diff options
Diffstat (limited to 'meta')
3 files changed, 779 insertions, 0 deletions
diff --git a/meta/recipes-core/ovmf/ovmf/CVE-2023-45232-CVE-2023-45233-0001.patch b/meta/recipes-core/ovmf/ovmf/CVE-2023-45232-CVE-2023-45233-0001.patch new file mode 100644 index 0000000000..d43e971d9d --- /dev/null +++ b/meta/recipes-core/ovmf/ovmf/CVE-2023-45232-CVE-2023-45233-0001.patch | |||
| @@ -0,0 +1,360 @@ | |||
| 1 | From 4df0229ef992d4f2721a8508787ebf9dc81fbd6e Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Doug Flick <dougflick@microsoft.com> | ||
| 3 | Date: Fri, 26 Jan 2024 05:54:50 +0800 | ||
| 4 | Subject: [PATCH] NetworkPkg: Ip6Dxe: SECURITY PATCH CVE-2023-45232 Patch | ||
| 5 | |||
| 6 | REF:https://bugzilla.tianocore.org/show_bug.cgi?id=4537 | ||
| 7 | REF:https://bugzilla.tianocore.org/show_bug.cgi?id=4538 | ||
| 8 | |||
| 9 | Bug Details: | ||
| 10 | PixieFail Bug #4 | ||
| 11 | CVE-2023-45232 | ||
| 12 | CVSS 7.5 : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | ||
| 13 | CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop') | ||
| 14 | |||
| 15 | Infinite loop when parsing unknown options in the Destination Options | ||
| 16 | header | ||
| 17 | |||
| 18 | PixieFail Bug #5 | ||
| 19 | CVE-2023-45233 | ||
| 20 | CVSS 7.5 : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | ||
| 21 | CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop') | ||
| 22 | |||
| 23 | Infinite loop when parsing a PadN option in the Destination Options | ||
| 24 | header | ||
| 25 | |||
| 26 | Change Overview: | ||
| 27 | |||
| 28 | Most importantly this change corrects the following incorrect math | ||
| 29 | and cleans up the code. | ||
| 30 | |||
| 31 | > // It is a PadN option | ||
| 32 | > // | ||
| 33 | > - Offset = (UINT8)(Offset + *(Option + Offset + 1) + 2); | ||
| 34 | > + OptDataLen = ((EFI_IP6_OPTION *)(Option + Offset))->Length; | ||
| 35 | > + Offset = IP6_NEXT_OPTION_OFFSET (Offset, OptDataLen); | ||
| 36 | |||
| 37 | > case Ip6OptionSkip: | ||
| 38 | > - Offset = (UINT8)(Offset + *(Option + Offset + 1)); | ||
| 39 | > OptDataLen = ((EFI_IP6_OPTION *)(Option + Offset))->Length; | ||
| 40 | > Offset = IP6_NEXT_OPTION_OFFSET (Offset, OptDataLen); | ||
| 41 | |||
| 42 | Additionally, this change also corrects incorrect math where the calling | ||
| 43 | function was calculating the HDR EXT optionLen as a uint8 instead of a | ||
| 44 | uint16 | ||
| 45 | |||
| 46 | > - OptionLen = (UINT8)((*Option + 1) * 8 - 2); | ||
| 47 | > + OptionLen = IP6_HDR_EXT_LEN (*Option) - | ||
| 48 | IP6_COMBINED_SIZE_OF_NEXT_HDR_AND_LEN; | ||
| 49 | |||
| 50 | Additionally this check adds additional logic to santize the incoming | ||
| 51 | data | ||
| 52 | |||
| 53 | Cc: Saloni Kasbekar <saloni.kasbekar@intel.com> | ||
| 54 | Cc: Zachary Clark-williams <zachary.clark-williams@intel.com> | ||
| 55 | |||
| 56 | Signed-off-by: Doug Flick [MSFT] <doug.edk2@gmail.com> | ||
| 57 | Reviewed-by: Saloni Kasbekar <saloni.kasbekar@intel.com> | ||
| 58 | |||
| 59 | CVE: CVE-2023-45232, CVE-2023-45233 | ||
| 60 | |||
| 61 | Upstream-Status: Backport [https://github.com/tianocore/edk2/commit/4df0229ef992d4f2721a8508787ebf9dc81fbd6e] | ||
| 62 | |||
| 63 | Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com> | ||
| 64 | --- | ||
| 65 | NetworkPkg/Ip6Dxe/Ip6Nd.h | 35 ++++++++++++++++ | ||
| 66 | NetworkPkg/Ip6Dxe/Ip6Option.c | 76 ++++++++++++++++++++++++++++++----- | ||
| 67 | NetworkPkg/Ip6Dxe/Ip6Option.h | 71 ++++++++++++++++++++++++++++++++ | ||
| 68 | 3 files changed, 171 insertions(+), 11 deletions(-) | ||
| 69 | |||
| 70 | diff --git a/NetworkPkg/Ip6Dxe/Ip6Nd.h b/NetworkPkg/Ip6Dxe/Ip6Nd.h | ||
| 71 | index 860934a167..bf64e9114e 100644 | ||
| 72 | --- a/NetworkPkg/Ip6Dxe/Ip6Nd.h | ||
| 73 | +++ b/NetworkPkg/Ip6Dxe/Ip6Nd.h | ||
| 74 | @@ -56,13 +56,48 @@ VOID | ||
| 75 | VOID *Context | ||
| 76 | ); | ||
| 77 | |||
| 78 | +// | ||
| 79 | +// Per RFC8200 Section 4.2 | ||
| 80 | +// | ||
| 81 | +// Two of the currently-defined extension headers -- the Hop-by-Hop | ||
| 82 | +// Options header and the Destination Options header -- carry a variable | ||
| 83 | +// number of type-length-value (TLV) encoded "options", of the following | ||
| 84 | +// format: | ||
| 85 | +// | ||
| 86 | +// +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+- - - - - - - - - | ||
| 87 | +// | Option Type | Opt Data Len | Option Data | ||
| 88 | +// +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+- - - - - - - - - | ||
| 89 | +// | ||
| 90 | +// Option Type 8-bit identifier of the type of option. | ||
| 91 | +// | ||
| 92 | +// Opt Data Len 8-bit unsigned integer. Length of the Option | ||
| 93 | +// Data field of this option, in octets. | ||
| 94 | +// | ||
