tyler.durden/audk
1
0
Fork 0
mirror of https://github.com/acidanthera/audk.git synced 2025-07-21 20:54:29 +02:00
Code Issues Packages Projects Releases Wiki Activity

NetworkPkg: Ip6Dxe: SECURITY PATCH CVE-2023-45231 Unit Tests

Browse Source 
REF:https://bugzilla.tianocore.org/show_bug.cgi?id=4536

Validates that the patch for...

Out-of-bounds read when handling a ND Redirect message with truncated
options

.. has been fixed

Tests the following function to ensure that an out of bounds read does
not occur
Ip6OptionValidation

Cc: Saloni Kasbekar <saloni.kasbekar@intel.com>
Cc: Zachary Clark-williams <zachary.clark-williams@intel.com>

Signed-off-by: Doug Flick [MSFT] <doug.edk2@gmail.com>
Reviewed-by: Saloni Kasbekar <saloni.kasbekar@intel.com>
This commit is contained in:
Doug Flick 2024-01-26 05:54:49 +08:00 committed by mergify[bot]
parent bbfee34f41
commit 6f77463d72
4 changed files with 192 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
NetworkPkg/Ip6Dxe/GoogleTest/Ip6DxeGoogleTest.cpp Normal file
View File

@ -0,0 +1,20 @@
/** @file
Acts as the main entry point for the tests for the Ip6Dxe module.
Copyright (c) Microsoft Corporation
SPDX-License-Identifier: BSD-2-Clause-Patent
**/
#include <gtest/gtest.h>
////////////////////////////////////////////////////////////////////////////////
// Run the tests
////////////////////////////////////////////////////////////////////////////////
int
main (
int argc,
char *argv[]
)
{
testing::InitGoogleTest (&argc, argv);
return RUN_ALL_TESTS ();
}

42
NetworkPkg/Ip6Dxe/GoogleTest/Ip6DxeGoogleTest.inf Normal file
View File

@ -0,0 +1,42 @@
## @file
# Unit test suite for the Ip6Dxe using Google Test
#
# Copyright (c) Microsoft Corporation.<BR>
# SPDX-License-Identifier: BSD-2-Clause-Patent
##
[Defines]
INF_VERSION = 0x00010017
BASE_NAME = Ip6DxeUnitTest
FILE_GUID = 4F05D17D-D3E7-4AAE-820C-576D46D2D34A
VERSION_STRING = 1.0
MODULE_TYPE = HOST_APPLICATION
#
# The following information is for reference only and not required by the build tools.
#
# VALID_ARCHITECTURES = IA32 X64 AARCH64
#
[Sources]
Ip6DxeGoogleTest.cpp
Ip6OptionGoogleTest.cpp
../Ip6Option.c
[Packages]
MdePkg/MdePkg.dec
MdeModulePkg/MdeModulePkg.dec
UnitTestFrameworkPkg/UnitTestFrameworkPkg.dec
NetworkPkg/NetworkPkg.dec
[LibraryClasses]
GoogleTestLib
DebugLib
NetLib
PcdLib
[Protocols]
gEfiDhcp6ServiceBindingProtocolGuid
[Pcd]
gEfiNetworkPkgTokenSpaceGuid.PcdDhcp6UidType
[Guids]
gZeroGuid

