tyler.durden
/
audk
mirror of https://github.com/acidanthera/audk.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

NetworkPkg/Dhcp6Dxe: Fix sanitizer issues 

* EFI_DHCP6_DUID structure declares Duid[1], so the size
  of that structure is not large enough to hold an entire
  Duid. Instead, compute the correct size to allocate an
  EFI_DHCP6_DUID structure.
* Dhcp6AppendOption() takes a length parameter that in
  network order. Update test cases to make sure a network
  order length is passed in. A value of 0x0004 was being
  passed in and was then converted to 0x0400 length and
  buffer overflow was detected.

Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com>
This commit is contained in:
Michael D Kinney 2024-10-23 18:51:22 -07:00 committed by mergify[bot]
parent 171335e34e
commit 599c8309a5
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
NetworkPkg/Dhcp6Dxe/GoogleTest/Dhcp6IoGoogleTest.cpp
View File

@ -161,7 +161,7 @@ TEST_F (Dhcp6AppendOptionTest, ValidDataExpectSuccess) {
Packet->Length = sizeof (EFI_DHCP6_HEADER);
OriginalLength = Packet->Length;
UntrustedDuid = (EFI_DHCP6_DUID *)AllocateZeroPool (sizeof (EFI_DHCP6_DUID));
UntrustedDuid = (EFI_DHCP6_DUID *)AllocateZeroPool (OFFSET_OF (EFI_DHCP6_DUID, Duid) + sizeof (Duid));
ASSERT_NE (UntrustedDuid, (EFI_DHCP6_DUID *)NULL);
UntrustedDuid->Length = NTOHS (sizeof (Duid));
@ -763,7 +763,7 @@ TEST_F (Dhcp6SeekStsOptionTest, SeekIATAOptionExpectFail) {
Dhcp6SeekStsOptionTest::Packet,
&Option,
Dhcp6OptStatusCode,
SearchPatternLength,
HTONS (SearchPatternLength),
(UINT8 *)&SearchPattern
);
ASSERT_EQ (Status, EFI_SUCCESS);
@ -815,7 +815,7 @@ TEST_F (Dhcp6SeekStsOptionTest, SeekIANAOptionExpectSuccess) {
Dhcp6SeekStsOptionTest::Packet,
&Option,
Dhcp6OptStatusCode,
SearchPatternLength,
HTONS (SearchPatternLength),
(UINT8 *)&SearchPattern
);
ASSERT_EQ (Status, EFI_SUCCESS);