- NetworkPkg: : Add Unit tests to CI and create Host Test

DSC
- NetworkPkg: Dhcp6Dxe: SECURITY PATCH CVE-2023-45230
 Patch
- NetworkPkg: Dhcp6Dxe: SECURITY PATCH CVE-2023-45230
 Unit Tests
- NetworkPkg: UefiPxeBcDxe: SECURITY PATCH CVE-2023-45234
 Patch
- NetworkPkg: UefiPxeBcDxe: SECURITY PATCH CVE-2023-45234
 Unit Tests

SOURCES/edk2-NetworkPkg-Add-Unit-tests-to-CI-and-create-Host-Test.patch

@@ -0,0 +1,169 @@
+From aa66757951e9880df4e21e191142400480aa3908 Mon Sep 17 00:00:00 2001
+From: Jon Maloy <jmaloy@redhat.com>
+Date: Thu, 8 Feb 2024 10:35:14 -0500
+Subject: [PATCH 15/17] NetworkPkg: : Add Unit tests to CI and create Host Test
+ DSC
+
+RH-Author: Jon Maloy <jmaloy@redhat.com>
+RH-MergeRequest: 50: CVE-2023-45230 and CVE-2023-45229
+RH-Jira: RHEL-21840 RHEL-21842
+RH-Acked-by: Oliver Steffen <osteffen@redhat.com>
+RH-Commit: [2/4] 6669306e2dbb5aa3e7691d57f4a61685b7cd57b2 (jmaloy/jons_fork)
+
+JIRA: https://issues.redhat.com/browse/RHEL-21842
+CVE: CVE-2023-45230
+Upstream: Merged
+
+commit 8014ac2d7bbbc503f5562b51af46bb20ae3d22ff
+Author: Doug Flick via groups.io <dougflick=microsoft.com@groups.io>
+Date:   Fri Jan 26 05:54:44 2024 +0800
+
+    NetworkPkg: : Add Unit tests to CI and create Host Test DSC
+
+    Adds Host Based testing to the NetworkPkg
+
+    Cc: Saloni Kasbekar <saloni.kasbekar@intel.com>
+    Cc: Zachary Clark-williams <zachary.clark-williams@intel.com>
+
+    Signed-off-by: Doug Flick [MSFT] <doug.edk2@gmail.com>
+    Reviewed-by: Saloni Kasbekar <saloni.kasbekar@intel.com>
+
+Signed-off-by: Jon Maloy <jmaloy@redhat.com>
+---
+ NetworkPkg/NetworkPkg.ci.yaml          |  7 +-
+ NetworkPkg/Test/NetworkPkgHostTest.dsc | 98 ++++++++++++++++++++++++++
+ 2 files changed, 104 insertions(+), 1 deletion(-)
+ create mode 100644 NetworkPkg/Test/NetworkPkgHostTest.dsc
+
+diff --git a/NetworkPkg/NetworkPkg.ci.yaml b/NetworkPkg/NetworkPkg.ci.yaml
+index 07dc7abd69..076424eb60 100644
+--- a/NetworkPkg/NetworkPkg.ci.yaml
++++ b/NetworkPkg/NetworkPkg.ci.yaml
+@@ -24,6 +24,9 @@
+     "CompilerPlugin": {
+         "DscPath": "NetworkPkg.dsc"
+     },
++    "HostUnitTestCompilerPlugin": {
++        "DscPath": "Test/NetworkPkgHostTest.dsc"
++    },
+     "CharEncodingCheck": {
+         "IgnoreFiles": []
+     },
+@@ -35,7 +38,9 @@
+             "CryptoPkg/CryptoPkg.dec"
+         ],
+         # For host based unit tests
+-        "AcceptableDependencies-HOST_APPLICATION":[],
++        "AcceptableDependencies-HOST_APPLICATION":[
++            UnitTestFrameworkPkg/UnitTestFrameworkPkg.dec
++        ],
+         # For UEFI shell based apps
+         "AcceptableDependencies-UEFI_APPLICATION":[
+             "ShellPkg/ShellPkg.dec"
+diff --git a/NetworkPkg/Test/NetworkPkgHostTest.dsc b/NetworkPkg/Test/NetworkPkgHostTest.dsc
+new file mode 100644
+index 0000000000..1aeca5c5b3
+--- /dev/null
++++ b/NetworkPkg/Test/NetworkPkgHostTest.dsc
+@@ -0,0 +1,98 @@
++## @file
++# NetworkPkgHostTest DSC file used to build host-based unit tests.
