登录 注册
开源 企业版 高校版 私有云 Gitee AI NEW
扫描微信二维码支付
取消
支付完成
Watch
不关注 关注所有动态 仅关注版本发行动态 关注但不提醒动态
14 Star 5 Fork 51

src-openEuler / edk2

代码 Issues 13 Pull Requests 9 Wiki 统计 流水线
服务
加入 Gitee
与超过 1200万 开发者一起发现、参与优秀开源项目,私有仓库也完全免费 :)
免费加入
该仓库未声明开源许可证文件(LICENSE),使用请关注具体项目描述及其代码上游依赖。
项目仓库所选许可证以仓库主分支所使用许可证为准
克隆/下载
0037-NetworkPkg-Dhcp6Dxe-Removes-duplicate-check-and-repl.patch 4.56 KB
一键复制 编辑 原始数据 按行查看 历史
YeXiao 提交于 2024-03-03 16:53 . Fix som CVE
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146
From 665b076fc6082d3e7637c0952e1cf0d4a3104bc7 Mon Sep 17 00:00:00 2001

From: Doug Flick <dougflick@microsoft.com>

Date: Tue, 13 Feb 2024 10:46:01 -0800

Subject: [PATCH 17/19] NetworkPkg: Dhcp6Dxe: Removes duplicate check and

 replaces with macro



Removes duplicate check after merge



>

>  //

>  // Verify the PacketCursor is within the packet

>  //

>  if (  (*PacketCursor < Packet->Dhcp6.Option)

>     || (*PacketCursor >= Packet->Dhcp6.Option + (Packet->Size -

sizeof (EFI_DHCP6_HEADER))))

>  {

>    return EFI_INVALID_PARAMETER;

>  }

>



Converts the check to a macro and replaces all instances of the check

with the macro



Cc: Saloni Kasbekar <saloni.kasbekar@intel.com>

Cc: Zachary Clark-williams <zachary.clark-williams@intel.com>

Signed-off-by: Doug Flick [MSFT] <doug.edk2@gmail.com>

Reviewed-by: Saloni Kasbekar <saloni.kasbekar@intel.com>

Reviewed-by: Leif Lindholm <quic_llindhol@quicinc.com>



reference: https://github.com/tianocore/edk2/pull/5372

Signed-off-by: yexiao <yexiao7@huawei.com>

---

 NetworkPkg/Dhcp6Dxe/Dhcp6Utility.c | 44 +++++++++++++-----------------

 1 file changed, 19 insertions(+), 25 deletions(-)



diff --git a/NetworkPkg/Dhcp6Dxe/Dhcp6Utility.c b/NetworkPkg/Dhcp6Dxe/Dhcp6Utility.c

index e9c45072..db9e02a1 100644

--- a/NetworkPkg/Dhcp6Dxe/Dhcp6Utility.c

+++ b/NetworkPkg/Dhcp6Dxe/Dhcp6Utility.c

@@ -10,6 +10,16 @@

 

 #include "Dhcp6Impl.h"

 

+//

+// Verifies the packet cursor is within the packet

+// otherwise it is invalid

+//

+#define IS_INVALID_PACKET_CURSOR(PacketCursor, Packet) \

+  (((*PacketCursor) < (Packet)->Dhcp6.Option) || \

+   ((*PacketCursor) >= (Packet)->Dhcp6.Option + ((Packet)->Size - sizeof(EFI_DHCP6_HEADER))) \

+  )                                                                            \

+

+

 /**

   Generate client Duid in the format of Duid-llt.

