[v1] Security Patches for EDK II Network Stack

[edk2-devel] [PATCH 00/14] Security Patches for EDK II Network Stack

Doug Flick via groups.io posted 14 patches 3 months ago

Diff against v2
Download series mbox

Failed in applying to current master (apply log)

There is a newer version of this series

NetworkPkg/Test/NetworkPkgHostTest.dsc        | 105 +++
.../GoogleTest/Dhcp6DxeGoogleTest.inf         |  44 +
.../Ip6Dxe/GoogleTest/Ip6DxeGoogleTest.inf    |  44 +
.../GoogleTest/UefiPxeBcDxeGoogleTest.inf     |  48 +
.../Library/MockUefiRuntimeServicesTableLib.h |   7 +
NetworkPkg/Dhcp6Dxe/Dhcp6Impl.h               | 143 +++
NetworkPkg/Dhcp6Dxe/Dhcp6Utility.h            |  78 +-
.../Dhcp6Dxe/GoogleTest/Dhcp6IoGoogleTest.h   |  58 ++
.../Ip6Dxe/GoogleTest/Ip6OptionGoogleTest.h   |  40 +
NetworkPkg/Ip6Dxe/Ip6Option.h                 |  89 ++
.../GoogleTest/PxeBcDhcp6GoogleTest.h         |  68 ++
NetworkPkg/UefiPxeBcDxe/PxeBcDhcp6.h          |  17 +
NetworkPkg/Dhcp6Dxe/Dhcp6Io.c                 | 612 ++++++++-----
NetworkPkg/Dhcp6Dxe/Dhcp6Utility.c            | 373 ++++++--
NetworkPkg/Ip6Dxe/Ip6Option.c                 |  84 +-
NetworkPkg/UefiPxeBcDxe/PxeBcDhcp6.c          | 148 ++-
.../MockUefiRuntimeServicesTableLib.cpp       |   5 +-
.../GoogleTest/Dhcp6DxeGoogleTest.cpp         |  20 +
.../Dhcp6Dxe/GoogleTest/Dhcp6IoGoogleTest.cpp | 839 ++++++++++++++++++
.../Ip6Dxe/GoogleTest/Ip6DxeGoogleTest.cpp    |  20 +
.../Ip6Dxe/GoogleTest/Ip6OptionGoogleTest.cpp | 411 +++++++++
NetworkPkg/NetworkPkg.ci.yaml                 | 118 ++-
NetworkPkg/SecurityFixes.yaml                 | 123 +++
.../GoogleTest/PxeBcDhcp6GoogleTest.cpp       | 574 ++++++++++++
.../GoogleTest/UefiPxeBcDxeGoogleTest.cpp     |  19 +
25 files changed, 3686 insertions(+), 401 deletions(-)
create mode 100644 NetworkPkg/Test/NetworkPkgHostTest.dsc
create mode 100644 NetworkPkg/Dhcp6Dxe/GoogleTest/Dhcp6DxeGoogleTest.inf
create mode 100644 NetworkPkg/Ip6Dxe/GoogleTest/Ip6DxeGoogleTest.inf
create mode 100644 NetworkPkg/UefiPxeBcDxe/GoogleTest/UefiPxeBcDxeGoogleTest.inf
create mode 100644 NetworkPkg/Dhcp6Dxe/GoogleTest/Dhcp6IoGoogleTest.h
create mode 100644 NetworkPkg/Ip6Dxe/GoogleTest/Ip6OptionGoogleTest.h
create mode 100644 NetworkPkg/UefiPxeBcDxe/GoogleTest/PxeBcDhcp6GoogleTest.h
create mode 100644 NetworkPkg/Dhcp6Dxe/GoogleTest/Dhcp6DxeGoogleTest.cpp
create mode 100644 NetworkPkg/Dhcp6Dxe/GoogleTest/Dhcp6IoGoogleTest.cpp
create mode 100644 NetworkPkg/Ip6Dxe/GoogleTest/Ip6DxeGoogleTest.cpp
create mode 100644 NetworkPkg/Ip6Dxe/GoogleTest/Ip6OptionGoogleTest.cpp
create mode 100644 NetworkPkg/SecurityFixes.yaml
create mode 100644 NetworkPkg/UefiPxeBcDxe/GoogleTest/PxeBcDhcp6GoogleTest.cpp
create mode 100644 NetworkPkg/UefiPxeBcDxe/GoogleTest/UefiPxeBcDxeGoogleTest.cpp