++#
++# Copyright (c) Microsoft Corporation.<BR>
++# SPDX-License-Identifier: BSD-2-Clause-Patent
++#
++##
++[Defines]
++  PLATFORM_NAME           = NetworkPkgHostTest
++  PLATFORM_GUID           = 3b68324e-fc07-4d49-9520-9347ede65879
++  PLATFORM_VERSION        = 0.1
++  DSC_SPECIFICATION       = 0x00010005
++  OUTPUT_DIRECTORY        = Build/NetworkPkg/HostTest
++  SUPPORTED_ARCHITECTURES = IA32|X64|AARCH64
++  BUILD_TARGETS           = NOOPT
++  SKUID_IDENTIFIER        = DEFAULT
++
++!include UnitTestFrameworkPkg/UnitTestFrameworkPkgHost.dsc.inc
++[Packages]
++  MdePkg/MdePkg.dec
++  UnitTestFrameworkPkg/UnitTestFrameworkPkg.dec
++
++[Components]
++  #
++  # Build HOST_APPLICATION that tests NetworkPkg
++  #
++
++# Despite these library classes being listed in [LibraryClasses] below, they are not needed for the host-based unit tests.
++[LibraryClasses]
++  NetLib|NetworkPkg/Library/DxeNetLib/DxeNetLib.inf
++  DebugLib|MdePkg/Library/BaseDebugLibNull/BaseDebugLibNull.inf
++  BaseLib|MdePkg/Library/BaseLib/BaseLib.inf
++  BaseMemoryLib|MdePkg/Library/BaseMemoryLib/BaseMemoryLib.inf
++  DevicePathLib|MdePkg/Library/UefiDevicePathLib/UefiDevicePathLib.inf
++  HiiLib|MdeModulePkg/Library/UefiHiiLib/UefiHiiLib.inf
++  MemoryAllocationLib|MdePkg/Library/UefiMemoryAllocationLib/UefiMemoryAllocationLib.inf
++  PcdLib|MdePkg/Library/BasePcdLibNull/BasePcdLibNull.inf
++  PrintLib|MdePkg/Library/BasePrintLib/BasePrintLib.inf
++  UefiDriverEntryPoint|MdePkg/Library/UefiDriverEntryPoint/UefiDriverEntryPoint.inf
++  UefiApplicationEntryPoint|MdePkg/Library/UefiApplicationEntryPoint/UefiApplicationEntryPoint.inf
++  UefiBootServicesTableLib|MdePkg/Library/UefiBootServicesTableLib/UefiBootServicesTableLib.inf
++  UefiLib|MdePkg/Library/UefiLib/UefiLib.inf
++  UefiRuntimeServicesTableLib|MdePkg/Library/UefiRuntimeServicesTableLib/UefiRuntimeServicesTableLib.inf
++  UefiHiiServicesLib|MdeModulePkg/Library/UefiHiiServicesLib/UefiHiiServicesLib.inf
++  UefiBootManagerLib|MdeModulePkg/Library/UefiBootManagerLib/UefiBootManagerLib.inf
++  TimerLib|MdePkg/Library/BaseTimerLibNullTemplate/BaseTimerLibNullTemplate.inf
++  PerformanceLib|MdePkg/Library/BasePerformanceLibNull/BasePerformanceLibNull.inf
++  PeCoffGetEntryPointLib|MdePkg/Library/BasePeCoffGetEntryPointLib/BasePeCoffGetEntryPointLib.inf
++  DxeServicesLib|MdePkg/Library/DxeServicesLib/DxeServicesLib.inf
++  DxeServicesTableLib|MdePkg/Library/DxeServicesTableLib/DxeServicesTableLib.inf
++  SafeIntLib|MdePkg/Library/BaseSafeIntLib/BaseSafeIntLib.inf
++  RngLib|MdePkg/Library/BaseRngLib/BaseRngLib.inf
++  VariablePolicyHelperLib|MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.inf
++!ifdef CONTINUOUS_INTEGRATION
++  BaseCryptLib|CryptoPkg/Library/BaseCryptLibNull/BaseCryptLibNull.inf
++  TlsLib|CryptoPkg/Library/TlsLibNull/TlsLibNull.inf
++!else
++  BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
++  OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf
++  TlsLib|CryptoPkg/Library/TlsLib/TlsLib.inf
++!endif