 

@@ -638,9 +648,7 @@ Dhcp6AppendOption (

   //

   // Verify the PacketCursor is within the packet

   //

-  if (  (*PacketCursor < Packet->Dhcp6.Option)

-     || (*PacketCursor >= Packet->Dhcp6.Option + (Packet->Size - sizeof (EFI_DHCP6_HEADER))))

-  {

+  if (IS_INVALID_PACKET_CURSOR (PacketCursor, Packet)) {

     return EFI_INVALID_PARAMETER;

   }

 

@@ -657,15 +665,6 @@ Dhcp6AppendOption (

     return EFI_BUFFER_TOO_SMALL;

   }

 

-  //

-  // Verify the PacketCursor is within the packet

-  //

-  if (  (*PacketCursor < Packet->Dhcp6.Option)

-     || (*PacketCursor >= Packet->Dhcp6.Option + (Packet->Size - sizeof (EFI_DHCP6_HEADER))))

-  {

-    return EFI_INVALID_PARAMETER;

-  }

-

   WriteUnaligned16 ((UINT16 *)*PacketCursor, OptType);

   *PacketCursor += DHCP6_SIZE_OF_OPT_CODE;

   WriteUnaligned16 ((UINT16 *)*PacketCursor, OptLen);

@@ -744,9 +743,7 @@ Dhcp6AppendIaAddrOption (

   //

   // Verify the PacketCursor is within the packet

   //

-  if (  (*PacketCursor < Packet->Dhcp6.Option)

-     || (*PacketCursor >= Packet->Dhcp6.Option + (Packet->Size - sizeof (EFI_DHCP6_HEADER))))

-  {

+  if (IS_INVALID_PACKET_CURSOR (PacketCursor, Packet)) {

     return EFI_INVALID_PARAMETER;

   }

 

@@ -877,9 +874,7 @@ Dhcp6AppendIaOption (

   //

   // Verify the PacketCursor is within the packet

   //

-  if (  (*PacketCursor < Packet->Dhcp6.Option)

-     || (*PacketCursor >= Packet->Dhcp6.Option + (Packet->Size - sizeof (EFI_DHCP6_HEADER))))

-  {

+  if (IS_INVALID_PACKET_CURSOR (PacketCursor, Packet)) {

     return EFI_INVALID_PARAMETER;

   }

 

@@ -941,14 +936,14 @@ Dhcp6AppendIaOption (

   }

 

   //

-  // Fill the value of Ia option length

+  // Update the packet length

   //

-  *Len = HTONS ((UINT16)(*PacketCursor - (UINT8 *)Len - 2));

+  Packet->Length += BytesNeeded;

 

   //

-  // Update the packet length

+  // Fill the value of Ia option length

   //

-  Packet->Length += BytesNeeded;

+  *Len = HTONS ((UINT16)(*PacketCursor - (UINT8 *)Len - 2));

 

   return EFI_SUCCESS;

 }

@@ -957,6 +952,7 @@ Dhcp6AppendIaOption (

   Append the appointed Elapsed time option to Buf, and move Buf to the end.

 

   @param[in, out] Packet        A pointer to the packet, on success Packet->Length

+                                will be updated.

   @param[in, out] PacketCursor  The pointer in the packet, on success PacketCursor

                                 will be moved to the end of the option.

   @param[in]      Instance      The pointer to the Dhcp6 instance.

@@ -1012,9 +1008,7 @@ Dhcp6AppendETOption (

   //

   // Verify the PacketCursor is within the packet

   //

-  if (  (*PacketCursor < Packet->Dhcp6.Option)

-     || (*PacketCursor >= Packet->Dhcp6.Option + (Packet->Size - sizeof (EFI_DHCP6_HEADER))))

-  {

+  if (IS_INVALID_PACKET_CURSOR (PacketCursor, Packet)) {

     return EFI_INVALID_PARAMETER;

   }

 

-- 

2.33.0
1
https://gitee.com/src-openeuler/edk2.git
git@gitee.com:src-openeuler/edk2.git
src-openeuler
edk2
edk2
master
点此查找更多帮助

搜索帮助

Git 命令在线学习 如何在 Gitee 导入 GitHub 仓库
Git 仓库基础操作
企业版和社区版功能对比
SSH 公钥设置
如何处理代码冲突
仓库体积过大,如何减小?
如何找回被删除的仓库数据
Gitee 产品配额说明
GitHub仓库快速导入Gitee及同步更新
什么是 Release(发行版)
将 PHP 项目自动发布到 packagist.org
仓库举报
回到顶部