129
NetworkPkg/Ip6Dxe/GoogleTest/Ip6OptionGoogleTest.cpp Normal file
View File

@ -0,0 +1,129 @@
/** @file
Tests for Ip6Option.c.
Copyright (c) Microsoft Corporation
SPDX-License-Identifier: BSD-2-Clause-Patent
**/
#include <gtest/gtest.h>
extern "C" {
#include <Uefi.h>
#include <Library/BaseLib.h>
#include <Library/DebugLib.h>
#include "../Ip6Impl.h"
#include "../Ip6Option.h"
}
/////////////////////////////////////////////////////////////////////////
// Defines
///////////////////////////////////////////////////////////////////////
#define IP6_PREFIX_INFO_OPTION_DATA_LEN 32
#define OPTION_HEADER_IP6_PREFIX_DATA_LEN (sizeof (IP6_OPTION_HEADER) + IP6_PREFIX_INFO_OPTION_DATA_LEN)
////////////////////////////////////////////////////////////////////////
// Symbol Definitions
// These functions are not directly under test - but required to compile
////////////////////////////////////////////////////////////////////////
UINT32 mIp6Id;
EFI_STATUS
Ip6SendIcmpError (
IN IP6_SERVICE *IpSb,
IN NET_BUF *Packet,
IN EFI_IPv6_ADDRESS *SourceAddress OPTIONAL,
IN EFI_IPv6_ADDRESS *DestinationAddress,
IN UINT8 Type,
IN UINT8 Code,
IN UINT32 *Pointer OPTIONAL
)
{
// ..
return EFI_SUCCESS;
}
////////////////////////////////////////////////////////////////////////
// Ip6OptionValidation Tests
////////////////////////////////////////////////////////////////////////
// Define a fixture for your tests if needed
class Ip6OptionValidationTest : public ::testing::Test {
protected:
// Add any setup code if needed
virtual void
SetUp (
)
{
// Initialize any resources or variables
}
// Add any cleanup code if needed
virtual void
TearDown (
)
{
// Clean up any resources or variables
}
};
// Test Description:
// Null option should return false
TEST_F (Ip6OptionValidationTest, NullOptionShouldReturnFalse) {
UINT8 *option = nullptr;
UINT16 optionLen = 10; // Provide a suitable length
EXPECT_FALSE (Ip6IsNDOptionValid (option, optionLen));
}
// Test Description:
// Truncated option should return false
TEST_F (Ip6OptionValidationTest, TruncatedOptionShouldReturnFalse) {
UINT8 option[] = { 0x01 }; // Provide a truncated option
UINT16 optionLen = 1;
EXPECT_FALSE (Ip6IsNDOptionValid (option, optionLen));
}
// Test Description:
// Ip6OptionPrefixInfo Option with zero length should return false
TEST_F (Ip6OptionValidationTest, OptionWithZeroLengthShouldReturnFalse) {
IP6_OPTION_HEADER optionHeader;
optionHeader.Type = Ip6OptionPrefixInfo;
optionHeader.Length = 0;
UINT8 option[sizeof (IP6_OPTION_HEADER)];
CopyMem (option, &optionHeader, sizeof (IP6_OPTION_HEADER));
UINT16 optionLen = sizeof (IP6_OPTION_HEADER);
EXPECT_FALSE (Ip6IsNDOptionValid (option, optionLen));
}
// Test Description:
// Ip6OptionPrefixInfo Option with valid length should return true
TEST_F (Ip6OptionValidationTest, ValidPrefixInfoOptionShouldReturnTrue) {
IP6_OPTION_HEADER optionHeader;
optionHeader.Type = Ip6OptionPrefixInfo;
optionHeader.Length = 4; // Length 4 * 8 = 32
UINT8 option[OPTION_HEADER_IP6_PREFIX_DATA_LEN];
CopyMem (option, &optionHeader, sizeof (IP6_OPTION_HEADER));
EXPECT_TRUE (Ip6IsNDOptionValid (option, IP6_PREFIX_INFO_OPTION_DATA_LEN));
}
// Test Description:
// Ip6OptionPrefixInfo Option with invalid length should return false
TEST_F (Ip6OptionValidationTest, InvalidPrefixInfoOptionLengthShouldReturnFalse) {
IP6_OPTION_HEADER optionHeader;
optionHeader.Type = Ip6OptionPrefixInfo;
optionHeader.Length = 3; // Length 3 * 8 = 24 (Invalid)
UINT8 option[sizeof (IP6_OPTION_HEADER)];
CopyMem (option, &optionHeader, sizeof (IP6_OPTION_HEADER));
UINT16 optionLen = sizeof (IP6_OPTION_HEADER);
EXPECT_FALSE (Ip6IsNDOptionValid (option, optionLen));
}

1
NetworkPkg/Test/NetworkPkgHostTest.dsc
View File

@ -26,6 +26,7 @@
# Build HOST_APPLICATION that tests NetworkPkg # Build HOST_APPLICATION that tests NetworkPkg
# #
NetworkPkg/Dhcp6Dxe/GoogleTest/Dhcp6DxeGoogleTest.inf NetworkPkg/Dhcp6Dxe/GoogleTest/Dhcp6DxeGoogleTest.inf
NetworkPkg/Ip6Dxe/GoogleTest/Ip6DxeGoogleTest.inf
# Despite these library classes being listed in [LibraryClasses] below, they are not needed for the host-based unit tests. # Despite these library classes being listed in [LibraryClasses] below, they are not needed for the host-based unit tests.
[LibraryClasses] [LibraryClasses]