++  DebugPrintErrorLevelLib|MdePkg/Library/BaseDebugPrintErrorLevelLib/BaseDebugPrintErrorLevelLib.inf
++  FileHandleLib|MdePkg/Library/UefiFileHandleLib/UefiFileHandleLib.inf
++  FileExplorerLib|MdeModulePkg/Library/FileExplorerLib/FileExplorerLib.inf
++  SortLib|MdeModulePkg/Library/UefiSortLib/UefiSortLib.inf
++  IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf
++
++!if $(TOOL_CHAIN_TAG) == VS2019 or $(TOOL_CHAIN_TAG) == VS2022
++[LibraryClasses.X64]
++  # Provide StackCookie support lib so that we can link to /GS exports for VS builds
++  RngLib|MdePkg/Library/BaseRngLib/BaseRngLib.inf
++!endif
++
++[LibraryClasses.common.UEFI_DRIVER]
++  HobLib|MdePkg/Library/DxeHobLib/DxeHobLib.inf
++  ReportStatusCodeLib|MdeModulePkg/Library/DxeReportStatusCodeLib/DxeReportStatusCodeLib.inf
++  DebugLib|MdePkg/Library/UefiDebugLibConOut/UefiDebugLibConOut.inf
++[LibraryClasses.common.UEFI_APPLICATION]
++  DebugLib|MdePkg/Library/UefiDebugLibStdErr/UefiDebugLibStdErr.inf
++  ShellLib|ShellPkg/Library/UefiShellLib/UefiShellLib.inf
++[LibraryClasses.ARM, LibraryClasses.AARCH64]
++  #
++  # It is not possible to prevent ARM compiler calls to generic intrinsic functions.
++  # This library provides the instrinsic functions generated by a given compiler.
++  # [LibraryClasses.ARM] and NULL mean link this library into all ARM images.
++  #
++!if $(TOOL_CHAIN_TAG) != VS2017 and $(TOOL_CHAIN_TAG) != VS2015 and $(TOOL_CHAIN_TAG) != VS2019
++  NULL|ArmPkg/Library/CompilerIntrinsicsLib/CompilerIntrinsicsLib.inf
++!endif
++  NULL|MdePkg/Library/BaseStackCheckLib/BaseStackCheckLib.inf
++[LibraryClasses.ARM]
++  RngLib|MdePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf
++[LibraryClasses.RISCV64]
++  RngLib|MdePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf
++
++[PcdsFixedAtBuild]
++  gEfiMdePkgTokenSpaceGuid.PcdDebugPropertyMask|0x2
++  gEfiNetworkPkgTokenSpaceGuid.PcdDhcp6UidType|0x4
+-- 
+2.41.0
+

SOURCES/edk2-NetworkPkg-Dhcp6Dxe-SECURITY-PATCH-CVE-2023-45230-Un.patch

@@ -0,0 +1,630 @@
+From c4b0517aaa38857640b4b08b55803ae8a833c1e7 Mon Sep 17 00:00:00 2001
+From: Jon Maloy <jmaloy@redhat.com>
+Date: Thu, 8 Feb 2024 10:35:14 -0500
+Subject: [PATCH 03/18] NetworkPkg: Dhcp6Dxe: SECURITY PATCH CVE-2023-45230
+ Unit Tests
+
+RH-Author: Jon Maloy <jmaloy@redhat.com>
+RH-MergeRequest: 54: NetworkPkg: Dhcp6Dxe: SECURITY PATCH CVE-2023-45230 Patch
+RH-Jira: RHEL-21841 RHEL-21843 RHEL-21845 RHEL-21847 RHEL-21849 RHEL-21851 RHEL-21853
+RH-Acked-by: Gerd Hoffmann <None>
+RH-Acked-by: Laszlo Ersek <lersek@redhat.com>
+RH-Commit: [3/18] 0fe85bcd3683b2424bcd91ad1495d1b79eb07405
+
+JIRA: https://issues.redhat.com/browse/RHEL-21843
+CVE: CVE-2023-45230
+Upstream: Merged
+
+commit 5f3658197bf29c83b3349b0ab1d99cdb0c3814bc
+Author: Doug Flick via groups.io <dougflick=microsoft.com@groups.io>
+Date:   Fri Jan 26 05:54:45 2024 +0800
+
+    NetworkPkg: Dhcp6Dxe: SECURITY PATCH CVE-2023-45230 Unit Tests
+
+    REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4535
+
+    Confirms that reported issue...
