From nobody Mon Sep 16 19:30:06 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+114260+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+114260+1787277+3901457@groups.io ARC-Seal: i=1; a=rsa-sha256; t=1706073634; cv=none; d=zohomail.com; s=zohoarc; b=M/kr4HDp6KGCNAZ8V7YaosK/lVqa+NvnKd7xydXpNGNK7OYV0A4a22LvgdTlaVtsMFNdxP5nTn25wSDXwsdo0MBG7iET7AdszB5WFOpsywleWs6rtneMvBuoGt6nR9g6a3Zl7ZCsiNyvDKMKwLFIo5AgJxtdeLymNwBb2964FDM= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1706073634; h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:Reply-To:References:Sender:Subject:Subject:To:To:Message-Id; bh=bx1SIRB8XHrpYC52DSeXMPHkOReXKZi2N13gUZuTLlM=; b=FfUJagoxO8fZt103DnsPBJ90JaeI9OxJIcm7RoPMbD1piHyE3PYQEDclWChNQesZr/MlvLKsZxQAPfcGEkdIUBgFHPZ5BHORUYYWhqwhdWsK+TDafCFBX+7+6DsbeEDvg/CDVKuwePZmgSKvhZuW1sXPUAVjhK5EbvAXG4Z8OPA= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+114260+1787277+3901457@groups.io Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1706073634367804.6182726408713; Tue, 23 Jan 2024 21:20:34 -0800 (PST) Return-Path: DKIM-Signature: a=rsa-sha256; bh=kkHHq6I+XGnWdPj6NIPs3yULL0mqeJPMZfnd4oi63Vw=; c=relaxed/simple; d=groups.io; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Transfer-Encoding; s=20140610; t=1706073634; v=1; b=bleA+M02ae4D8WcHTfw8fZoeF741+ZuS7/FsRDqHG8W16QZdJc0Gty4FKyUpHtAdFv+vVmLP vWomZn/ZYLk8yFPIwxyiv6HYS+uBYjQPQhKC9xtiQtSdlSu1URaPHJsDPg8QvBDQnCb3MCkN7ji bAVNxbtQvYaaqtgw/S5mvF+I= X-Received: by 127.0.0.2 with SMTP id f1ruYY1788612xDtU3PDYvcg; Tue, 23 Jan 2024 21:20:34 -0800 X-Received: from mail-pl1-f180.google.com (mail-pl1-f180.google.com [209.85.214.180]) by mx.groups.io with SMTP id smtpd.web10.16102.1706073633462009143 for ; Tue, 23 Jan 2024 21:20:33 -0800 X-Received: by mail-pl1-f180.google.com with SMTP id d9443c01a7336-1d74dce86f7so24121555ad.2 for ; Tue, 23 Jan 2024 21:20:33 -0800 (PST) X-Gm-Message-State: JrwllFfhrHABUn3b4YBt7V4Dx1787277AA= X-Google-Smtp-Source: AGHT+IF3wwVFg2/PdtJhGm1ynaPlAwtu45VkoSNZP7ENIxcrOL8cX0ypuB3mRfc2xbY/M+OICxOl/w== X-Received: by 2002:a17:902:c946:b0:1d7:8553:35c with SMTP id i6-20020a170902c94600b001d78553035cmr256117pla.13.1706073632491; Tue, 23 Jan 2024 21:20:32 -0800 (PST) X-Received: from localhost.localdomain ([24.17.138.83]) by smtp.gmail.com with ESMTPSA id w2-20020a170902c78200b001d71f10aa42sm7831709pla.11.2024.01.23.21.20.31 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 23 Jan 2024 21:20:32 -0800 (PST) From: "Doug Flick via groups.io" To: devel@edk2.groups.io Cc: Doug Flick , Saloni Kasbekar , Zachary Clark-williams , "Doug Flick [MSFT]" Subject: [edk2-devel] [PATCH 08/14] NetworkPkg: Ip6Dxe: SECURITY PATCH CVE-2023-45232 Unit Tests Date: Tue, 23 Jan 2024 19:33:31 -0800 Message-ID: <6acb5c2e7046f8d988b4475accac076d5728354c.1706062164.git.doug.edk2@gmail.com> In-Reply-To: References: MIME-Version: 1.0 Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,dougflick@microsoft.