1. Patchew
  2. EDK2
  3. View series

[edk2-devel] [PATCH v2 RESEND 0/2] security fix: unlimited FV recursion, round 2 (DXE Core)

Laszlo Ersek posted 2 patches 3 years, 5 months ago
Patches applied successfully (tree, apply log)
git fetch https://github.com/patchew-project/edk2 tags/patchew/20201119105340.16225-1-lersek@redhat.com
MdeModulePkg/MdeModulePkg.dec                                   |  6 +++
MdeModulePkg/MdeModulePkg.uni                                   |  6 +++
MdeModulePkg/Core/Dxe/DxeMain.inf                               |  1 +
MdeModulePkg/Core/Dxe/SectionExtraction/CoreSectionExtraction.c | 52 +++++++++++++++++---
4 files changed, 59 insertions(+), 6 deletions(-)
[edk2-devel] [PATCH v2 RESEND 0/2] security fix: unlimited FV recursion, round 2 (DXE Core)
Posted by Laszlo Ersek 3 years, 5 months ago 
Repo:   https://pagure.io/lersek/edk2.git
Branch: tianocore_1743_v2_resend
Ref:    https://bugzilla.tianocore.org/show_bug.cgi?id=1743

"RESEND" because I'm publicly posting the patches from
<https://bugzilla.tianocore.org/show_bug.cgi?id=1743#c19>.

The Reviewed-by tags on the patches originate from
<https://bugzilla.tianocore.org/show_bug.cgi?id=1743#c20> and
<https://bugzilla.tianocore.org/show_bug.cgi?id=1743#c22>.

Retested with Liming's reproducer; see
<https://bugzilla.tianocore.org/show_bug.cgi?id=1743#c16> and
<https://bugzilla.tianocore.org/show_bug.cgi?id=1743#c18>.

This series targets edk2-stable202011. I plan to merge it later this
week, based on Liming's R-b.

Liming, highlighting TianoCore#1743 in the "proposed features" list
could be useful.

Cc: Dandan Bi <dandan.bi@intel.com>
Cc: Hao A Wu <hao.a.wu@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Cc: Philippe Mathieu-Daudé <philmd@redhat.com>

Thanks!
Laszlo

Laszlo Ersek (2):
  MdeModulePkg/Core/Dxe: assert SectionInstance invariant in
    FindChildNode()
  MdeModulePkg/Core/Dxe: limit FwVol encapsulation section recursion

 MdeModulePkg/MdeModulePkg.dec                                   |  6 +++
 MdeModulePkg/MdeModulePkg.uni                                   |  6 +++
 MdeModulePkg/Core/Dxe/DxeMain.inf                               |  1 +
 MdeModulePkg/Core/Dxe/SectionExtraction/CoreSectionExtraction.c | 52 +++++++++++++++++---
 4 files changed, 59 insertions(+), 6 deletions(-)

-- 
2.19.1.3.g30247aa5d201



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#67707): https://edk2.groups.io/g/devel/message/67707
Mute This Topic: https://groups.io/mt/78362191/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-
回复: [edk2-devel] [PATCH v2 RESEND 0/2] security fix: unlimited FV recursion, round 2 (DXE Core)
Posted by gaoliming 3 years, 5 months ago 
Laszlo:
  I am OK to merge this patch and the fix in LzmaUefiDecompressGetInfo for this stable tag. After you are done, I will update the proposed feature list to include them. 

  In BZ, there is no CVE number. So, I want to confirm whether CVE number is required. 

