/sys/socket.h    |  9 +++++++++
>  6 files changed, 61 insertions(+)
> 
> diff --git a/CryptoPkg/Library/Include/CrtLibSupport.h
> b/CryptoPkg/Library/Include/CrtLibSupport.h
> index b90da20ff7e7..e603fad763f9 100644
> --- a/CryptoPkg/Library/Include/CrtLibSupport.h
> +++ b/CryptoPkg/Library/Include/CrtLibSupport.h
> @@ -73,22 +73,38 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
>  //
>  // Definitions for global constants used by CRT library routines
>  //
>  #define EINVAL       22               /* Invalid argument */
> +#define EAFNOSUPPORT 47               /* Address family not supported by
> protocol family */
>  #define INT_MAX      0x7FFFFFFF       /* Maximum (signed) int value */
>  #define LONG_MAX     0X7FFFFFFFL      /* max value for a long */
>  #define LONG_MIN     (-LONG_MAX-1)    /* min value for a long */
>  #define ULONG_MAX    0xFFFFFFFF       /* Maximum unsigned long value */
>  #define CHAR_BIT     8                /* Number of bits in a char */
> 
> +//
> +// Address families.
> +//
> +#define AF_INET   2     /* internetwork: UDP, TCP, etc. */
> +#define AF_INET6  24    /* IP version 6 */
> +
> +//
> +// Define constants based on RFC0883, RFC1034, RFC 1035
> +//
> +#define NS_INT16SZ    2   /*%< #/bytes of data in a u_int16_t */
> +#define NS_INADDRSZ   4   /*%< IPv4 T_A */
> +#define NS_IN6ADDRSZ  16  /*%< IPv6 T_AAAA */
> +
>  //
>  // Basic types mapping
>  //
>  typedef UINTN          size_t;
> +typedef UINTN          u_int;
>  typedef INTN           ssize_t;
>  typedef INT32          time_t;
>  typedef UINT8          __uint8_t;
>  typedef UINT8          sa_family_t;
> +typedef UINT8          u_char;
>  typedef UINT32         uid_t;
>  typedef UINT32         gid_t;
> 
>  //
> diff --git a/CryptoPkg/Library/Include/arpa/inet.h
> b/CryptoPkg/Library/Include/arpa/inet.h
> new file mode 100644
> index 000000000000..988e4e0a73e3
> --- /dev/null
> +++ b/CryptoPkg/Library/Include/arpa/inet.h
> @@ -0,0 +1,9 @@
> +/** @file
> +  Include file to support building third-party standard C / BSD sockets code.
> +
> +  Copyright (C) 2019, Red Hat, Inc.
> +
> +  SPDX-License-Identifier: BSD-2-Clause-Patent
> +**/
> +
> +#include <CrtLibSupport.h>
> diff --git a/CryptoPkg/Library/Include/arpa/nameser.h
> b/CryptoPkg/Library/Include/arpa/nameser.h
> new file mode 100644
> index 000000000000..988e4e0a73e3
> --- /dev/null
> +++ b/CryptoPkg/Library/Include/arpa/nameser.h
> @@ -0,0 +1,9 @@
> +/** @file
> +  Include file to support building third-party standard C / BSD sockets code.
> +
> +  Copyright (C) 2019, Red Hat, Inc.
> +
> +  SPDX-License-Identifier: BSD-2-Clause-Patent
> +**/
> +
> +#include <CrtLibSupport.h>
> diff --git a/CryptoPkg/Library/Include/netinet/in.h
> b/CryptoPkg/Library/Include/netinet/in.h
> new file mode 100644
> index 000000000000..988e4e0a73e3
> --- /dev/null
> +++ b/CryptoPkg/Library/Include/netinet/in.h
> @@ -0,0 +1,9 @@
> +/** @file
> +  Include file to support building third-party standard C / BSD sockets code.
> +
> +  Copyright (C) 2019, Red Hat, Inc.
> +
> +  SPDX-License-Identifier: BSD-2-Clause-Patent
> +**/
> +
> +#include <CrtLibSupport.h>
> diff --git a/CryptoPkg/Library/Include/sys/param.h
> b/CryptoPkg/Library/Include/sys/param.h
> new file mode 100644
> index 000000000000..988e4e0a73e3
> --- /dev/null
> +++ b/CryptoPkg/Library/Include/sys/param.h
> @@ -0,0 +1,9 @@
> +/** @file
> +  Include file to support building third-party standard C / BSD sockets code.
> +
> +  Copyright (C) 2019, Red Hat, Inc.
> +
> +  SPDX-License-Identifier: BSD-2-Clause-Patent
> +**/
> +
> +#include <CrtLibSupport.h>
> diff --git a/CryptoPkg/Library/Include/sys/socket.h
> b/CryptoPkg/Library/Include/sys/socket.h
> new file mode 100644
> index 000000000000..988e4e0a73e3
> --- /dev/null
> +++ b/CryptoPkg/Library/Include/sys/socket.h
> @@ -0,0 +1,9 @@
> +/** @file
> +  Include file to support building third-party standard C / BSD sockets code.
> +
> +  Copyright (C) 2019, Red Hat, Inc.
> +
> +  SPDX-License-Identifier: BSD-2-Clause-Patent
> +**/
> +
> +#include <CrtLibSupport.h>
> --
> 2.19.1.3.g30247aa5d201
> 


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.

