This patch updates the PxeBcDhcp6GoogleTest due to the changes in the
underlying code. The changes are as follows:
- Random now comes from the RngLib Protocol
- The TCP ISN is now generated by the hash function
Cc: Saloni Kasbekar <saloni.kasbekar@intel.com>
Cc: Zachary Clark-williams <zachary.clark-williams@intel.com>
Signed-off-by: Doug Flick [MSFT] <doug.edk2@gmail.com>
Reviewed-by: Saloni Kasbekar <saloni.kasbekar@intel.com>
REF:https://bugzilla.tianocore.org/show_bug.cgi?id=4540
Unit tests to confirm that the bug..
Buffer overflow when handling Server ID option from a DHCPv6 proxy
Advertise message
..has been patched.
This patch contains unit tests for the following functions:
PxeBcRequestBootService
PxeBcDhcp6Discover
Cc: Saloni Kasbekar <saloni.kasbekar@intel.com>
Cc: Zachary Clark-williams <zachary.clark-williams@intel.com>
Signed-off-by: Doug Flick [MSFT] <doug.edk2@gmail.com>
Reviewed-by: Saloni Kasbekar <saloni.kasbekar@intel.com>
REF:https://bugzilla.tianocore.org/show_bug.cgi?id=4539
Unit tests to that the bug..
Buffer overflow when processing DNS Servers option in a DHCPv6 Advertise
message
..has been patched
This contains tests for the following functions:
PxeBcHandleDhcp6Offer
PxeBcCacheDnsServerAddresses
Cc: Saloni Kasbekar <saloni.kasbekar@intel.com>
Cc: Zachary Clark-williams <zachary.clark-williams@intel.com>
Signed-off-by: Doug Flick [MSFT] <doug.edk2@gmail.com>
Reviewed-by: Saloni Kasbekar <saloni.kasbekar@intel.com>
REF:https://bugzilla.tianocore.org/show_bug.cgi?id=4536
Validates that the patch for...
Out-of-bounds read when handling a ND Redirect message with truncated
options
.. has been fixed
Tests the following function to ensure that an out of bounds read does
not occur
Ip6OptionValidation
Cc: Saloni Kasbekar <saloni.kasbekar@intel.com>
Cc: Zachary Clark-williams <zachary.clark-williams@intel.com>
Signed-off-by: Doug Flick [MSFT] <doug.edk2@gmail.com>
Reviewed-by: Saloni Kasbekar <saloni.kasbekar@intel.com>
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4534
These tests confirm that the report bug...
"Out-of-bounds read when processing IA_NA/IA_TA options in a
DHCPv6 Advertise message"
..has been patched.
The following functions are tested to confirm an out of bounds read is
patched and that the correct statuses are returned:
Dhcp6SeekInnerOptionSafe
Dhcp6SeekStsOption
TCBZ4534
CVE-2023-45229
CVSS 6.5 : CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE-125 Out-of-bounds Read
Cc: Saloni Kasbekar <saloni.kasbekar@intel.com>
Cc: Zachary Clark-williams <zachary.clark-williams@intel.com>
Signed-off-by: Doug Flick [MSFT] <doug.edk2@gmail.com>
Reviewed-by: Saloni Kasbekar <saloni.kasbekar@intel.com>
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4535
Confirms that reported issue...
"Buffer overflow in the DHCPv6 client via a long Server ID option"
..has been corrected by the provided patch.
Tests the following functions to ensure they appropriately handle
untrusted data (either too long or too small) to prevent a buffer
overflow:
Dhcp6AppendOption
Dhcp6AppendETOption
Dhcp6AppendIaOption
Cc: Saloni Kasbekar <saloni.kasbekar@intel.com>
Cc: Zachary Clark-williams <zachary.clark-williams@intel.com>
Signed-off-by: Doug Flick [MSFT] <doug.edk2@gmail.com>
Reviewed-by: Saloni Kasbekar <saloni.kasbekar@intel.com>