+
+    "Buffer overflow in the DHCPv6 client via a long Server ID option"
+
+    ..has been corrected by the provided patch.
+
+    Tests the following functions to ensure they appropriately handle
+    untrusted data (either too long or too small) to prevent a buffer
+    overflow:
+
+    Dhcp6AppendOption
+    Dhcp6AppendETOption
+    Dhcp6AppendIaOption
+
+    Cc: Saloni Kasbekar <saloni.kasbekar@intel.com>
+    Cc: Zachary Clark-williams <zachary.clark-williams@intel.com>
+
+    Signed-off-by: Doug Flick [MSFT] <doug.edk2@gmail.com>
+    Reviewed-by: Saloni Kasbekar <saloni.kasbekar@intel.com>
+
+Signed-off-by: Jon Maloy <jmaloy@redhat.com>
+---
+ .../GoogleTest/Dhcp6DxeGoogleTest.cpp         |  20 +
+ .../GoogleTest/Dhcp6DxeGoogleTest.inf         |  43 ++
+ .../Dhcp6Dxe/GoogleTest/Dhcp6IoGoogleTest.cpp | 478 ++++++++++++++++++
+ NetworkPkg/Test/NetworkPkgHostTest.dsc        |   1 +
+ 4 files changed, 542 insertions(+)
+ create mode 100644 NetworkPkg/Dhcp6Dxe/GoogleTest/Dhcp6DxeGoogleTest.cpp
+ create mode 100644 NetworkPkg/Dhcp6Dxe/GoogleTest/Dhcp6DxeGoogleTest.inf
+ create mode 100644 NetworkPkg/Dhcp6Dxe/GoogleTest/Dhcp6IoGoogleTest.cpp
+
+diff --git a/NetworkPkg/Dhcp6Dxe/GoogleTest/Dhcp6DxeGoogleTest.cpp b/NetworkPkg/Dhcp6Dxe/GoogleTest/Dhcp6DxeGoogleTest.cpp
+new file mode 100644
+index 0000000000..9aeced2f91
+--- /dev/null
++++ b/NetworkPkg/Dhcp6Dxe/GoogleTest/Dhcp6DxeGoogleTest.cpp
+@@ -0,0 +1,20 @@
++/** @file
++  Acts as the main entry point for the tests for the Dhcp6Dxe module.
++
++  Copyright (c) Microsoft Corporation
++  SPDX-License-Identifier: BSD-2-Clause-Patent
++**/
++#include <gtest/gtest.h>
++
++////////////////////////////////////////////////////////////////////////////////
++// Run the tests
++////////////////////////////////////////////////////////////////////////////////
++int
++main (
++  int   argc,
++  char  *argv[]
++  )
++{
++  testing::InitGoogleTest (&argc, argv);
++  return RUN_ALL_TESTS ();
++}
+diff --git a/NetworkPkg/Dhcp6Dxe/GoogleTest/Dhcp6DxeGoogleTest.inf b/NetworkPkg/Dhcp6Dxe/GoogleTest/Dhcp6DxeGoogleTest.inf
+new file mode 100644
+index 0000000000..8e9119a371
+--- /dev/null
++++ b/NetworkPkg/Dhcp6Dxe/GoogleTest/Dhcp6DxeGoogleTest.inf
+@@ -0,0 +1,43 @@
++## @file
++# Unit test suite for the Dhcp6Dxe using Google Test
++#
++# Copyright (c) Microsoft Corporation.<BR>
++# SPDX-License-Identifier: BSD-2-Clause-Patent
++##
++[Defines]
++  INF_VERSION         = 0x00010017
++  BASE_NAME           = Dhcp6DxeGoogleTest
++  FILE_GUID           = 1D2A4C65-38C8-4C2F-BB60-B5FA49625AA9
++  VERSION_STRING      = 1.0
++  MODULE_TYPE         = HOST_APPLICATION
++#
++# The following information is for reference only and not required by the build tools.