View/Reply Online (#49539): https://edk2.groups.io/g/devel/message/49539
Mute This Topic: https://groups.io/mt/37952588/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub  [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-
Re: [edk2-devel] [PATCH v2 4/8] CryptoPkg/Crt: satisfy "inet_pton.c" dependencies (CVE-2019-14553)
Posted by David Woodhouse 6 years, 3 months ago 
On Sat, 2019-10-26 at 07:37 +0200, Laszlo Ersek wrote:
> In a later patch in this series, we're going to resurrect "inet_pton.c"
> (originally from the StdLib package). That source file has a number of
> standard C and BSD socket dependencies. Provide those dependencies here:
> 
> - The header files below will simply #include <CrtLibSupport.h>:
> 
>   - arpa/inet.h
>   - arpa/nameser.h
>   - netinet/in.h
>   - sys/param.h
>   - sys/socket.h
> 
> - EAFNOSUPPORT comes from "StdLib/Include/errno.h", at commit
>   e2d3a25f1a31; which is the commit immediately preceding the removal of
>   StdLib from edk2 (964f432b9b0a).
> 
>   Note that the other error macro, which we alread #define, namely EINVAL,
>   has a value (22) that also matches "StdLib/Include/errno.h".
> 
> - The AF_INET and AF_INET6 address family macros come from
>   "StdLib/Include/sys/socket.h".
> 
> - The NS_INT16SZ, NS_INADDRSZ and NS_IN6ADDRSZ macros come from
>   "StdLib/Include/arpa/nameser.h".
> 
> - The "u_int" and "u_char" types come from "StdLib/Include/sys/types.h".

Hm.

If you're porting a whole standard C library to EDK2 then I suppose it
makes sense to build up all this infrastructure for it.

But in this case when it's only the single inet_pton() function that
you need, perhaps it makes more sense to 'port' that one function to
UEFI (or just reimplement it looking like EDK2 code), instead of
bringing all this stuff along with it?




-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.

View/Reply Online (#49552): https://edk2.groups.io/g/devel/message/49552
Mute This Topic: https://groups.io/mt/37952588/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub  [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-
Re: [edk2-devel] [PATCH v2 4/8] CryptoPkg/Crt: satisfy "inet_pton.c" dependencies (CVE-2019-14553)
Posted by Laszlo Ersek 6 years, 3 months ago 
On 10/28/19 14:06, David Woodhouse wrote:
> On Sat, 2019-10-26 at 07:37 +0200, Laszlo Ersek wrote:
>> In a later patch in this series, we're going to resurrect "inet_pton.c"
>> (originally from the StdLib package). That source file has a number of
>> standard C and BSD socket dependencies. Provide those dependencies here:
>>
>> - The header files below will simply #include <CrtLibSupport.h>:
>>
>>   - arpa/inet.h
>>   - arpa/nameser.h
>>   - netinet/in.h
>>   - sys/param.h
>>   - sys/socket.h
>>
>> - EAFNOSUPPORT comes from "StdLib/Include/errno.h", at commit
>>   e2d3a25f1a31; which is the commit immediately preceding the removal of
>>   StdLib from edk2 (964f432b9b0a).
>>
>>   Note that the other error macro, which we alread #define, namely EINVAL,
>>   has a value (22) that also matches "StdLib/Include/errno.h".
>>
>> - The AF_INET and AF_INET6 address family macros come from
>>   "StdLib/Include/sys/socket.h".
>>
>> - The NS_INT16SZ, NS_INADDRSZ and NS_IN6ADDRSZ macros come from
>>   "StdLib/Include/arpa/nameser.h".
>>
>> - The "u_int" and "u_char" types come from "StdLib/Include/sys/types.h".
> 
> Hm.
> 
> If you're porting a whole standard C library to EDK2 then I suppose it
> makes sense to build up all this infrastructure for it.
> 
> But in this case when it's only the single inet_pton() function that
> you need, perhaps it makes more sense to 'port' that one function to
> UEFI (or just reimplement it looking like EDK2 code), instead of
> bringing all this stuff along with it?

I didn't want to take responsibility for touching any of that code -- I
wanted it to be a piece of the puzzle that we'd just drop in. Its coding
style is very foreign to edk2 norms, so once we started, we wouldn't
stop before rewriting it more or less completely. (For example it quite
frequently consumes the values that assignment expressions evaluate to,
which is a huge no-no in edk2, as far as I understand.) I have no
capacity for such a rework (or additional ownership / responsibility),
sorry.