| 95 | +// Option Data Variable-length field. Option-Type-specific | ||
| 96 | +// data. | ||
| 97 | +// | ||
| 98 | typedef struct _IP6_OPTION_HEADER { | ||
| 99 | + /// | ||
| 100 | + /// identifier of the type of option. | ||
| 101 | + /// | ||
| 102 | UINT8 Type; | ||
| 103 | + /// | ||
| 104 | + /// Length of the Option Data field of this option, in octets. | ||
| 105 | + /// | ||
| 106 | UINT8 Length; | ||
| 107 | + /// | ||
| 108 | + /// Option-Type-specific data. | ||
| 109 | + /// | ||
| 110 | } IP6_OPTION_HEADER; | ||
| 111 | |||
| 112 | STATIC_ASSERT (sizeof (IP6_OPTION_HEADER) == 2, "IP6_OPTION_HEADER is expected to be exactly 2 bytes long."); | ||
| 113 | |||
| 114 | +#define IP6_NEXT_OPTION_OFFSET(offset, length) (offset + sizeof(IP6_OPTION_HEADER) + length) | ||
| 115 | +STATIC_ASSERT ( | ||
| 116 | + IP6_NEXT_OPTION_OFFSET (0, 0) == 2, | ||
| 117 | + "The next option is minimally the combined size of the option tag and length" | ||
| 118 | + ); | ||
| 119 | + | ||
| 120 | typedef struct _IP6_ETHE_ADDR_OPTION { | ||
| 121 | UINT8 Type; | ||
| 122 | UINT8 Length; | ||
| 123 | diff --git a/NetworkPkg/Ip6Dxe/Ip6Option.c b/NetworkPkg/Ip6Dxe/Ip6Option.c | ||
| 124 | index 8718d5d875..fd97ce116f 100644 | ||
| 125 | --- a/NetworkPkg/Ip6Dxe/Ip6Option.c | ||
| 126 | +++ b/NetworkPkg/Ip6Dxe/Ip6Option.c | ||
| 127 | @@ -17,7 +17,8 @@ | ||
| 128 | @param[in] IpSb The IP6 service data. | ||
| 129 | @param[in] Packet The to be validated packet. | ||
| 130 | @param[in] Option The first byte of the option. | ||
| 131 | - @param[in] OptionLen The length of the whole option. | ||
| 132 | + @param[in] OptionLen The length of all options, expressed in byte length of octets. | ||
| 133 | + Maximum length is 2046 bytes or ((n + 1) * 8) - 2 where n is 255. | ||
| 134 | @param[in] Pointer Identifies the octet offset within | ||
| 135 | the invoking packet where the error was detected. | ||
| 136 | |||
| 137 | @@ -31,12 +32,33 @@ Ip6IsOptionValid ( | ||
| 138 | IN IP6_SERVICE *IpSb, | ||
| 139 | IN NET_BUF *Packet, | ||
| 140 | IN UINT8 *Option, | ||
| 141 | - IN UINT8 OptionLen, | ||
| 142 | + IN UINT16 OptionLen, | ||
| 143 | IN UINT32 Pointer | ||
| 144 | ) | ||
| 145 | { | ||
| 146 | - UINT8 Offset; | ||
| 147 | - UINT8 OptionType; | ||
| 148 | + UINT16 Offset; | ||
| 149 | + UINT8 OptionType; | ||
| 150 | + UINT8 OptDataLen; | ||
| 151 | + | ||
| 152 | + if (Option == NULL) { | ||
| 153 | + ASSERT (Option != NULL); | ||
| 154 | + return FALSE; | ||
| 155 | + } | ||
| 156 | + | ||
| 157 | + if ((OptionLen <= 0) || (OptionLen > IP6_MAX_EXT_DATA_LENGTH)) { | ||
| 158 | + ASSERT (OptionLen > 0 && OptionLen <= IP6_MAX_EXT_DATA_LENGTH); | ||
| 159 | + return FALSE; | ||
| 160 | + } | ||
| 161 | + | ||
| 162 | + if (Packet == NULL) { | ||
| 163 | + ASSERT (Packet != NULL); | ||
| 164 | + return FALSE; | ||
| 165 | + } | ||
| 166 | + | ||
| 167 | + if (IpSb == NULL) { | ||
| 168 | + ASSERT (IpSb != NULL); | ||
| 169 | + return FALSE; | ||
| 170 | + } | ||
| 171 | |||
| 172 | Offset = 0; | ||
| 173 | |||
| 174 | @@ -54,7 +76,8 @@ Ip6IsOptionValid ( | ||
| 175 | // | ||
| 176 | // It is a PadN option | ||
| 177 | // | ||
| 178 | - Offset = (UINT8)(Offset + *(Option + Offset + 1) + 2); | ||
| 179 | + OptDataLen = ((IP6_OPTION_HEADER *)(Option + Offset))->Length; | ||
| 180 | + Offset = IP6_NEXT_OPTION_OFFSET (Offset, OptDataLen); | ||
| 181 | break; | ||
| 182 | case Ip6OptionRouterAlert: | ||
| 183 | // | ||
| 184 | @@ -69,7 +92,8 @@ Ip6IsOptionValid ( | ||
| 185 | // | ||
| 186 | switch (OptionType & Ip6OptionMask) { | ||
| 187 | case Ip6OptionSkip: | ||
| 188 | - Offset = (UINT8)(Offset + *(Option + Offset + 1)); | ||
| 189 | + OptDataLen = ((IP6_OPTION_HEADER *)(Option + Offset))->Length; | ||
| 190 | + Offset = IP6_NEXT_OPTION_OFFSET (Offset, OptDataLen); | ||
| 191 | break; | ||
| 192 | case Ip6OptionDiscard: | ||
| 193 | return FALSE; | ||
| 194 | @@ -308,7 +332,7 @@ Ip6IsExtsValid ( | ||
| 195 | UINT32 Pointer; | ||
| 196 | UINT32 Offset; | ||
| 197 | UINT8 *Option; | ||
| 198 | - UINT8 OptionLen; | ||
| 199 | + UINT16 OptionLen; | ||
| 200 | BOOLEAN Flag; | ||
| 201 | UINT8 CountD; | ||
| 202 | UINT8 CountA; | ||
| 203 | @@ -385,6 +409,36 @@ Ip6IsExtsValid ( | ||
| 204 | // Fall through | ||
| 205 | // | ||
| 206 | case IP6_DESTINATION: | ||
| 207 | + // | ||
| 208 | + // See https://www.rfc-editor.org/rfc/rfc2460#section-4.2 page 23 | ||
| 209 | + // | ||
| 210 | + // +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | ||
| 211 | + // | Next Header | Hdr Ext Len | | | ||
| 212 | + // +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | ||
| 213 | + // | | | ||
| 214 | + // . . | ||
| 215 | + // . Options . | ||
| 216 | + // . . | ||