Expand all Fold all

[edk2-devel] [PATCH 00/14] Security Patches for EDK II Network Stack

Posted by Doug Flick via groups.io 3 months ago

The security patches contained in this series with the exception of
"MdePkg/Test: Add gRT_GetTime Google Test Mock" and
"NetworkPkg: : Adds a SecurityFix.yaml file" have been reviewed
during GHSA-hc6x-cw6p-gj7h infosec review.

This patch series contains the following security patches for the
security vulnerabilities found by QuarksLab in the EDK II Network
Stack:

CVE-2023-45229
CVSS 6.5 : CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE-125 Out-of-bounds Read

CVE-2023-45230
CVSS 8.3 : CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H
CWE-119 Improper Restriction of Operations within the Bounds 
 of a Memory Buffer

CVE-2023-45231
CVSS 6.5 : CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE-125 Out-of-bounds Read

CVE-2023-45232
CVSS 7.5 : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')

CVE-2023-45233
CVSS 7.5 : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')

CVE-2023-45234
CVSS 8.3 : CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H
CWE-119 Improper Restriction of Operations within the Bounds
 of a Memory Buffer

CVE-2023-45235
CVSS 8.3 : CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H
CWE-119 Improper Restriction of Operations within the Bounds
 of a Memory Buffer

NetworkPkg:
Cc: Saloni Kasbekar <saloni.kasbekar@intel.com>
Cc: Zachary Clark-williams <zachary.clark-williams@intel.com>

MdePkg:
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Cc: Zhiguang Liu <zhiguang.liu@intel.com>

Doug Flick (8):
  NetworkPkg: Ip6Dxe: SECURITY PATCH CVE-2023-45231 - Patch
  NetworkPkg: Ip6Dxe: SECURITY PATCH CVE-2023-45231 - Unit Tests
  NetworkPkg: Ip6Dxe: SECURITY PATCH CVE-2023-45232 Patch
  NetworkPkg: Ip6Dxe: SECURITY PATCH CVE-2023-45232 Unit Tests
  NetworkPkg: UefiPxeBcDxe: SECURITY PATCH CVE-2023-45234 Patch
  NetworkPkg: UefiPxeBcDxe: SECURITY PATCH CVE-2023-45234 Unit Tests
  NetworkPkg: UefiPxeBcDxe: SECURITY PATCH CVE-2023-45235 Patch
  NetworkPkg: UefiPxeBcDxe: SECURITY PATCH CVE-2023-45235 Unit Tests

Douglas Flick [MSFT] (6):
  NetworkPkg: Dhcp6Dxe: SECURITY PATCH CVE-2023-45230 Patch
  NetworkPkg: Dhcp6Dxe: SECURITY PATCH CVE-2023-45230 Unit Tests
  NetworkPkg: Dhcp6Dxe: SECURITY PATCH CVE-2023-45229 Patch
  NetworkPkg: Dhcp6Dxe: SECURITY PATCH CVE-2023-45229 Unit Tests
  MdePkg: Test: Add gRT_GetTime Google Test Mock
  NetworkPkg: : Adds a SecurityFix.yaml file