++#
++#  VALID_ARCHITECTURES           = IA32 X64 AARCH64
++#
++[Sources]
++  Dhcp6DxeGoogleTest.cpp
++  Dhcp6IoGoogleTest.cpp
++  ../Dhcp6Io.c
++  ../Dhcp6Utility.c
++
++[Packages]
++  MdePkg/MdePkg.dec
++  MdeModulePkg/MdeModulePkg.dec
++  UnitTestFrameworkPkg/UnitTestFrameworkPkg.dec
++  NetworkPkg/NetworkPkg.dec
++
++[LibraryClasses]
++  GoogleTestLib
++  DebugLib
++  NetLib
++  PcdLib
++
++[Protocols]
++  gEfiDhcp6ServiceBindingProtocolGuid
++
++[Pcd]
++  gEfiNetworkPkgTokenSpaceGuid.PcdDhcp6UidType
++
++[Guids]
++  gZeroGuid
+diff --git a/NetworkPkg/Dhcp6Dxe/GoogleTest/Dhcp6IoGoogleTest.cpp b/NetworkPkg/Dhcp6Dxe/GoogleTest/Dhcp6IoGoogleTest.cpp
+new file mode 100644
+index 0000000000..7ee40e4af4
+--- /dev/null
++++ b/NetworkPkg/Dhcp6Dxe/GoogleTest/Dhcp6IoGoogleTest.cpp
+@@ -0,0 +1,478 @@
++/** @file
++  Tests for Dhcp6Io.c.
++
++  Copyright (c) Microsoft Corporation
++  SPDX-License-Identifier: BSD-2-Clause-Patent
++**/
++#include <gtest/gtest.h>
++
++extern "C" {
++  #include <Uefi.h>
++  #include <Library/BaseLib.h>
++  #include <Library/DebugLib.h>
++  #include <Library/BaseMemoryLib.h>
++  #include "../Dhcp6Impl.h"
++  #include "../Dhcp6Utility.h"
++}
++
++////////////////////////////////////////////////////////////////////////
++// Defines
++////////////////////////////////////////////////////////////////////////
++
++#define DHCP6_PACKET_MAX_LEN  1500
++
++////////////////////////////////////////////////////////////////////////
++////////////////////////////////////////////////////////////////////////
++// Symbol Definitions
++// These functions are not directly under test - but required to compile
++////////////////////////////////////////////////////////////////////////
++
++// This definition is used by this test but is also required to compile
++// by Dhcp6Io.c
++EFI_IPv6_ADDRESS  mAllDhcpRelayAndServersAddress = {
++  { 0xFF, 2, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 2 }
++};
++
++EFI_STATUS
++EFIAPI
++UdpIoSendDatagram (
++  IN  UDP_IO           *UdpIo,
++  IN  NET_BUF          *Packet,
++  IN  UDP_END_POINT    *EndPoint OPTIONAL,
++  IN  EFI_IP_ADDRESS   *Gateway  OPTIONAL,
++  IN  UDP_IO_CALLBACK  CallBack,
++  IN  VOID             *Context
++  )
++{
++  return EFI_SUCCESS;
++}
++
++EFI_STATUS
++EFIAPI
++UdpIoRecvDatagram (
++  IN  UDP_IO           *UdpIo,
++  IN  UDP_IO_CALLBACK  CallBack,
++  IN  VOID             *Context,
++  IN  UINT32           HeadLen
++  )
++{
++  return EFI_SUCCESS;
++}
++
++////////////////////////////////////////////////////////////////////////
++// Dhcp6AppendOptionTest Tests
++////////////////////////////////////////////////////////////////////////
++
++class Dhcp6AppendOptionTest : public ::testing::Test {
++public:
++  UINT8 *Buffer = NULL;
++  EFI_DHCP6_PACKET *Packet;
++
++protected:
++  // Add any setup code if needed
++  virtual void
++  SetUp (
++    )
++  {
++    // Initialize any resources or variables
++    Buffer = (UINT8 *)AllocateZeroPool (DHCP6_PACKET_MAX_LEN);
++    ASSERT_NE (Buffer, (UINT8 *)NULL);
++