| 217 | + // | | | ||
| 218 | + // +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | ||
| 219 | + // | ||
| 220 | + // | ||
| 221 | + // Next Header 8-bit selector. Identifies the type of header | ||
| 222 | + // immediately following the Destination Options | ||
| 223 | + // header. Uses the same values as the IPv4 | ||
| 224 | + // Protocol field [RFC-1700 et seq.]. | ||
| 225 | + // | ||
| 226 | + // Hdr Ext Len 8-bit unsigned integer. Length of the | ||
| 227 | + // Destination Options header in 8-octet units, not | ||
| 228 | + // including the first 8 octets. | ||
| 229 | + // | ||
| 230 | + // Options Variable-length field, of length such that the | ||
| 231 | + // complete Destination Options header is an | ||
| 232 | + // integer multiple of 8 octets long. Contains one | ||
| 233 | + // or more TLV-encoded options, as described in | ||
| 234 | + // section 4.2. | ||
| 235 | + // | ||
| 236 | + | ||
| 237 | if (*NextHeader == IP6_DESTINATION) { | ||
| 238 | CountD++; | ||
| 239 | } | ||
| 240 | @@ -398,7 +452,7 @@ Ip6IsExtsValid ( | ||
| 241 | |||
| 242 | Offset++; | ||
| 243 | Option = ExtHdrs + Offset; | ||
| 244 | - OptionLen = (UINT8)((*Option + 1) * 8 - 2); | ||
| 245 | + OptionLen = IP6_HDR_EXT_LEN (*Option) - sizeof (IP6_EXT_HDR); | ||
| 246 | Option++; | ||
| 247 | Offset++; | ||
| 248 | |||
| 249 | @@ -430,7 +484,7 @@ Ip6IsExtsValid ( | ||
| 250 | // | ||
| 251 | // Ignore the routing header and proceed to process the next header. | ||
| 252 | // | ||
| 253 | - Offset = Offset + (RoutingHead->HeaderLen + 1) * 8; | ||
| 254 | + Offset = Offset + IP6_HDR_EXT_LEN (RoutingHead->HeaderLen); | ||
| 255 | |||
| 256 | if (UnFragmentLen != NULL) { | ||
| 257 | *UnFragmentLen = Offset; | ||
| 258 | @@ -441,7 +495,7 @@ Ip6IsExtsValid ( | ||
| 259 | // to the packet's source address, pointing to the unrecognized routing | ||
| 260 | // type. | ||
| 261 | // | ||
| 262 | - Pointer = Offset + 2 + sizeof (EFI_IP6_HEADER); | ||
| 263 | + Pointer = Offset + sizeof (IP6_EXT_HDR) + sizeof (EFI_IP6_HEADER); | ||
| 264 | if ((IpSb != NULL) && (Packet != NULL) && | ||
| 265 | !IP6_IS_MULTICAST (&Packet->Ip.Ip6->DestinationAddress)) | ||
| 266 | { | ||
| 267 | @@ -527,7 +581,7 @@ Ip6IsExtsValid ( | ||
| 268 | // | ||
| 269 | // RFC2402, Payload length is specified in 32-bit words, minus "2". | ||
| 270 | // | ||
| 271 | - OptionLen = (UINT8)((*Option + 2) * 4); | ||
| 272 | + OptionLen = ((UINT16)(*Option + 2) * 4); | ||
| 273 | Offset = Offset + OptionLen; | ||
| 274 | break; | ||
| 275 | |||
| 276 | diff --git a/NetworkPkg/Ip6Dxe/Ip6Option.h b/NetworkPkg/Ip6Dxe/Ip6Option.h | ||
| 277 | index bd8e223c8a..fb07c28f5a 100644 | ||
| 278 | --- a/NetworkPkg/Ip6Dxe/Ip6Option.h | ||
| 279 | +++ b/NetworkPkg/Ip6Dxe/Ip6Option.h | ||
| 280 | @@ -12,6 +12,77 @@ | ||
| 281 | |||
| 282 | #define IP6_FRAGMENT_OFFSET_MASK (~0x3) | ||
| 283 | |||
| 284 | +// | ||
| 285 | +// For more information see RFC 8200, Section 4.3, 4.4, and 4.6 | ||
| 286 | +// | ||
| 287 | +// This example format is from section 4.6 | ||
| 288 | +// This does not apply to fragment headers | ||
| 289 | +// | ||
| 290 | +// +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | ||
| 291 | +// | Next Header | Hdr Ext Len | | | ||
| 292 | +// +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | ||
| 293 | +// | | | ||
| 294 | +// . . | ||
| 295 | +// . Header-Specific Data . | ||
| 296 | +// . . | ||
| 297 | +// | | | ||
| 298 | +// +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | ||
| 299 | +// | ||
| 300 | +// Next Header 8-bit selector. Identifies the type of | ||
| 301 | +// header immediately following the extension | ||
| 302 | +// header. Uses the same values as the IPv4 | ||
| 303 | +// Protocol field [IANA-PN]. | ||
| 304 | +// | ||
| 305 | +// Hdr Ext Len 8-bit unsigned integer. Length of the | ||
| 306 | +// Destination Options header in 8-octet units, | ||
| 307 | +// not including the first 8 octets. | ||
| 308 | + | ||
| 309 | +// | ||
| 310 | +// These defines apply to the following: | ||
| 311 | +// 1. Hop by Hop | ||
| 312 | +// 2. Routing | ||
| 313 | +// 3. Destination | ||
| 314 | +// | ||
| 315 | +typedef struct _IP6_EXT_HDR { | ||
| 316 | + /// | ||
| 317 | + /// The Next Header field identifies the type of header immediately | ||
| 318 | + /// | ||
| 319 | + UINT8 NextHeader; | ||
| 320 | + /// | ||
| 321 | + /// The Hdr Ext Len field specifies the length of the Hop-by-Hop Options | ||
| 322 | + /// | ||
| 323 | + UINT8 HdrExtLen; | ||
| 324 | + /// | ||
| 325 | + /// Header-Specific Data | ||
| 326 | + /// | ||
| 327 | +} IP6_EXT_HDR; | ||
| 328 | + | ||
| 329 | +STATIC_ASSERT ( | ||
| 330 | + sizeof (IP6_EXT_HDR) == 2, | ||