 NetworkPkg/Test/NetworkPkgHostTest.dsc        | 105 +++
 .../GoogleTest/Dhcp6DxeGoogleTest.inf         |  44 +
 .../Ip6Dxe/GoogleTest/Ip6DxeGoogleTest.inf    |  44 +
 .../GoogleTest/UefiPxeBcDxeGoogleTest.inf     |  48 +
 .../Library/MockUefiRuntimeServicesTableLib.h |   7 +
 NetworkPkg/Dhcp6Dxe/Dhcp6Impl.h               | 143 +++
 NetworkPkg/Dhcp6Dxe/Dhcp6Utility.h            |  78 +-
 .../Dhcp6Dxe/GoogleTest/Dhcp6IoGoogleTest.h   |  58 ++
 .../Ip6Dxe/GoogleTest/Ip6OptionGoogleTest.h   |  40 +
 NetworkPkg/Ip6Dxe/Ip6Option.h                 |  89 ++
 .../GoogleTest/PxeBcDhcp6GoogleTest.h         |  68 ++
 NetworkPkg/UefiPxeBcDxe/PxeBcDhcp6.h          |  17 +
 NetworkPkg/Dhcp6Dxe/Dhcp6Io.c                 | 612 ++++++++-----
 NetworkPkg/Dhcp6Dxe/Dhcp6Utility.c            | 373 ++++++--
 NetworkPkg/Ip6Dxe/Ip6Option.c                 |  84 +-
 NetworkPkg/UefiPxeBcDxe/PxeBcDhcp6.c          | 148 ++-
 .../MockUefiRuntimeServicesTableLib.cpp       |   5 +-
 .../GoogleTest/Dhcp6DxeGoogleTest.cpp         |  20 +
 .../Dhcp6Dxe/GoogleTest/Dhcp6IoGoogleTest.cpp | 839 ++++++++++++++++++
 .../Ip6Dxe/GoogleTest/Ip6DxeGoogleTest.cpp    |  20 +
 .../Ip6Dxe/GoogleTest/Ip6OptionGoogleTest.cpp | 411 +++++++++
 NetworkPkg/NetworkPkg.ci.yaml                 | 118 ++-
 NetworkPkg/SecurityFixes.yaml                 | 123 +++
 .../GoogleTest/PxeBcDhcp6GoogleTest.cpp       | 574 ++++++++++++
 .../GoogleTest/UefiPxeBcDxeGoogleTest.cpp     |  19 +
 25 files changed, 3686 insertions(+), 401 deletions(-)
 create mode 100644 NetworkPkg/Test/NetworkPkgHostTest.dsc
 create mode 100644 NetworkPkg/Dhcp6Dxe/GoogleTest/Dhcp6DxeGoogleTest.inf
 create mode 100644 NetworkPkg/Ip6Dxe/GoogleTest/Ip6DxeGoogleTest.inf
 create mode 100644 NetworkPkg/UefiPxeBcDxe/GoogleTest/UefiPxeBcDxeGoogleTest.inf
 create mode 100644 NetworkPkg/Dhcp6Dxe/GoogleTest/Dhcp6IoGoogleTest.h
 create mode 100644 NetworkPkg/Ip6Dxe/GoogleTest/Ip6OptionGoogleTest.h
 create mode 100644 NetworkPkg/UefiPxeBcDxe/GoogleTest/PxeBcDhcp6GoogleTest.h
 create mode 100644 NetworkPkg/Dhcp6Dxe/GoogleTest/Dhcp6DxeGoogleTest.cpp
 create mode 100644 NetworkPkg/Dhcp6Dxe/GoogleTest/Dhcp6IoGoogleTest.cpp
 create mode 100644 NetworkPkg/Ip6Dxe/GoogleTest/Ip6DxeGoogleTest.cpp
 create mode 100644 NetworkPkg/Ip6Dxe/GoogleTest/Ip6OptionGoogleTest.cpp
 create mode 100644 NetworkPkg/SecurityFixes.yaml
 create mode 100644 NetworkPkg/UefiPxeBcDxe/GoogleTest/PxeBcDhcp6GoogleTest.cpp
 create mode 100644 NetworkPkg/UefiPxeBcDxe/GoogleTest/UefiPxeBcDxeGoogleTest.cpp

-- 
2.43.0


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#114252): https://edk2.groups.io/g/devel/message/114252
Mute This Topic: https://groups.io/mt/103926729/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] [PATCH 00/14] Security Patches for EDK II Network Stack