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1706073636302100034 Content-Type: text/plain; charset="utf-8" From: Doug Flick REF:https://bugzilla.tianocore.org/show_bug.cgi?id=3D4537 REF:https://bugzilla.tianocore.org/show_bug.cgi?id=3D4538 SECURITY PATCH - Unit Tests TCBZ4537 CVE-2023-45232 CVSS 7.5 : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop') TCBZ4538 CVE-2023-45233 CVSS 7.5 : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop') Cc: Saloni Kasbekar Cc: Zachary Clark-williams Signed-off-by: Doug Flick [MSFT] --- .../Ip6Dxe/GoogleTest/Ip6DxeGoogleTest.inf | 10 +- .../Ip6Dxe/GoogleTest/Ip6OptionGoogleTest.h | 40 +++ .../Ip6Dxe/GoogleTest/Ip6OptionGoogleTest.cpp | 282 ++++++++++++++++++ 3 files changed, 328 insertions(+), 4 deletions(-) create mode 100644 NetworkPkg/Ip6Dxe/GoogleTest/Ip6OptionGoogleTest.h diff --git a/NetworkPkg/Ip6Dxe/GoogleTest/Ip6DxeGoogleTest.inf b/NetworkPkg= /Ip6Dxe/GoogleTest/Ip6DxeGoogleTest.inf index 6e4de0745fb5..ba29dbabadb9 100644 --- a/NetworkPkg/Ip6Dxe/GoogleTest/Ip6DxeGoogleTest.inf +++ b/NetworkPkg/Ip6Dxe/GoogleTest/Ip6DxeGoogleTest.inf @@ -1,13 +1,13 @@ ## @file -# Unit test suite for the Ip6Dxe using Google Test +# Unit test suite for the Ip6DxeGoogleTest using Google Test # # Copyright (c) Microsoft Corporation.
# SPDX-License-Identifier: BSD-2-Clause-Patent ## [Defines] INF_VERSION =3D 0x00010017 - BASE_NAME =3D Ip6DxeUnitTest - FILE_GUID =3D 4F05D17D-D3E7-4AAE-820C-576D46D2D34A + BASE_NAME =3D Ip6DxeGoogleTest + FILE_GUID =3D AE39981C-B7FE-41A8-A9C2-F41910477CA3 VERSION_STRING =3D 1.0 MODULE_TYPE =3D HOST_APPLICATION # @@ -16,9 +16,11 @@ [Defines] # VALID_ARCHITECTURES =3D IA32 X64 AARCH64 # [Sources] + ../Ip6Option.c + Ip6OptionGoogleTest.h Ip6DxeGoogleTest.cpp Ip6OptionGoogleTest.cpp - ../Ip6Option.c + Ip6OptionGoogleTest.h =20 [Packages] MdePkg/MdePkg.dec diff --git a/NetworkPkg/Ip6Dxe/GoogleTest/Ip6OptionGoogleTest.h b/NetworkPk= g/Ip6Dxe/GoogleTest/Ip6OptionGoogleTest.h new file mode 100644 index 000000000000..618a7e658e5a --- /dev/null +++ b/NetworkPkg/Ip6Dxe/GoogleTest/Ip6OptionGoogleTest.h @@ -0,0 +1,40 @@ +/** @file + Exposes the functions needed to test the Ip6Option module. + + Copyright (c) Microsoft Corporation + SPDX-License-Identifier: BSD-2-Clause-Patent +**/ + +#ifndef EFI_IP6_OPTION_GOOGLE_TEST_H_ +#define EFI_IP6_OPTION_GOOGLE_TEST_H_ + +#include +#include "../Ip6Impl.h" + +/** + Validate the IP6 option format for both the packets we received + and that we will transmit. It will compute the ICMPv6 error message fiel= ds + if the option is malformatted. + + @param[in] IpSb The IP6 service data. + @param[in] Packet The to be validated packet. + @param[in] Option The first byte of the option. + @param[in] OptionLen The length of the whole option. + @param[in] Pointer Identifies the octet offset within + the invoking packet where the error was de= tected. + + + @retval TRUE The option is properly formatted. + @retval FALSE The option is malformatted. + +**/ +BOOLEAN +Ip6IsOptionValid ( + IN IP6_SERVICE *IpSb, + IN NET_BUF *Packet, + IN UINT8 *Option, + IN UINT16 OptionLen, + IN UINT32 Pointer + ); + +#endif // __EFI_IP6_OPTION_GOOGLE_TEST_H__ diff --git a/NetworkPkg/Ip6Dxe/GoogleTest/Ip6OptionGoogleTest.cpp b/Network= Pkg/Ip6Dxe/GoogleTest/Ip6OptionGoogleTest.cpp index f2cd90e1a952..69eef4b98ed2 100644 --- a/NetworkPkg/Ip6Dxe/GoogleTest/Ip6OptionGoogleTest.cpp +++ b/NetworkPkg/Ip6Dxe/GoogleTest/Ip6OptionGoogleTest.cpp @@ -12,6 +12,7 @@ extern "C" { #include #include "../Ip6Impl.h" #include "../Ip6Option.h" + #include "Ip6OptionGoogleTest.h" } =20 ///////////////////////////////////////////////////////////////////////// @@ -127,3 +128,284 @@ TEST_F (Ip6OptionValidationTest, InvalidPrefixInfoOpt= ionLengthShouldReturnFalse) =20 EXPECT_FALSE (Ip6IsNDOptionValid (option, optionLen)); } + +//////////////////////////////////////////////////////////////////////// +// Ip6IsOptionValid Tests +//////////////////////////////////////////////////////////////////////// + +// Define a fixture for your tests if needed +class Ip6IsOptionValidTest : public ::testing::Test { +protected: + // Add any setup code if needed + virtual void + SetUp ( + ) + { + // Initialize any resources or variables + } + + // Add any cleanup code if needed + virtual void + TearDown ( + ) + { + // Clean up any resources or variables + } +}; + +//////////////////////////////////////////////////////////////////////////= ///// +// Ip6IsOptionValidTest Tests +//////////////////////////////////////////////////////////////////////////= ///// + +// Test Description +// Verify that a NULL option is Invalid +TEST_F (Ip6IsOptionValidTest, NullOptionShouldReturnTrue) { + NET_BUF Packet =3D { 0 }; + // we need to define enough of the packet to make the function work + // The function being tested will pass IpSb to Ip6SendIcmpError which is= defined above + IP6_SERVICE *IpSb =3D NULL; + + EFI_IPv6_ADDRESS SourceAddress =3D { 0x20, 0x01, 0x0d, 0xb8, 0x00,= 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0x00, 0x00, 0x42, 0x83, 0x29 }; + EFI_IPv6_ADDRESS DestinationAddress =3D { 0x20, 0x01, 0x0d, 0xb8, 0x00,= 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0x00, 0x00, 0x42, 0x83, 0x29 }; + EFI_IP6_HEADER Ip6Header =3D { 0 }; + + Ip6Header.SourceAddress =3D SourceAddress; + Ip6Header.DestinationAddress =3D DestinationAddress; + Packet.Ip.Ip6 =3D &Ip6Header; + + EXPECT_FALSE (Ip6IsOptionValid (IpSb, &Packet, NULL, 0, 0)); +} + +// Test Description +// Verify that an unknown option with a length of 0 and type of = does not cause an infinite loop +TEST_F (Ip6IsOptionValidTest, VerifyNoInfiniteLoopOnUnknownOptionLength0) { + NET_BUF Packet =3D { 0 }; + // we need to define enough of the packet to make the function work + // The function being tested will pass IpSb to Ip6SendIcmpError which is= defined above + UINT32 DeadCode =3D 0xDeadC0de; + // Don't actually use this pointer, just pass it to the function, nothin= g will be done with it + IP6_SERVICE *IpSb =3D (IP6_SERVICE *)&DeadCode; + + EFI_IPv6_ADDRESS SourceAddress =3D { 0x20, 0x01, 0x0d, 0xb8, 0x00,= 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0x00, 0x00, 0x42, 0x83, 0x29 }; + EFI_IPv6_ADDRESS DestinationAddress =3D { 0x20, 0x01, 0x0d, 0xb8, 0x00,= 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0x00, 0x00, 0x42, 0x83, 0x29 }; + EFI_IP6_HEADER Ip6Header =3D { 0 }; + + Ip6Header.SourceAddress =3D SourceAddress; + Ip6Header.DestinationAddress =3D DestinationAddress; + Packet.Ip.Ip6 =3D &Ip6Header; + + IP6_OPTION_HEADER optionHeader; + + optionHeader.Type =3D 23; // Unknown Option + optionHeader.Length =3D 0; // This will cause an infinite loop if the= function is not working correctly + + // This should