| 331 | + "The combined size of Next Header and Len is two 8 bit fields" | ||
| 332 | + ); | ||
| 333 | + | ||
| 334 | +// | ||
| 335 | +// IPv6 extension headers contain an 8-bit length field which describes the size of | ||
| 336 | +// the header. However, the length field only includes the size of the extension | ||
| 337 | +// header options, not the size of the first 8 bytes of the header. Therefore, in | ||
| 338 | +// order to calculate the full size of the extension header, we add 1 (to account | ||
| 339 | +// for the first 8 bytes omitted by the length field reporting) and then multiply | ||
| 340 | +// by 8 (since the size is represented in 8-byte units). | ||
| 341 | +// | ||
| 342 | +// a is the length field of the extension header (UINT8) | ||
| 343 | +// The result may be up to 2046 octets (UINT16) | ||
| 344 | +// | ||
| 345 | +#define IP6_HDR_EXT_LEN(a) (((UINT16)((UINT8)(a)) + 1) * 8) | ||
| 346 | + | ||
| 347 | +// This is the maxmimum length permissible by a extension header | ||
| 348 | +// Length is UINT8 of 8 octets not including the first 8 octets | ||
| 349 | +#define IP6_MAX_EXT_DATA_LENGTH (IP6_HDR_EXT_LEN (MAX_UINT8) - sizeof(IP6_EXT_HDR)) | ||
| 350 | +STATIC_ASSERT ( | ||
| 351 | + IP6_MAX_EXT_DATA_LENGTH == 2046, | ||
| 352 | + "Maximum data length is ((MAX_UINT8 + 1) * 8) - 2" | ||
| 353 | + ); | ||
| 354 | + | ||
| 355 | typedef struct _IP6_FRAGMENT_HEADER { | ||
| 356 | UINT8 NextHeader; | ||
| 357 | UINT8 Reserved; | ||
| 358 | -- | ||
| 359 | 2.40.0 | ||
| 360 | |||
diff --git a/meta/recipes-core/ovmf/ovmf/CVE-2023-45232-CVE-2023-45233-0002.patch b/meta/recipes-core/ovmf/ovmf/CVE-2023-45232-CVE-2023-45233-0002.patch new file mode 100644 index 0000000000..c6834a852e --- /dev/null +++ b/meta/recipes-core/ovmf/ovmf/CVE-2023-45232-CVE-2023-45233-0002.patch | |||
| @@ -0,0 +1,417 @@ | |||
| 1 | From c9c87f08dd6ace36fa843424522c3558a8374cac Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Doug Flick <dougflick@microsoft.com> | ||
| 3 | Date: Fri, 26 Jan 2024 05:54:51 +0800 | ||
| 4 | Subject: [PATCH] NetworkPkg: Ip6Dxe: SECURITY PATCH CVE-2023-45232 Unit Tests | ||
| 5 | |||
| 6 | REF:https://bugzilla.tianocore.org/show_bug.cgi?id=4537 | ||
| 7 | REF:https://bugzilla.tianocore.org/show_bug.cgi?id=4538 | ||
| 8 | |||
| 9 | Unit tests to confirm that.. | ||
| 10 | |||
| 11 | Infinite loop when parsing unknown options in the Destination Options | ||
| 12 | header | ||
| 13 | |||
| 14 | and | ||
| 15 | |||
| 16 | Infinite loop when parsing a PadN option in the Destination Options | ||
| 17 | header | ||
| 18 | |||
| 19 | ... have been patched | ||
| 20 | |||
| 21 | This patch tests the following functions: | ||
| 22 | Ip6IsOptionValid | ||
| 23 | |||
| 24 | Cc: Saloni Kasbekar <saloni.kasbekar@intel.com> | ||
| 25 | Cc: Zachary Clark-williams <zachary.clark-williams@intel.com> | ||
| 26 | |||
| 27 | Signed-off-by: Doug Flick [MSFT] <doug.edk2@gmail.com> | ||
| 28 | Reviewed-by: Saloni Kasbekar <saloni.kasbekar@intel.com> | ||
| 29 | |||
| 30 | CVE: CVE-2023-45232, CVE-2023-45233 | ||
| 31 | |||
| 32 | Upstream-Status: Backport [https://github.com/tianocore/edk2/commit/c9c87f08dd6ace36fa843424522c3558a8374cac] | ||
| 33 | |||
| 34 | Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com> | ||
| 35 | --- | ||
| 36 | .../Ip6Dxe/GoogleTest/Ip6DxeGoogleTest.inf | 10 +- | ||
| 37 | .../Ip6Dxe/GoogleTest/Ip6OptionGoogleTest.cpp | 278 ++++++++++++++++++ | ||
| 38 | .../Ip6Dxe/GoogleTest/Ip6OptionGoogleTest.h | 40 +++ | ||
| 39 | 3 files changed, 324 insertions(+), 4 deletions(-) | ||
| 40 | create mode 100644 NetworkPkg/Ip6Dxe/GoogleTest/Ip6OptionGoogleTest.h | ||
| 41 | |||
| 42 | diff --git a/NetworkPkg/Ip6Dxe/GoogleTest/Ip6DxeGoogleTest.inf b/NetworkPkg/Ip6Dxe/GoogleTest/Ip6DxeGoogleTest.inf | ||
| 43 | index 6e4de0745f..ba29dbabad 100644 | ||
| 44 | --- a/NetworkPkg/Ip6Dxe/GoogleTest/Ip6DxeGoogleTest.inf | ||
| 45 | +++ b/NetworkPkg/Ip6Dxe/GoogleTest/Ip6DxeGoogleTest.inf | ||
| 46 | @@ -1,13 +1,13 @@ | ||
| 47 | ## @file | ||
| 48 | -# Unit test suite for the Ip6Dxe using Google Test | ||
| 49 | +# Unit test suite for the Ip6DxeGoogleTest using Google Test | ||
| 50 | # | ||
| 51 | # Copyright (c) Microsoft Corporation.<BR> | ||
| 52 | # SPDX-License-Identifier: BSD-2-Clause-Patent | ||
| 53 | ## | ||
| 54 | [Defines] | ||
| 55 | INF_VERSION = 0x00010017 | ||
| 56 | - BASE_NAME = Ip6DxeUnitTest | ||
| 57 | - FILE_GUID = 4F05D17D-D3E7-4AAE-820C-576D46D2D34A | ||
| 58 | + BASE_NAME = Ip6DxeGoogleTest | ||
| 59 | + FILE_GUID = AE39981C-B7FE-41A8-A9C2-F41910477CA3 | ||
| 60 | VERSION_STRING = 1.0 | ||
| 61 | MODULE_TYPE = HOST_APPLICATION | ||
| 62 | # | ||
| 63 | @@ -16,9 +16,11 @@ | ||
| 64 | # VALID_ARCHITECTURES = IA32 X64 AARCH64 | ||
| 65 | # | ||