Thanks
Liming
> -----邮件原件-----
> 发件人: bounce+27952+67707+4905953+8761045@groups.io
> <bounce+27952+67707+4905953+8761045@groups.io> 代表 Laszlo Ersek
> 发送时间: 2020年11月19日 18:54
> 收件人: edk2-devel-groups-io <devel@edk2.groups.io>
> 抄送: Dandan Bi <dandan.bi@intel.com>; Hao A Wu <hao.a.wu@intel.com>;
> Jian J Wang <jian.j.wang@intel.com>; Liming Gao
> <gaoliming@byosoft.com.cn>; Philippe Mathieu-Daudé <philmd@redhat.com>
> 主题: [edk2-devel] [PATCH v2 RESEND 0/2] security fix: unlimited FV
> recursion, round 2 (DXE Core)
> 
> Repo:   https://pagure.io/lersek/edk2.git
> Branch: tianocore_1743_v2_resend
> Ref:    https://bugzilla.tianocore.org/show_bug.cgi?id=1743
> 
> "RESEND" because I'm publicly posting the patches from
> <https://bugzilla.tianocore.org/show_bug.cgi?id=1743#c19>.
> 
> The Reviewed-by tags on the patches originate from
> <https://bugzilla.tianocore.org/show_bug.cgi?id=1743#c20> and
> <https://bugzilla.tianocore.org/show_bug.cgi?id=1743#c22>.
> 
> Retested with Liming's reproducer; see
> <https://bugzilla.tianocore.org/show_bug.cgi?id=1743#c16> and
> <https://bugzilla.tianocore.org/show_bug.cgi?id=1743#c18>.
> 
> This series targets edk2-stable202011. I plan to merge it later this
> week, based on Liming's R-b.
> 
> Liming, highlighting TianoCore#1743 in the "proposed features" list
> could be useful.
> 
> Cc: Dandan Bi <dandan.bi@intel.com>
> Cc: Hao A Wu <hao.a.wu@intel.com>
> Cc: Jian J Wang <jian.j.wang@intel.com>
> Cc: Liming Gao <gaoliming@byosoft.com.cn>
> Cc: Philippe Mathieu-Daudé <philmd@redhat.com>
> 
> Thanks!
> Laszlo
> 
> Laszlo Ersek (2):
>   MdeModulePkg/Core/Dxe: assert SectionInstance invariant in
>     FindChildNode()
>   MdeModulePkg/Core/Dxe: limit FwVol encapsulation section recursion
> 
>  MdeModulePkg/MdeModulePkg.dec
> |  6 +++
>  MdeModulePkg/MdeModulePkg.uni
> |  6 +++
>  MdeModulePkg/Core/Dxe/DxeMain.inf
> |  1 +
>  MdeModulePkg/Core/Dxe/SectionExtraction/CoreSectionExtraction.c | 52
> +++++++++++++++++---
>  4 files changed, 59 insertions(+), 6 deletions(-)
> 
> --
> 2.19.1.3.g30247aa5d201
> 
> 
> 
> 
> 





-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#67742): https://edk2.groups.io/g/devel/message/67742
Mute This Topic: https://groups.io/mt/78383549/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-
Re: 回复: [edk2-devel] [PATCH v2 RESEND 0/2] security fix: unlimited FV recursion, round 2 (DXE Core)
Posted by Laszlo Ersek 3 years, 5 months ago 
On 11/20/20 06:30, gaoliming wrote:
> Laszlo:
>   I am OK to merge this patch and the fix in LzmaUefiDecompressGetInfo for this stable tag. After you are done, I will update the proposed feature list to include them. 

Merged as commit range 6c8dd15c4ae4..47343af30435, via
<https://github.com/tianocore/edk2/pull/1137>.

Thanks,
Laszlo

> 
>   In BZ, there is no CVE number. So, I want to confirm whether CVE number is required. 
> 
> Thanks
> Liming
>> -----邮件原件-----
>> 发件人: bounce+27952+67707+4905953+8761045@groups.io
>> <bounce+27952+67707+4905953+8761045@groups.io> 代表 Laszlo Ersek
>> 发送时间: 2020年11月19日 18:54
>> 收件人: edk2-devel-groups-io <devel@edk2.groups.io>
>> 抄送: Dandan Bi <dandan.bi@intel.com>; Hao A Wu <hao.a.wu@intel.com>;
>> Jian J Wang <jian.j.wang@intel.com>; Liming Gao
>> <gaoliming@byosoft.com.cn>; Philippe Mathieu-Daudé <philmd@redhat.com>
>> 主题: [edk2-devel] [PATCH v2 RESEND 0/2] security fix: unlimited FV
>> recursion, round 2 (DXE Core)
>>
>> Repo:   https://pagure.io/lersek/edk2.git
>> Branch: tianocore_1743_v2_resend
>> Ref:    https://bugzilla.tianocore.org/show_bug.cgi?id=1743
>>
>> "RESEND" because I'm publicly posting the patches from
>> <https://bugzilla.tianocore.org/show_bug.cgi?id=1743#c19>.
>>
>> The Reviewed-by tags on the patches originate from
>> <https://bugzilla.tianocore.org/show_bug.cgi?id=1743#c20> and
>> <https://bugzilla.tianocore.org/show_bug.cgi?id=1743#c22>.
>>
>> Retested with Liming's reproducer; see
>> <https://bugzilla.tianocore.org/show_bug.cgi?id=1743#c16> and
>> <https://bugzilla.tianocore.org/show_bug.cgi?id=1743#c18>.
>>
>> This series targets edk2-stable202011. I plan to merge it later this
>> week, based on Liming's R-b.
>>
>> Liming, highlighting TianoCore#1743 in the "proposed features" list
>> could be useful.
>>
>> Cc: Dandan Bi <dandan.bi@intel.com>
>> Cc: Hao A Wu <hao.a.wu@intel.com>
>> Cc: Jian J Wang <jian.j.wang@intel.com>
>> Cc: Liming Gao <gaoliming@byosoft.com.cn>
>> Cc: Philippe Mathieu-Daudé <philmd@redhat.com>
>>
>> Thanks!
>> Laszlo
>>
>> Laszlo Ersek (2):
>>   MdeModulePkg/Core/Dxe: assert SectionInstance invariant in
>>     FindChildNode()
>>   MdeModulePkg/Core/Dxe: limit FwVol encapsulation section recursion
>>
>>  MdeModulePkg/MdeModulePkg.dec
>> |  6 +++
>>  MdeModulePkg/MdeModulePkg.uni
>> |  6 +++
>>  MdeModulePkg/Core/Dxe/DxeMain.inf
>> |  1 +
>>  MdeModulePkg/Core/Dxe/SectionExtraction/CoreSectionExtraction.c | 52
>> +++++++++++++++++---
>>  4 files changed, 59 insertions(+), 6 deletions(-)
>>
>> --
>> 2.19.1.3.g30247aa5d201
>>
>>
>>
>>
>>
> 
> 
> 
> 
> 
> 
> 
> 