be a valid option even though the length is 0 + EXPECT_TRUE (Ip6IsOptionValid (IpSb, &Packet, (UINT8 *)&optionHeader, si= zeof (optionHeader), 0)); +} + +// Test Description +// Verify that an unknown option with a length of 1 and type of = does not cause an infinite loop +TEST_F (Ip6IsOptionValidTest, VerifyNoInfiniteLoopOnUnknownOptionLength1) { + NET_BUF Packet =3D { 0 }; + // we need to define enough of the packet to make the function work + // The function being tested will pass IpSb to Ip6SendIcmpError which is= defined above + UINT32 DeadCode =3D 0xDeadC0de; + // Don't actually use this pointer, just pass it to the function, nothin= g will be done with it + IP6_SERVICE *IpSb =3D (IP6_SERVICE *)&DeadCode; + + EFI_IPv6_ADDRESS SourceAddress =3D { 0x20, 0x01, 0x0d, 0xb8, 0x00,= 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0x00, 0x00, 0x42, 0x83, 0x29 }; + EFI_IPv6_ADDRESS DestinationAddress =3D { 0x20, 0x01, 0x0d, 0xb8, 0x00,= 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0x00, 0x00, 0x42, 0x83, 0x29 }; + EFI_IP6_HEADER Ip6Header =3D { 0 }; + + Ip6Header.SourceAddress =3D SourceAddress; + Ip6Header.DestinationAddress =3D DestinationAddress; + Packet.Ip.Ip6 =3D &Ip6Header; + + IP6_OPTION_HEADER optionHeader; + + optionHeader.Type =3D 23; // Unknown Option + optionHeader.Length =3D 1; // This will cause an infinite loop if the= function is not working correctly + + EXPECT_TRUE (Ip6IsOptionValid (IpSb, &Packet, (UINT8 *)&optionHeader, si= zeof (optionHeader), 0)); +} + +// Test Description +// Verify that an unknown option with a length of 2 and type of = does not cause an infinite loop +TEST_F (Ip6IsOptionValidTest, VerifyIpSkipUnknownOption) { + NET_BUF Packet =3D { 0 }; + // we need to define enough of the packet to make the function work + // The function being tested will pass IpSb to Ip6SendIcmpError which is= defined above + UINT32 DeadCode =3D 0xDeadC0de; + // Don't actually use this pointer, just pass it to the function, nothin= g will be done with it + IP6_SERVICE *IpSb =3D (IP6_SERVICE *)&DeadCode; + + EFI_IPv6_ADDRESS SourceAddress =3D { 0x20, 0x01, 0x0d, 0xb8, 0x00,= 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0x00, 0x00, 0x42, 0x83, 0x29 }; + EFI_IPv6_ADDRESS DestinationAddress =3D { 0x20, 0x01, 0x0d, 0xb8, 0x00,= 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0x00, 0x00, 0x42, 0x83, 0x29 }; + EFI_IP6_HEADER Ip6Header =3D { 0 }; + + Ip6Header.SourceAddress =3D SourceAddress; + Ip6Header.DestinationAddress =3D DestinationAddress; + Packet.Ip.Ip6 =3D &Ip6Header; + + IP6_OPTION_HEADER optionHeader; + + optionHeader.Type =3D 23; // Unknown Option + optionHeader.Length =3D 2; // Valid length for an unknown option + + EXPECT_TRUE (Ip6IsOptionValid (IpSb, &Packet, (UINT8 *)&optionHeader, si= zeof (optionHeader), 0)); +} + +// Test Description +// Verify that Ip6OptionPad1 is valid with a length of 0 +TEST_F (Ip6IsOptionValidTest, VerifyIp6OptionPad1) { + NET_BUF Packet =3D { 0 }; + // we need to define enough of the packet to make the function work + // The function being tested will pass IpSb to Ip6SendIcmpError which is= defined above + UINT32 DeadCode =3D 0xDeadC0de; + // Don't actually use this pointer, just pass it