++    Packet       = (EFI_DHCP6_PACKET *)Buffer;
++    Packet->Size = DHCP6_PACKET_MAX_LEN;
++  }
++
++  // Add any cleanup code if needed
++  virtual void
++  TearDown (
++    )
++  {
++    // Clean up any resources or variables
++    if (Buffer != NULL) {
++      FreePool (Buffer);
++    }
++  }
++};
++
++// Test Description:
++// Attempt to append an option to a packet that is too small by a duid that is too large
++TEST_F (Dhcp6AppendOptionTest, InvalidDataExpectBufferTooSmall) {
++  UINT8           *Cursor;
++  EFI_DHCP6_DUID  *UntrustedDuid;
++  EFI_STATUS      Status;
++
++  UntrustedDuid = (EFI_DHCP6_DUID *)AllocateZeroPool (sizeof (EFI_DHCP6_DUID));
++  ASSERT_NE (UntrustedDuid, (EFI_DHCP6_DUID *)NULL);
++
++  UntrustedDuid->Length = NTOHS (0xFFFF);
++
++  Cursor = Dhcp6AppendOptionTest::Packet->Dhcp6.Option;
++
++  Status = Dhcp6AppendOption (
++             Dhcp6AppendOptionTest::Packet,
++             &Cursor,
++             HTONS (Dhcp6OptServerId),
++             UntrustedDuid->Length,
++             UntrustedDuid->Duid
++             );
++
++  ASSERT_EQ (Status, EFI_BUFFER_TOO_SMALL);
++}
++
++// Test Description:
++// Attempt to append an option to a packet that is large enough
++TEST_F (Dhcp6AppendOptionTest, ValidDataExpectSuccess) {
++  UINT8           *Cursor;
++  EFI_DHCP6_DUID  *UntrustedDuid;
++  EFI_STATUS      Status;
++  UINTN           OriginalLength;
++
++  UINT8  Duid[6] = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05 };
++
++  Packet->Length = sizeof (EFI_DHCP6_HEADER);
++  OriginalLength = Packet->Length;
++
++  UntrustedDuid = (EFI_DHCP6_DUID *)AllocateZeroPool (sizeof (EFI_DHCP6_DUID));
++  ASSERT_NE (UntrustedDuid, (EFI_DHCP6_DUID *)NULL);
++
++  UntrustedDuid->Length = NTOHS (sizeof (Duid));
++  CopyMem (UntrustedDuid->Duid, Duid, sizeof (Duid));
++
++  Cursor = Dhcp6AppendOptionTest::Packet->Dhcp6.Option;
++
++  Status = Dhcp6AppendOption (
++             Dhcp6AppendOptionTest::Packet,
++             &Cursor,
++             HTONS (Dhcp6OptServerId),
++             UntrustedDuid->Length,
++             UntrustedDuid->Duid
++             );
++
++  ASSERT_EQ (Status, EFI_SUCCESS);
++
++  // verify that the pointer to cursor moved by the expected amount
++  ASSERT_EQ (Cursor, (UINT8 *)Dhcp6AppendOptionTest::Packet->Dhcp6.Option + sizeof (Duid) + 4);
++
++  // verify that the length of the packet is now the expected amount
++  ASSERT_EQ (Dhcp6AppendOptionTest::Packet->Length, OriginalLength + sizeof (Duid) + 4);
++}
++
++////////////////////////////////////////////////////////////////////////
++// Dhcp6AppendETOption Tests
++////////////////////////////////////////////////////////////////////////
++
++class Dhcp6AppendETOptionTest : public ::testing::Test {
++public:
++  UINT8 *Buffer = NULL;
++  EFI_DHCP6_PACKET *Packet;
++
++protected:
++  // Add any setup code if needed
++  virtual void
++  SetUp (
++    )
++  {
++    // Initialize any resources or variables
++    Buffer = (UINT8 *)AllocateZeroPool (DHCP6_PACKET_MAX_LEN);
++    ASSERT_NE (Buffer, (UINT8 *)NULL);