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#67774): https://edk2.groups.io/g/devel/message/67774
Mute This Topic: https://groups.io/mt/78383549/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-
Re: 回复: [edk2-devel] [PATCH v2 RESEND 0/2] security fix: unlimited FV recursion, round 2 (DXE Core)
Posted by Laszlo Ersek 3 years, 5 months ago 
On 11/20/20 06:30, gaoliming wrote:
> Laszlo:
>   I am OK to merge this patch and the fix in LzmaUefiDecompressGetInfo for this stable tag. After you are done, I will update the proposed feature list to include them. 

Thanks!

>   In BZ, there is no CVE number. So, I want to confirm whether CVE number is required. 

We seem to have failed getting a CVE number. I'm unaware of any CVE
being assigned to this issue.

Thanks
Laszlo

> 
> Thanks
> Liming
>> -----邮件原件-----
>> 发件人: bounce+27952+67707+4905953+8761045@groups.io
>> <bounce+27952+67707+4905953+8761045@groups.io> 代表 Laszlo Ersek
>> 发送时间: 2020年11月19日 18:54
>> 收件人: edk2-devel-groups-io <devel@edk2.groups.io>
>> 抄送: Dandan Bi <dandan.bi@intel.com>; Hao A Wu <hao.a.wu@intel.com>;
>> Jian J Wang <jian.j.wang@intel.com>; Liming Gao
>> <gaoliming@byosoft.com.cn>; Philippe Mathieu-Daudé <philmd@redhat.com>
>> 主题: [edk2-devel] [PATCH v2 RESEND 0/2] security fix: unlimited FV
>> recursion, round 2 (DXE Core)
>>
>> Repo:   https://pagure.io/lersek/edk2.git
>> Branch: tianocore_1743_v2_resend
>> Ref:    https://bugzilla.tianocore.org/show_bug.cgi?id=1743
>>
>> "RESEND" because I'm publicly posting the patches from
>> <https://bugzilla.tianocore.org/show_bug.cgi?id=1743#c19>.
>>
>> The Reviewed-by tags on the patches originate from
>> <https://bugzilla.tianocore.org/show_bug.cgi?id=1743#c20> and
>> <https://bugzilla.tianocore.org/show_bug.cgi?id=1743#c22>.
>>
>> Retested with Liming's reproducer; see
>> <https://bugzilla.tianocore.org/show_bug.cgi?id=1743#c16> and
>> <https://bugzilla.tianocore.org/show_bug.cgi?id=1743#c18>.
>>
>> This series targets edk2-stable202011. I plan to merge it later this
>> week, based on Liming's R-b.
>>
>> Liming, highlighting TianoCore#1743 in the "proposed features" list
>> could be useful.
>>
>> Cc: Dandan Bi <dandan.bi@intel.com>
>> Cc: Hao A Wu <hao.a.wu@intel.com>
>> Cc: Jian J Wang <jian.j.wang@intel.com>
>> Cc: Liming Gao <gaoliming@byosoft.com.cn>
>> Cc: Philippe Mathieu-Daudé <philmd@redhat.com>
>>
>> Thanks!
>> Laszlo
>>
>> Laszlo Ersek (2):
>>   MdeModulePkg/Core/Dxe: assert SectionInstance invariant in
>>     FindChildNode()
>>   MdeModulePkg/Core/Dxe: limit FwVol encapsulation section recursion
>>
>>  MdeModulePkg/MdeModulePkg.dec
>> |  6 +++
>>  MdeModulePkg/MdeModulePkg.uni
>> |  6 +++
>>  MdeModulePkg/Core/Dxe/DxeMain.inf
>> |  1 +
>>  MdeModulePkg/Core/Dxe/SectionExtraction/CoreSectionExtraction.c | 52
>> +++++++++++++++++---
>>  4 files changed, 59 insertions(+), 6 deletions(-)
>>
>> --
>> 2.19.1.3.g30247aa5d201
>>
>>
>>
>> 
>>
> 
> 
> 



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#67762): https://edk2.groups.io/g/devel/message/67762
Mute This Topic: https://groups.io/mt/78383549/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-

Patchew 2.1-devel-0870f84

© 2016 - 2024 Red Hat, Inc.