to the function, nothin= g will be done with it + IP6_SERVICE *IpSb =3D (IP6_SERVICE *)&DeadCode; + + EFI_IPv6_ADDRESS SourceAddress =3D { 0x20, 0x01, 0x0d, 0xb8, 0x00,= 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0x00, 0x00, 0x42, 0x83, 0x29 }; + EFI_IPv6_ADDRESS DestinationAddress =3D { 0x20, 0x01, 0x0d, 0xb8, 0x00,= 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0x00, 0x00, 0x42, 0x83, 0x29 }; + EFI_IP6_HEADER Ip6Header =3D { 0 }; + + Ip6Header.SourceAddress =3D SourceAddress; + Ip6Header.DestinationAddress =3D DestinationAddress; + Packet.Ip.Ip6 =3D &Ip6Header; + + IP6_OPTION_HEADER optionHeader; + + optionHeader.Type =3D Ip6OptionPad1; + optionHeader.Length =3D 0; + + EXPECT_TRUE (Ip6IsOptionValid (IpSb, &Packet, (UINT8 *)&optionHeader, si= zeof (optionHeader), 0)); +} + +// Test Description +// Verify that Ip6OptionPadN doesn't overflow with various lengths +TEST_F (Ip6IsOptionValidTest, VerifyIp6OptionPadN) { + NET_BUF Packet =3D { 0 }; + // we need to define enough of the packet to make the function work + // The function being tested will pass IpSb to Ip6SendIcmpError which is= defined above + UINT32 DeadCode =3D 0xDeadC0de; + // Don't actually use this pointer, just pass it to the function, nothin= g will be done with it + IP6_SERVICE *IpSb =3D (IP6_SERVICE *)&DeadCode; + + EFI_IPv6_ADDRESS SourceAddress =3D { 0x20, 0x01, 0x0d, 0xb8, 0x00,= 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0x00, 0x00, 0x42, 0x83, 0x29 }; + EFI_IPv6_ADDRESS DestinationAddress =3D { 0x20, 0x01, 0x0d, 0xb8, 0x00,= 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0x00, 0x00, 0x42, 0x83, 0x29 }; + EFI_IP6_HEADER Ip6Header =3D { 0 }; + + Ip6Header.SourceAddress =3D SourceAddress; + Ip6Header.DestinationAddress =3D DestinationAddress; + Packet.Ip.Ip6 =3D &Ip6Header; + + IP6_OPTION_HEADER optionHeader; + + optionHeader.Type =3D Ip6OptionPadN; + optionHeader.Length =3D 0xFF; + EXPECT_TRUE (Ip6IsOptionValid (IpSb, &Packet, (UINT8 *)&optionHeader, si= zeof (optionHeader), 0)); + + optionHeader.Length =3D 0xFE; + EXPECT_TRUE (Ip6IsOptionValid (IpSb, &Packet, (UINT8 *)&optionHeader, si= zeof (optionHeader), 0)); + + optionHeader.Length =3D 0xFD; + EXPECT_TRUE (Ip6IsOptionValid (IpSb, &Packet, (UINT8 *)&optionHeader, si= zeof (optionHeader), 0)); + + optionHeader.Length =3D 0xFC; + EXPECT_TRUE (Ip6IsOptionValid (IpSb, &Packet, (UINT8 *)&optionHeader, si= zeof (optionHeader), 0)); +} + +// Test Description +// Verify an unknown option doesn't cause an infinite loop with various le= ngths +TEST_F (Ip6IsOptionValidTest, VerifyNoInfiniteLoopOnUnknownOptionLengthAtt= emptOverflow) { + NET_BUF Packet =3D { 0 }; + // we need to define enough of the packet to make the function work + // The function being tested will pass IpSb to Ip6SendIcmpError which is= defined above + UINT32 DeadCode =3D 0xDeadC0de; + // Don't actually use this pointer, just pass it to the function, nothin= g will be done with it + IP6_SERVICE *IpSb =3D (IP6_SERVICE *)&DeadCode; + + EFI_IPv6_ADDRESS SourceAddress =3D { 0x20, 0x01, 0x0d, 0xb8, 0x00,= 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0x00, 0x00, 0x42, 0x83, 0x29 }; + EFI_IPv6_ADDRESS DestinationAddress =3D { 0x20, 0x01, 0x0d, 