| 66 | [Sources] | ||
| 67 | + ../Ip6Option.c | ||
| 68 | + Ip6OptionGoogleTest.h | ||
| 69 | Ip6DxeGoogleTest.cpp | ||
| 70 | Ip6OptionGoogleTest.cpp | ||
| 71 | - ../Ip6Option.c | ||
| 72 | + Ip6OptionGoogleTest.h | ||
| 73 | |||
| 74 | [Packages] | ||
| 75 | MdePkg/MdePkg.dec | ||
| 76 | diff --git a/NetworkPkg/Ip6Dxe/GoogleTest/Ip6OptionGoogleTest.cpp b/NetworkPkg/Ip6Dxe/GoogleTest/Ip6OptionGoogleTest.cpp | ||
| 77 | index f2cd90e1a9..29f8a4a96e 100644 | ||
| 78 | --- a/NetworkPkg/Ip6Dxe/GoogleTest/Ip6OptionGoogleTest.cpp | ||
| 79 | +++ b/NetworkPkg/Ip6Dxe/GoogleTest/Ip6OptionGoogleTest.cpp | ||
| 80 | @@ -12,6 +12,7 @@ extern "C" { | ||
| 81 | #include <Library/DebugLib.h> | ||
| 82 | #include "../Ip6Impl.h" | ||
| 83 | #include "../Ip6Option.h" | ||
| 84 | + #include "Ip6OptionGoogleTest.h" | ||
| 85 | } | ||
| 86 | |||
| 87 | ///////////////////////////////////////////////////////////////////////// | ||
| 88 | @@ -127,3 +128,280 @@ TEST_F (Ip6OptionValidationTest, InvalidPrefixInfoOptionLengthShouldReturnFalse) | ||
| 89 | |||
| 90 | EXPECT_FALSE (Ip6IsNDOptionValid (option, optionLen)); | ||
| 91 | } | ||
| 92 | + | ||
| 93 | +//////////////////////////////////////////////////////////////////////// | ||
| 94 | +// Ip6IsOptionValid Tests | ||
| 95 | +//////////////////////////////////////////////////////////////////////// | ||
| 96 | + | ||
| 97 | +// Define a fixture for your tests if needed | ||
| 98 | +class Ip6IsOptionValidTest : public ::testing::Test { | ||
| 99 | +protected: | ||
| 100 | + // Add any setup code if needed | ||
| 101 | + virtual void | ||
| 102 | + SetUp ( | ||
| 103 | + ) | ||
| 104 | + { | ||
| 105 | + // Initialize any resources or variables | ||
| 106 | + } | ||
| 107 | + | ||
| 108 | + // Add any cleanup code if needed | ||
| 109 | + virtual void | ||
| 110 | + TearDown ( | ||
| 111 | + ) | ||
| 112 | + { | ||
| 113 | + // Clean up any resources or variables | ||
| 114 | + } | ||
| 115 | +}; | ||
| 116 | + | ||
| 117 | +// Test Description | ||
| 118 | +// Verify that a NULL option is Invalid | ||
| 119 | +TEST_F (Ip6IsOptionValidTest, NullOptionShouldReturnTrue) { | ||
| 120 | + NET_BUF Packet = { 0 }; | ||
| 121 | + // we need to define enough of the packet to make the function work | ||
| 122 | + // The function being tested will pass IpSb to Ip6SendIcmpError which is defined above | ||
| 123 | + IP6_SERVICE *IpSb = NULL; | ||
| 124 | + | ||
| 125 | + EFI_IPv6_ADDRESS SourceAddress = { 0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0x00, 0x00, 0x42, 0x83, 0x29 }; | ||
| 126 | + EFI_IPv6_ADDRESS DestinationAddress = { 0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0x00, 0x00, 0x42, 0x83, 0x29 }; | ||
| 127 | + EFI_IP6_HEADER Ip6Header = { 0 }; | ||
| 128 | + | ||
| 129 | + Ip6Header.SourceAddress = SourceAddress; | ||
| 130 | + Ip6Header.DestinationAddress = DestinationAddress; | ||
| 131 | + Packet.Ip.Ip6 = &Ip6Header; | ||
| 132 | + | ||
| 133 | + EXPECT_FALSE (Ip6IsOptionValid (IpSb, &Packet, NULL, 0, 0)); | ||
| 134 | +} | ||
| 135 | + | ||
| 136 | +// Test Description | ||
| 137 | +// Verify that an unknown option with a length of 0 and type of <unknown> does not cause an infinite loop | ||
| 138 | +TEST_F (Ip6IsOptionValidTest, VerifyNoInfiniteLoopOnUnknownOptionLength0) { | ||
| 139 | + NET_BUF Packet = { 0 }; | ||
| 140 | + // we need to define enough of the packet to make the function work | ||
| 141 | + // The function being tested will pass IpSb to Ip6SendIcmpError which is defined above | ||
| 142 | + UINT32 DeadCode = 0xDeadC0de; | ||
| 143 | + // Don't actually use this pointer, just pass it to the function, nothing will be done with it | ||
| 144 | + IP6_SERVICE *IpSb = (IP6_SERVICE *)&DeadCode; | ||
| 145 | + | ||
| 146 | + EFI_IPv6_ADDRESS SourceAddress = { 0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0x00, 0x00, 0x42, 0x83, 0x29 }; | ||
| 147 | + EFI_IPv6_ADDRESS DestinationAddress = { 0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0x00, 0x00, 0x42, 0x83, 0x29 }; | ||
| 148 | + EFI_IP6_HEADER Ip6Header = { 0 }; | ||
| 149 | + | ||
| 150 | + Ip6Header.SourceAddress = SourceAddress; | ||
| 151 | + Ip6Header.DestinationAddress = DestinationAddress; | ||
| 152 | + Packet.Ip.Ip6 = &Ip6Header; | ||
| 153 | + | ||
| 154 | + IP6_OPTION_HEADER optionHeader; | ||
| 155 | + | ||
| 156 | + optionHeader.Type = 23; // Unknown Option | ||
| 157 | + optionHeader.Length = 0; // This will cause an infinite loop if the function is not working correctly | ||
| 158 | + | ||
| 159 | + // This should be a valid option even though the length is 0 | ||
| 160 | + EXPECT_TRUE (Ip6IsOptionValid (IpSb, &Packet, (UINT8 *)&optionHeader, sizeof (optionHeader), 0)); | ||
| 161 | +} | ||