++
++    Packet         = (EFI_DHCP6_PACKET *)Buffer;
++    Packet->Size   = DHCP6_PACKET_MAX_LEN;
++    Packet->Length = sizeof (EFI_DHCP6_HEADER);
++  }
++
++  // Add any cleanup code if needed
++  virtual void
++  TearDown (
++    )
++  {
++    // Clean up any resources or variables
++    if (Buffer != NULL) {
++      FreePool (Buffer);
++    }
++  }
++};
++
++// Test Description:
++// Attempt to append an option to a packet that is too small by a duid that is too large
++TEST_F (Dhcp6AppendETOptionTest, InvalidDataExpectBufferTooSmall) {
++  UINT8           *Cursor;
++  EFI_STATUS      Status;
++  DHCP6_INSTANCE  Instance;
++  UINT16          ElapsedTimeVal;
++  UINT16          *ElapsedTime;
++
++  Cursor      = Dhcp6AppendETOptionTest::Packet->Dhcp6.Option;
++  ElapsedTime = &ElapsedTimeVal;
++
++  Packet->Length = Packet->Size - 2;
++
++  Status = Dhcp6AppendETOption (
++             Dhcp6AppendETOptionTest::Packet,
++             &Cursor,
++             &Instance, // Instance is not used in this function
++             &ElapsedTime
++             );
++
++  // verify that we error out because the packet is too small for the option header
++  ASSERT_EQ (Status, EFI_BUFFER_TOO_SMALL);
++
++  // reset the length
++  Packet->Length = sizeof (EFI_DHCP6_HEADER);
++}
++
++// Test Description:
++// Attempt to append an option to a packet that is large enough
++TEST_F (Dhcp6AppendETOptionTest, ValidDataExpectSuccess) {
++  UINT8           *Cursor;
++  EFI_STATUS      Status;
++  DHCP6_INSTANCE  Instance;
++  UINT16          ElapsedTimeVal;
++  UINT16          *ElapsedTime;
++  UINTN           ExpectedSize;
++  UINTN           OriginalLength;
++
++  Cursor         = Dhcp6AppendETOptionTest::Packet->Dhcp6.Option;
++  ElapsedTime    = &ElapsedTimeVal;
++  ExpectedSize   = 6;
++  OriginalLength = Packet->Length;
++
++  Status = Dhcp6AppendETOption (
++             Dhcp6AppendETOptionTest::Packet,
++             &Cursor,
++             &Instance, // Instance is not used in this function
++             &ElapsedTime
++             );
++
++  // verify that the status is EFI_SUCCESS
++  ASSERT_EQ (Status, EFI_SUCCESS);
++
++  // verify that the pointer to cursor moved by the expected amount
++  ASSERT_EQ (Cursor, (UINT8 *)Dhcp6AppendETOptionTest::Packet->Dhcp6.Option + ExpectedSize);
++
++  // verify that the length of the packet is now the expected amount
++  ASSERT_EQ (Dhcp6AppendETOptionTest::Packet->Length, OriginalLength + ExpectedSize);
++}
++
++////////////////////////////////////////////////////////////////////////
++// Dhcp6AppendIaOption Tests
++////////////////////////////////////////////////////////////////////////
++
++class Dhcp6AppendIaOptionTest : public ::testing::Test {
++public:
++  UINT8 *Buffer = NULL;
++  EFI_DHCP6_PACKET *Packet;
++  EFI_DHCP6_IA *Ia;
++
++protected:
++  // Add any setup code if needed
++  virtual void
++  SetUp (
++    )
++  {
++    // Initialize any resources or variables
++    Buffer = (UINT8 *)AllocateZeroPool (DHCP6_PACKET_MAX_LEN);