0xb8, 0x00,= 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0x00, 0x00, 0x42, 0x83, 0x29 }; + EFI_IP6_HEADER Ip6Header =3D { 0 }; + + Ip6Header.SourceAddress =3D SourceAddress; + Ip6Header.DestinationAddress =3D DestinationAddress; + Packet.Ip.Ip6 =3D &Ip6Header; + + IP6_OPTION_HEADER optionHeader; + + optionHeader.Type =3D 23; // Unknown Option + optionHeader.Length =3D 0xFF; + EXPECT_TRUE (Ip6IsOptionValid (IpSb, &Packet, (UINT8 *)&optionHeader, si= zeof (optionHeader), 0)); + + optionHeader.Length =3D 0xFE; + EXPECT_TRUE (Ip6IsOptionValid (IpSb, &Packet, (UINT8 *)&optionHeader, si= zeof (optionHeader), 0)); + + optionHeader.Length =3D 0xFD; + EXPECT_TRUE (Ip6IsOptionValid (IpSb, &Packet, (UINT8 *)&optionHeader, si= zeof (optionHeader), 0)); + + optionHeader.Length =3D 0xFC; + EXPECT_TRUE (Ip6IsOptionValid (IpSb, &Packet, (UINT8 *)&optionHeader, si= zeof (optionHeader), 0)); +} + +// Test Description +// Verify that the function supports multiple options +TEST_F (Ip6IsOptionValidTest, MultiOptionSupport) { + UINT16 HdrLen; + NET_BUF Packet =3D { 0 }; + // we need to define enough of the packet to make the function work + // The function being tested will pass IpSb to Ip6SendIcmpError which is= defined above + UINT32 DeadCode =3D 0xDeadC0de; + // Don't actually use this pointer, just pass it to the function, nothin= g will be done with it + IP6_SERVICE *IpSb =3D (IP6_SERVICE *)&DeadCode; + + EFI_IPv6_ADDRESS SourceAddress =3D { 0x20, 0x01, 0x0d, 0xb8, 0x00,= 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0x00, 0x00, 0x42, 0x83, 0x29 }; + EFI_IPv6_ADDRESS DestinationAddress =3D { 0x20, 0x01, 0x0d, 0xb8, 0x00,= 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0x00, 0x00, 0x42, 0x83, 0x29 }; + EFI_IP6_HEADER Ip6Header =3D { 0 }; + + Ip6Header.SourceAddress =3D SourceAddress; + Ip6Header.DestinationAddress =3D DestinationAddress; + Packet.Ip.Ip6 =3D &Ip6Header; + + UINT8 ExtHdr[1024] =3D { 0 }; + UINT8 *Cursor =3D ExtHdr; + IP6_OPTION_HEADER *Option =3D (IP6_OPTION_HEADER *)ExtHdr; + + // Let's start chaining options + + Option->Type =3D 23; // Unknown Option + Option->Length =3D 0xFC; + + Cursor +=3D sizeof (IP6_OPTION_HEADER) + 0xFC; + + Option =3D (IP6_OPTION_HEADER *)Cursor; + Option->Type =3D Ip6OptionPad1; + + Cursor +=3D sizeof (1); + + // Type and length aren't processed, instead it just moves the pointer f= orward by 4 bytes + Option =3D (IP6_OPTION_HEADER *)Cursor; + Option->Type =3D Ip6OptionRouterAlert; + Option->Length =3D 4; + + Cursor +=3D sizeof (IP6_OPTION_HEADER) + 4; + + Option =3D (IP6_OPTION_HEADER *)Cursor; + Option->Type =3D Ip6OptionPadN; + Option->Length =3D 0xFC; + + Cursor +=3D sizeof (IP6_OPTION_HEADER) + 0xFC; + + Option =3D (IP6_OPTION_HEADER *)Cursor; + Option->Type =3D Ip6OptionRouterAlert; + Option->Length =3D 4; + + Cursor +=3D sizeof (IP6_OPTION_HEADER) + 4; + + // Total 524 + + HdrLen =3D (UINT16)(Cursor - ExtHdr); + + EXPECT_TRUE (Ip6IsOptionValid (IpSb, &Packet, ExtHdr, HdrLen, 0)); +} --=20 2.43.0 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#114260): https://edk2.groups.io/g/devel/message/114260 Mute This Topic: https://groups.io/mt/103926739/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-