| 162 | + | ||
| 163 | +// Test Description | ||
| 164 | +// Verify that an unknown option with a length of 1 and type of <unknown> does not cause an infinite loop | ||
| 165 | +TEST_F (Ip6IsOptionValidTest, VerifyNoInfiniteLoopOnUnknownOptionLength1) { | ||
| 166 | + NET_BUF Packet = { 0 }; | ||
| 167 | + // we need to define enough of the packet to make the function work | ||
| 168 | + // The function being tested will pass IpSb to Ip6SendIcmpError which is defined above | ||
| 169 | + UINT32 DeadCode = 0xDeadC0de; | ||
| 170 | + // Don't actually use this pointer, just pass it to the function, nothing will be done with it | ||
| 171 | + IP6_SERVICE *IpSb = (IP6_SERVICE *)&DeadCode; | ||
| 172 | + | ||
| 173 | + EFI_IPv6_ADDRESS SourceAddress = { 0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0x00, 0x00, 0x42, 0x83, 0x29 }; | ||
| 174 | + EFI_IPv6_ADDRESS DestinationAddress = { 0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0x00, 0x00, 0x42, 0x83, 0x29 }; | ||
| 175 | + EFI_IP6_HEADER Ip6Header = { 0 }; | ||
| 176 | + | ||
| 177 | + Ip6Header.SourceAddress = SourceAddress; | ||
| 178 | + Ip6Header.DestinationAddress = DestinationAddress; | ||
| 179 | + Packet.Ip.Ip6 = &Ip6Header; | ||
| 180 | + | ||
| 181 | + IP6_OPTION_HEADER optionHeader; | ||
| 182 | + | ||
| 183 | + optionHeader.Type = 23; // Unknown Option | ||
| 184 | + optionHeader.Length = 1; // This will cause an infinite loop if the function is not working correctly | ||
| 185 | + | ||
| 186 | + EXPECT_TRUE (Ip6IsOptionValid (IpSb, &Packet, (UINT8 *)&optionHeader, sizeof (optionHeader), 0)); | ||
| 187 | +} | ||
| 188 | + | ||
| 189 | +// Test Description | ||
| 190 | +// Verify that an unknown option with a length of 2 and type of <unknown> does not cause an infinite loop | ||
| 191 | +TEST_F (Ip6IsOptionValidTest, VerifyIpSkipUnknownOption) { | ||
| 192 | + NET_BUF Packet = { 0 }; | ||
| 193 | + // we need to define enough of the packet to make the function work | ||
| 194 | + // The function being tested will pass IpSb to Ip6SendIcmpError which is defined above | ||
| 195 | + UINT32 DeadCode = 0xDeadC0de; | ||
| 196 | + // Don't actually use this pointer, just pass it to the function, nothing will be done with it | ||
| 197 | + IP6_SERVICE *IpSb = (IP6_SERVICE *)&DeadCode; | ||
| 198 | + | ||
| 199 | + EFI_IPv6_ADDRESS SourceAddress = { 0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0x00, 0x00, 0x42, 0x83, 0x29 }; | ||
| 200 | + EFI_IPv6_ADDRESS DestinationAddress = { 0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0x00, 0x00, 0x42, 0x83, 0x29 }; | ||
| 201 | + EFI_IP6_HEADER Ip6Header = { 0 }; | ||
| 202 | + | ||
| 203 | + Ip6Header.SourceAddress = SourceAddress; | ||
| 204 | + Ip6Header.DestinationAddress = DestinationAddress; | ||
| 205 | + Packet.Ip.Ip6 = &Ip6Header; | ||
| 206 | + | ||
| 207 | + IP6_OPTION_HEADER optionHeader; | ||
| 208 | + | ||
| 209 | + optionHeader.Type = 23; // Unknown Option | ||
| 210 | + optionHeader.Length = 2; // Valid length for an unknown option | ||
| 211 | + | ||
| 212 | + EXPECT_TRUE (Ip6IsOptionValid (IpSb, &Packet, (UINT8 *)&optionHeader, sizeof (optionHeader), 0)); | ||
| 213 | +} | ||
| 214 | + | ||
| 215 | +// Test Description | ||
| 216 | +// Verify that Ip6OptionPad1 is valid with a length of 0 | ||
| 217 | +TEST_F (Ip6IsOptionValidTest, VerifyIp6OptionPad1) { | ||
| 218 | + NET_BUF Packet = { 0 }; | ||
| 219 | + // we need to define enough of the packet to make the function work | ||
| 220 | + // The function being tested will pass IpSb to Ip6SendIcmpError which is defined above | ||
| 221 | + UINT32 DeadCode = 0xDeadC0de; | ||
| 222 | + // Don't actually use this pointer, just pass it to the function, nothing will be done with it | ||
| 223 | + IP6_SERVICE *IpSb = (IP6_SERVICE *)&DeadCode; | ||
| 224 | + | ||
| 225 | + EFI_IPv6_ADDRESS SourceAddress = { 0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0x00, 0x00, 0x42, 0x83, 0x29 }; | ||
| 226 | + EFI_IPv6_ADDRESS DestinationAddress = { 0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0x00, 0x00, 0x42, 0x83, 0x29 }; | ||
| 227 | + EFI_IP6_HEADER Ip6Header = { 0 }; | ||
| 228 | + | ||
| 229 | + Ip6Header.SourceAddress = SourceAddress; | ||
| 230 | + Ip6Header.DestinationAddress = DestinationAddress; | ||
| 231 | + Packet.Ip.Ip6 = &Ip6Header; | ||
| 232 | + | ||
| 233 | + IP6_OPTION_HEADER optionHeader; | ||
| 234 | + | ||
| 235 | + optionHeader.Type = Ip6OptionPad1; | ||
| 236 | + optionHeader.Length = 0; | ||
| 237 | + | ||
| 238 | + EXPECT_TRUE (Ip6IsOptionValid (IpSb, &Packet, (UINT8 *)&optionHeader, sizeof (optionHeader), 0)); | ||
| 239 | +} | ||
| 240 | + | ||
| 241 | +// Test Description | ||
