tyler.durden
/
audk
mirror of https://github.com/acidanthera/audk.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
audk/NetworkPkg
History
Laszlo Ersek 47b76780b4 NetworkPkg/IScsiDxe: fix IScsiHexToBin() hex parsing 
The IScsiHexToBin() function has the following parser issues:

(1) If the *subject sequence* in "HexStr" is empty, the function returns
    EFI_SUCCESS (with "BinLength" set to 0 on output). Such inputs should
    be rejected.

(2) The function mis-handles a "HexStr" that ends with a stray nibble. For
    example, if "HexStr" is "0xABC", the function decodes it to the bytes
    {0xAB, 0x0C}, sets "BinLength" to 2 on output, and returns
    EFI_SUCCESS. Such inputs should be rejected.

(3) If an invalid hex char is found in "HexStr", the function treats it as
    end-of-hex-string, and returns EFI_SUCCESS. Such inputs should be
    rejected.

All of the above cases are remotely triggerable, as shown in a subsequent
patch, which adds error checking to the IScsiHexToBin() call sites. While
the initiator is not immediately compromised, incorrectly parsing CHAP_R
from the target, in case of mutual authentication, is not great.

Extend the interface contract of IScsiHexToBin() with
EFI_INVALID_PARAMETER, for reporting issues (1) through (3), and implement
the new checks.

Cc: Jiaxin Wu <jiaxin.wu@intel.com>
Cc: Maciej Rabeda <maciej.rabeda@linux.intel.com>
Cc: Philippe Mathieu-Daudé <philmd@redhat.com>
Cc: Siyuan Fu <siyuan.fu@intel.com>
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=3356
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Maciej Rabeda <maciej.rabeda@linux.intel.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20210608121259.32451-9-lersek@redhat.com>
 		2021-06-09 17:25:03 +00:00
..
Application/VConfig NetworkPkg: Move Network library header file from MdeModulePkg to NetworkPkg 2019-05-27 09:25:18 +08:00
ArpDxe NetworkPkg/ArpDxe: Recycle invalid ARP packets (CVE-2019-14559) 2020-02-21 03:01:57 +00:00
Dhcp4Dxe NetworkPkg/Dhcp4Dxe: Fix various typos 2020-02-10 22:30:07 +00:00
Dhcp6Dxe NetworkPkg/Dhcp6Dxe: Fix various typos 2020-02-10 22:30:07 +00:00
DnsDxe NetworkPkg/DnsDxe: cosmetic fixups 2021-01-05 14:37:21 +00:00
DpcDxe NetworkPkg/DpcDxe: Fix few typos 2020-02-10 22:30:07 +00:00
HttpBootDxe NetworkPkg/DxeHttpLib: Migrate HTTP header manipulation APIs 2021-01-14 14:54:12 +00:00
HttpDxe NetworkPkg/HttpDxe: TlsChildHandle is not cleared when reset 2020-10-09 09:38:13 +00:00
HttpUtilitiesDxe NetworkPkg: Remove unnecessary MdeModulePkg/MdeModulePkg.dec dependency in INF 2019-10-08 09:20:34 +08:00
IScsiDxe NetworkPkg/IScsiDxe: fix IScsiHexToBin() hex parsing 2021-06-09 17:25:03 +00:00
Include NetworkPkg/DxeHttpLib: Migrate HTTP header manipulation APIs 2021-01-14 14:54:12 +00:00
Ip4Dxe NetworkPkg/Ip4Dxe: Check the received package length (CVE-2019-14559). 2020-02-19 10:13:42 +00:00
Ip6Dxe NetworkPkg/Ip6Dxe: Validate source data record length 2020-04-17 17:34:33 +00:00
Library DxeHttpIoLib: Http boot failure with no initializes timeout value. 2021-01-20 12:33:38 +00:00
MnpDxe NetworkPkg/MnpDxe: Fix various typos 2020-02-10 22:30:07 +00:00
Mtftp4Dxe NetworkPkg/Mtftp4Dxe: Fix various typos 2020-02-10 22:30:07 +00:00
Mtftp6Dxe NetworkPkg/Mtftp6Dxe: Fix various typos 2020-02-10 22:30:07 +00:00
SnpDxe NetworkPkg/SnpDxe: Prevent invalid PCI BAR access 2020-04-17 17:34:33 +00:00
TcpDxe NetworkPkg/TcpDxe/Tcp: Fix various typos 2020-02-10 22:30:07 +00:00
TlsAuthConfigDxe NetworkPkg/TlsAuthConfigDxe: Use HiiPopUp() instead of CreatePopUp() 2020-04-17 17:34:33 +00:00
TlsDxe NetworkPkg/Tls: Fix few typos 2020-02-10 22:30:07 +00:00
Udp4Dxe NetworkPkg/Udp4Dxe: Fix various typos 2020-02-10 22:30:07 +00:00
Udp6Dxe NetworkPkg/Udp6Dxe: Fix various typos 2020-02-10 22:30:07 +00:00
UefiPxeBcDxe NetworkPkg/UefiPxeBcDxe: handle competing DHCP servers (more) gracefully 2020-04-01 14:12:09 +00:00
VlanConfigDxe NetworkPkg/VlanConfigDxe: Fix few typos 2020-02-10 22:30:07 +00:00
WifiConnectionManagerDxe NetworkPkg: add missing newline at end of file 2019-10-04 11:18:22 +01:00
Network.dsc.inc NetworkPkg: Enable MD5 while enable iSCSI 2020-11-17 19:26:50 +00:00
Network.fdf.inc NetworkPkg: Add NETWORK_HTTP_ENABLE macro 2020-12-03 17:08:11 +00:00
NetworkBuildOptions.dsc.inc NetworkPkg: Enable MD5 while enable iSCSI 2020-11-17 19:26:50 +00:00
NetworkComponents.dsc.inc NetworkPkg: Add NETWORK_HTTP_ENABLE macro 2020-12-03 17:08:11 +00:00
NetworkDefines.dsc.inc NetworkPkg: Add NETWORK_HTTP_ENABLE macro 2020-12-03 17:08:11 +00:00
NetworkLibs.dsc.inc NetworkPkg: Add Http IO Helper Library to NetworkPkg 2020-12-04 11:45:07 +00:00
NetworkPcds.dsc.inc NetworkPkg: Add DSC/FDF include segment files to NetworkPkg. 2019-05-08 16:10:39 +08:00
NetworkPkg.ci.yaml NetworkPkg: Add NETWORK_HTTP_ENABLE macro 2020-12-03 17:08:11 +00:00
NetworkPkg.dec DxeHttpIoLib: Http boot failure with no initializes timeout value. 2021-01-20 12:33:38 +00:00
NetworkPkg.dsc NetworkPkg: Consume MdeLibs.dsc.inc for RegisterFilterLib 2021-03-31 05:47:10 +00:00
NetworkPkg.uni NetworkPkg/NetworkPkg.uni: Add missing strings for PCD 2019-12-04 05:05:57 +00:00
NetworkPkgExtra.uni NetworkPkg: Replace BSD License with BSD+Patent License 2019-04-09 10:58:15 -07:00