Posted by Pedro Falcato 3 months ago

On Wed, Jan 24, 2024 at 5:20 AM Doug Flick via groups.io
<dougflick=microsoft.com@groups.io> wrote:
>
> The security patches contained in this series with the exception of
> "MdePkg/Test: Add gRT_GetTime Google Test Mock" and
> "NetworkPkg: : Adds a SecurityFix.yaml file" have been reviewed
> during GHSA-hc6x-cw6p-gj7h infosec review.
>
> This patch series contains the following security patches for the
> security vulnerabilities found by QuarksLab in the EDK II Network
> Stack:
>
> CVE-2023-45229
> CVSS 6.5 : CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
> CWE-125 Out-of-bounds Read
>
> CVE-2023-45230
> CVSS 8.3 : CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H
> CWE-119 Improper Restriction of Operations within the Bounds
>  of a Memory Buffer
>
> CVE-2023-45231
> CVSS 6.5 : CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
> CWE-125 Out-of-bounds Read
>
> CVE-2023-45232
> CVSS 7.5 : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
> CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')
>
> CVE-2023-45233
> CVSS 7.5 : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
> CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')
>
> CVE-2023-45234
> CVSS 8.3 : CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H
> CWE-119 Improper Restriction of Operations within the Bounds
>  of a Memory Buffer
>
> CVE-2023-45235
> CVSS 8.3 : CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H
> CWE-119 Improper Restriction of Operations within the Bounds
>  of a Memory Buffer
>
> NetworkPkg:
> Cc: Saloni Kasbekar <saloni.kasbekar@intel.com>
> Cc: Zachary Clark-williams <zachary.clark-williams@intel.com>
>
> MdePkg:
> Cc: Michael D Kinney <michael.d.kinney@intel.com>
> Cc: Liming Gao <gaoliming@byosoft.com.cn>
> Cc: Zhiguang Liu <zhiguang.liu@intel.com>
>
> Doug Flick (8):
>   NetworkPkg: Ip6Dxe: SECURITY PATCH CVE-2023-45231 - Patch
>   NetworkPkg: Ip6Dxe: SECURITY PATCH CVE-2023-45231 - Unit Tests
>   NetworkPkg: Ip6Dxe: SECURITY PATCH CVE-2023-45232 Patch
>   NetworkPkg: Ip6Dxe: SECURITY PATCH CVE-2023-45232 Unit Tests
>   NetworkPkg: UefiPxeBcDxe: SECURITY PATCH CVE-2023-45234 Patch
>   NetworkPkg: UefiPxeBcDxe: SECURITY PATCH CVE-2023-45234 Unit Tests
>   NetworkPkg: UefiPxeBcDxe: SECURITY PATCH CVE-2023-45235 Patch
>   NetworkPkg: UefiPxeBcDxe: SECURITY PATCH CVE-2023-45235 Unit Tests
>
> Douglas Flick [MSFT] (6):
>   NetworkPkg: Dhcp6Dxe: SECURITY PATCH CVE-2023-45230 Patch
>   NetworkPkg: Dhcp6Dxe: SECURITY PATCH CVE-2023-45230 Unit Tests
>   NetworkPkg: Dhcp6Dxe: SECURITY PATCH CVE-2023-45229 Patch
>   NetworkPkg: Dhcp6Dxe: SECURITY PATCH CVE-2023-45229 Unit Tests
>   MdePkg: Test: Add gRT_GetTime Google Test Mock
>   NetworkPkg: : Adds a SecurityFix.yaml file

Thanks for the patches. Please rewrite the commit messages for each
specific patch to contain relevant details on the problem and fix. The
commits as-is are somewhat useless unless one wants to track down the
CVEs. Thanks!

-- 
Pedro


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#114271): https://edk2.groups.io/g/devel/message/114271
Mute This Topic: https://groups.io/mt/103926729/1787277
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org]
-=-=-=-=-=-=-=-=-=-=-=-