| 242 | +// Verify that Ip6OptionPadN doesn't overflow with various lengths | ||
| 243 | +TEST_F (Ip6IsOptionValidTest, VerifyIp6OptionPadN) { | ||
| 244 | + NET_BUF Packet = { 0 }; | ||
| 245 | + // we need to define enough of the packet to make the function work | ||
| 246 | + // The function being tested will pass IpSb to Ip6SendIcmpError which is defined above | ||
| 247 | + UINT32 DeadCode = 0xDeadC0de; | ||
| 248 | + // Don't actually use this pointer, just pass it to the function, nothing will be done with it | ||
| 249 | + IP6_SERVICE *IpSb = (IP6_SERVICE *)&DeadCode; | ||
| 250 | + | ||
| 251 | + EFI_IPv6_ADDRESS SourceAddress = { 0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0x00, 0x00, 0x42, 0x83, 0x29 }; | ||
| 252 | + EFI_IPv6_ADDRESS DestinationAddress = { 0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0x00, 0x00, 0x42, 0x83, 0x29 }; | ||
| 253 | + EFI_IP6_HEADER Ip6Header = { 0 }; | ||
| 254 | + | ||
| 255 | + Ip6Header.SourceAddress = SourceAddress; | ||
| 256 | + Ip6Header.DestinationAddress = DestinationAddress; | ||
| 257 | + Packet.Ip.Ip6 = &Ip6Header; | ||
| 258 | + | ||
| 259 | + IP6_OPTION_HEADER optionHeader; | ||
| 260 | + | ||
| 261 | + optionHeader.Type = Ip6OptionPadN; | ||
| 262 | + optionHeader.Length = 0xFF; | ||
| 263 | + EXPECT_TRUE (Ip6IsOptionValid (IpSb, &Packet, (UINT8 *)&optionHeader, sizeof (optionHeader), 0)); | ||
| 264 | + | ||
| 265 | + optionHeader.Length = 0xFE; | ||
| 266 | + EXPECT_TRUE (Ip6IsOptionValid (IpSb, &Packet, (UINT8 *)&optionHeader, sizeof (optionHeader), 0)); | ||
| 267 | + | ||
| 268 | + optionHeader.Length = 0xFD; | ||
| 269 | + EXPECT_TRUE (Ip6IsOptionValid (IpSb, &Packet, (UINT8 *)&optionHeader, sizeof (optionHeader), 0)); | ||
| 270 | + | ||
| 271 | + optionHeader.Length = 0xFC; | ||
| 272 | + EXPECT_TRUE (Ip6IsOptionValid (IpSb, &Packet, (UINT8 *)&optionHeader, sizeof (optionHeader), 0)); | ||
| 273 | +} | ||
| 274 | + | ||
| 275 | +// Test Description | ||
| 276 | +// Verify an unknown option doesn't cause an infinite loop with various lengths | ||
| 277 | +TEST_F (Ip6IsOptionValidTest, VerifyNoInfiniteLoopOnUnknownOptionLengthAttemptOverflow) { | ||
| 278 | + NET_BUF Packet = { 0 }; | ||
| 279 | + // we need to define enough of the packet to make the function work | ||
| 280 | + // The function being tested will pass IpSb to Ip6SendIcmpError which is defined above | ||
| 281 | + UINT32 DeadCode = 0xDeadC0de; | ||
| 282 | + // Don't actually use this pointer, just pass it to the function, nothing will be done with it | ||
| 283 | + IP6_SERVICE *IpSb = (IP6_SERVICE *)&DeadCode; | ||
| 284 | + | ||
| 285 | + EFI_IPv6_ADDRESS SourceAddress = { 0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0x00, 0x00, 0x42, 0x83, 0x29 }; | ||
| 286 | + EFI_IPv6_ADDRESS DestinationAddress = { 0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0x00, 0x00, 0x42, 0x83, 0x29 }; | ||
| 287 | + EFI_IP6_HEADER Ip6Header = { 0 }; | ||
| 288 | + | ||
| 289 | + Ip6Header.SourceAddress = SourceAddress; | ||
| 290 | + Ip6Header.DestinationAddress = DestinationAddress; | ||
| 291 | + Packet.Ip.Ip6 = &Ip6Header; | ||
| 292 | + | ||
| 293 | + IP6_OPTION_HEADER optionHeader; | ||
| 294 | + | ||
| 295 | + optionHeader.Type = 23; // Unknown Option | ||
| 296 | + optionHeader.Length = 0xFF; | ||
| 297 | + EXPECT_TRUE (Ip6IsOptionValid (IpSb, &Packet, (UINT8 *)&optionHeader, sizeof (optionHeader), 0)); | ||
| 298 | + | ||
| 299 | + optionHeader.Length = 0xFE; | ||
| 300 | + EXPECT_TRUE (Ip6IsOptionValid (IpSb, &Packet, (UINT8 *)&optionHeader, sizeof (optionHeader), 0)); | ||
| 301 | + | ||
| 302 | + optionHeader.Length = 0xFD; | ||
| 303 | + EXPECT_TRUE (Ip6IsOptionValid (IpSb, &Packet, (UINT8 *)&optionHeader, sizeof (optionHeader), 0)); | ||
| 304 | + | ||
| 305 | + optionHeader.Length = 0xFC; | ||
| 306 | + EXPECT_TRUE (Ip6IsOptionValid (IpSb, &Packet, (UINT8 *)&optionHeader, sizeof (optionHeader), 0)); | ||
| 307 | +} | ||
| 308 | + | ||
| 309 | +// Test Description | ||
| 310 | +// Verify that the function supports multiple options | ||
| 311 | +TEST_F (Ip6IsOptionValidTest, MultiOptionSupport) { | ||
| 312 | + UINT16 HdrLen; | ||
| 313 | + NET_BUF Packet = { 0 }; | ||
| 314 | + // we need to define enough of the packet to make the function work | ||
| 315 | + // The function being tested will pass IpSb to Ip6SendIcmpError which is defined above | ||
| 316 | + UINT32 DeadCode = 0xDeadC0de; | ||
| 317 | + // Don't actually use this pointer, just pass it to the function, nothing will be done with it | ||
| 318 | + IP6_SERVICE *IpSb = (IP6_SERVICE *)&DeadCode; | ||
| 319 | + | ||
| 320 | + EFI_IPv6_ADDRESS SourceAddress = { 0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0x00, 0x00, 0x42, 0x83, 0x29 }; | ||