I worked from Friday evening to Saturday ~6-7AM as my "second sprint" on
this code and its testing, until I was satisfied with the test coverage.
I apologize but I simply cannot repeat that. This is all I can
contribute code-wise (and testing-wise) to fixing this issue.

Thanks
Laszlo


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.

View/Reply Online (#49565): https://edk2.groups.io/g/devel/message/49565
Mute This Topic: https://groups.io/mt/37952588/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub  [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-
Re: [edk2-devel] [PATCH v2 4/8] CryptoPkg/Crt: satisfy "inet_pton.c" dependencies (CVE-2019-14553)
Posted by Wu, Jiaxin 6 years, 3 months ago 
> > Hm.
> >
> > If you're porting a whole standard C library to EDK2 then I suppose it
> > makes sense to build up all this infrastructure for it.
> >
> > But in this case when it's only the single inet_pton() function that
> > you need, perhaps it makes more sense to 'port' that one function to
> > UEFI (or just reimplement it looking like EDK2 code), instead of
> > bringing all this stuff along with it?
> 
> I didn't want to take responsibility for touching any of that code -- I
> wanted it to be a piece of the puzzle that we'd just drop in. Its coding
> style is very foreign to edk2 norms, so once we started, we wouldn't
> stop before rewriting it more or less completely. (For example it quite
> frequently consumes the values that assignment expressions evaluate to,
> which is a huge no-no in edk2, as far as I understand.) I have no
> capacity for such a rework (or additional ownership / responsibility),
> sorry.
> 
> I worked from Friday evening to Saturday ~6-7AM as my "second sprint" on
> this code and its testing, until I was satisfied with the test coverage.
> I apologize but I simply cannot repeat that. This is all I can
> contribute code-wise (and testing-wise) to fixing this issue.


Jian, 

do you think it makes sense to keep the exiting coding style of inet_pton() in edk2\CryptoPkg\Library\BaseCryptLib\SysCall? (Personally, I can accept that).

> 
> Thanks
> Laszlo
> 
> 


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.

View/Reply Online (#49576): https://edk2.groups.io/g/devel/message/49576
Mute This Topic: https://groups.io/mt/37952588/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub  [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-
Re: [edk2-devel] [PATCH v2 4/8] CryptoPkg/Crt: satisfy "inet_pton.c" dependencies (CVE-2019-14553)
Posted by Wang, Jian J 6 years, 3 months ago 
Hi Jiaxin,

> -----Original Message-----
> From: Wu, Jiaxin <jiaxin.wu@intel.com>
> Sent: Tuesday, October 29, 2019 10:45 AM
> To: devel@edk2.groups.io; lersek@redhat.com; David Woodhouse
> <dwmw2@infradead.org>
> Cc: Wang, Jian J <jian.j.wang@intel.com>; Sivaraman Nainar
> <sivaramann@amiindia.co.in>; Lu, XiaoyuX <xiaoyux.lu@intel.com>
> Subject: RE: [edk2-devel] [PATCH v2 4/8] CryptoPkg/Crt: satisfy "inet_pton.c"
> dependencies (CVE-2019-14553)
> 
> > > Hm.
> > >
> > > If you're porting a whole standard C library to EDK2 then I suppose it
> > > makes sense to build up all this infrastructure for it.
> > >
> > > But in this case when it's only the single inet_pton() function that
> > > you need, perhaps it makes more sense to 'port' that one function to
> > > UEFI (or just reimplement it looking like EDK2 code), instead of
> > > bringing all this stuff along with it?
> >
> > I didn't want to take responsibility for touching any of that code -- I
> > wanted it to be a piece of the puzzle that we'd just drop in. Its coding
> > style is very foreign to edk2 norms, so once we started, we wouldn't
> > stop before rewriting it more or less completely. (For example it quite
> > frequently consumes the values that assignment expressions evaluate to,
> > which is a huge no-no in edk2, as far as I understand.) I have no
> > capacity for such a rework (or additional ownership / responsibility),
> > sorry.
> >
> > I worked from Friday evening to Saturday ~6-7AM as my "second sprint" on
> > this code and its testing, until I was satisfied with the test coverage.
> > I apologize but I simply cannot repeat that. This is all I can
> > contribute code-wise (and testing-wise) to fixing this issue.
> 
> 
> Jian,
> 
> do you think it makes sense to keep the exiting coding style of inet_pton() in
> edk2\CryptoPkg\Library\BaseCryptLib\SysCall? (Personally, I can accept that).
> 

As long as it's kept in SysCall, I'm ok with it.

Regards,
Jian

> >
> > Thanks
> > Laszlo
> >
> >


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.

View/Reply Online (#49577): https://edk2.groups.io/g/devel/message/49577
Mute This Topic: https://groups.io/mt/37952588/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub  [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-

Patchew 2.1-devel-b67e4c2

© 2016 - 2026 Red Hat, Inc.