| 321 | + EFI_IPv6_ADDRESS DestinationAddress = { 0x20, 0x01, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0x00, 0x00, 0x42, 0x83, 0x29 }; | ||
| 322 | + EFI_IP6_HEADER Ip6Header = { 0 }; | ||
| 323 | + | ||
| 324 | + Ip6Header.SourceAddress = SourceAddress; | ||
| 325 | + Ip6Header.DestinationAddress = DestinationAddress; | ||
| 326 | + Packet.Ip.Ip6 = &Ip6Header; | ||
| 327 | + | ||
| 328 | + UINT8 ExtHdr[1024] = { 0 }; | ||
| 329 | + UINT8 *Cursor = ExtHdr; | ||
| 330 | + IP6_OPTION_HEADER *Option = (IP6_OPTION_HEADER *)ExtHdr; | ||
| 331 | + | ||
| 332 | + // Let's start chaining options | ||
| 333 | + | ||
| 334 | + Option->Type = 23; // Unknown Option | ||
| 335 | + Option->Length = 0xFC; | ||
| 336 | + | ||
| 337 | + Cursor += sizeof (IP6_OPTION_HEADER) + 0xFC; | ||
| 338 | + | ||
| 339 | + Option = (IP6_OPTION_HEADER *)Cursor; | ||
| 340 | + Option->Type = Ip6OptionPad1; | ||
| 341 | + | ||
| 342 | + Cursor += sizeof (1); | ||
| 343 | + | ||
| 344 | + // Type and length aren't processed, instead it just moves the pointer forward by 4 bytes | ||
| 345 | + Option = (IP6_OPTION_HEADER *)Cursor; | ||
| 346 | + Option->Type = Ip6OptionRouterAlert; | ||
| 347 | + Option->Length = 4; | ||
| 348 | + | ||
| 349 | + Cursor += sizeof (IP6_OPTION_HEADER) + 4; | ||
| 350 | + | ||
| 351 | + Option = (IP6_OPTION_HEADER *)Cursor; | ||
| 352 | + Option->Type = Ip6OptionPadN; | ||
| 353 | + Option->Length = 0xFC; | ||
| 354 | + | ||
| 355 | + Cursor += sizeof (IP6_OPTION_HEADER) + 0xFC; | ||
| 356 | + | ||
| 357 | + Option = (IP6_OPTION_HEADER *)Cursor; | ||
| 358 | + Option->Type = Ip6OptionRouterAlert; | ||
| 359 | + Option->Length = 4; | ||
| 360 | + | ||
| 361 | + Cursor += sizeof (IP6_OPTION_HEADER) + 4; | ||
| 362 | + | ||
| 363 | + // Total 524 | ||
| 364 | + | ||
| 365 | + HdrLen = (UINT16)(Cursor - ExtHdr); | ||
| 366 | + | ||
| 367 | + EXPECT_TRUE (Ip6IsOptionValid (IpSb, &Packet, ExtHdr, HdrLen, 0)); | ||
| 368 | +} | ||
| 369 | diff --git a/NetworkPkg/Ip6Dxe/GoogleTest/Ip6OptionGoogleTest.h b/NetworkPkg/Ip6Dxe/GoogleTest/Ip6OptionGoogleTest.h | ||
| 370 | new file mode 100644 | ||
| 371 | index 0000000000..0509b6ae30 | ||
| 372 | --- /dev/null | ||
| 373 | +++ b/NetworkPkg/Ip6Dxe/GoogleTest/Ip6OptionGoogleTest.h | ||
| 374 | @@ -0,0 +1,40 @@ | ||
| 375 | +/** @file | ||
| 376 | + Exposes the functions needed to test the Ip6Option module. | ||
| 377 | + | ||
| 378 | + Copyright (c) Microsoft Corporation | ||
| 379 | + SPDX-License-Identifier: BSD-2-Clause-Patent | ||
| 380 | +**/ | ||
| 381 | + | ||
| 382 | +#ifndef IP6_OPTION_HEADER_GOOGLE_TEST_H_ | ||
| 383 | +#define IP6_OPTION_HEADER_GOOGLE_TEST_H_ | ||
| 384 | + | ||
| 385 | +#include <Uefi.h> | ||
| 386 | +#include "../Ip6Impl.h" | ||
| 387 | + | ||
| 388 | +/** | ||
| 389 | + Validate the IP6 option format for both the packets we received | ||
| 390 | + and that we will transmit. It will compute the ICMPv6 error message fields | ||
| 391 | + if the option is malformatted. | ||
| 392 | + | ||
| 393 | + @param[in] IpSb The IP6 service data. | ||
| 394 | + @param[in] Packet The to be validated packet. | ||
| 395 | + @param[in] Option The first byte of the option. | ||
| 396 | + @param[in] OptionLen The length of the whole option. | ||
| 397 | + @param[in] Pointer Identifies the octet offset within | ||
| 398 | + the invoking packet where the error was detected. | ||
| 399 | + | ||
| 400 | + | ||
| 401 | + @retval TRUE The option is properly formatted. | ||
| 402 | + @retval FALSE The option is malformatted. | ||
| 403 | + | ||
| 404 | +**/ | ||
| 405 | +BOOLEAN | ||
| 406 | +Ip6IsOptionValid ( | ||
| 407 | + IN IP6_SERVICE *IpSb, | ||
| 408 | + IN NET_BUF *Packet, | ||
| 409 | + IN UINT8 *Option, | ||
| 410 | + IN UINT16 OptionLen, | ||
| 411 | + IN UINT32 Pointer | ||
| 412 | + ); | ||
| 413 | + | ||
| 414 | +#endif // __IP6_OPTION_HEADER_GOOGLE_TEST_H__ | ||
| 415 | -- | ||
| 416 | 2.40.0 | ||
| 417 | |||
diff --git a/meta/recipes-core/ovmf/ovmf_git.bb b/meta/recipes-core/ovmf/ovmf_git.bb index e46b3ddebe..fc87cdf441 100644 --- a/meta/recipes-core/ovmf/ovmf_git.bb +++ b/meta/recipes-core/ovmf/ovmf_git.bb | |||
| @@ -37,6 +37,8 @@ SRC_URI = "gitsm://github.com/tianocore/edk2.git;branch=master;protocol=https \ | |||
| 37 | file://CVE-2023-45230-0002.patch \ | 37 | file://CVE-2023-45230-0002.patch \ |
| 38 | file://CVE-2023-45231-0001.patch \ | 38 | file://CVE-2023-45231-0001.patch \ |
| 39 | file://CVE-2023-45231-0002.patch \ | 39 | file://CVE-2023-45231-0002.patch \ |
| 40 | file://CVE-2023-45232-CVE-2023-45233-0001.patch \ | ||
| 41 | file://CVE-2023-45232-CVE-2023-45233-0002.patch \ | ||
| 40 | " | 42 | " |
| 41 | 43 | ||
| 42 | PV = "edk2-stable202202" | 44 | PV = "edk2-stable202202" |