++    ASSERT_NE (Buffer, (UINT8 *)NULL);
++
++    Packet       = (EFI_DHCP6_PACKET *)Buffer;
++    Packet->Size = DHCP6_PACKET_MAX_LEN;
++
++    Ia = (EFI_DHCP6_IA *)AllocateZeroPool (sizeof (EFI_DHCP6_IA) + sizeof (EFI_DHCP6_IA_ADDRESS) * 2);
++    ASSERT_NE (Ia, (EFI_DHCP6_IA *)NULL);
++
++    CopyMem (Ia->IaAddress, mAllDhcpRelayAndServersAddress.Addr, sizeof (EFI_IPv6_ADDRESS));
++    CopyMem (Ia->IaAddress + 1, mAllDhcpRelayAndServersAddress.Addr, sizeof (EFI_IPv6_ADDRESS));
++
++    Ia->IaAddressCount = 2;
++  }
++
++  // Add any cleanup code if needed
++  virtual void
++  TearDown (
++    )
++  {
++    // Clean up any resources or variables
++    if (Buffer != NULL) {
++      FreePool (Buffer);
++    }
++
++    if (Ia != NULL) {
++      FreePool (Ia);
++    }
++  }
++};
++
++// Test Description:
++// Attempt to append an option to a packet that doesn't have enough space
++// for the option header
++TEST_F (Dhcp6AppendIaOptionTest, IaNaInvalidDataExpectBufferTooSmall) {
++  UINT8       *Cursor;
++  EFI_STATUS  Status;
++
++  Packet->Length = Packet->Size - 2;
++
++  Ia->Descriptor.Type = Dhcp6OptIana;
++  Ia->Descriptor.IaId = 0x12345678;
++
++  Cursor = Dhcp6AppendIaOptionTest::Packet->Dhcp6.Option;
++
++  Status = Dhcp6AppendIaOption (
++             Dhcp6AppendIaOptionTest::Packet,
++             &Cursor,
++             Ia,
++             0x12345678,
++             0x11111111,
++             Dhcp6OptIana
++             );
++
++  // verify that we error out because the packet is too small for the option header
++  ASSERT_EQ (Status, EFI_BUFFER_TOO_SMALL);
++
++  // reset the length
++  Packet->Length = sizeof (EFI_DHCP6_HEADER);
++}
++
++// Test Description:
++// Attempt to append an option to a packet that doesn't have enough space
++// for the option header
++TEST_F (Dhcp6AppendIaOptionTest, IaTaInvalidDataExpectBufferTooSmall) {
++  UINT8       *Cursor;
++  EFI_STATUS  Status;
++
++  // Use up nearly all the space in the packet
++  Packet->Length = Packet->Size - 2;
++
++  Ia->Descriptor.Type = Dhcp6OptIata;
++  Ia->Descriptor.IaId = 0x12345678;
++
++  Cursor = Dhcp6AppendIaOptionTest::Packet->Dhcp6.Option;
++
++  Status = Dhcp6AppendIaOption (
++             Dhcp6AppendIaOptionTest::Packet,
++             &Cursor,
++             Ia,
++             0,
++             0,
++             Dhcp6OptIata
++             );
++
++  // verify that we error out because the packet is too small for the option header
++  ASSERT_EQ (Status, EFI_BUFFER_TOO_SMALL);
++
++  // reset the length
++  Packet->Length = sizeof (EFI_DHCP6_HEADER);
++}
++
++TEST_F (Dhcp6AppendIaOptionTest, IaNaValidDataExpectSuccess) {
++  UINT8       *Cursor;
++  EFI_STATUS  Status;
++  UINTN       ExpectedSize;
++  UINTN       OriginalLength;
++
++  //
++  // 2 bytes for the option header type
++  //
++  ExpectedSize = 2;
++  //
++  // 2 bytes for the option header length
++  //
++  ExpectedSize += 2;
++  //
++  // 4 bytes for the IAID
++  //
++  ExpectedSize += 4;
++  //
++  // + 4 bytes for the T1
++  //
++  ExpectedSize += 4;
++  //
++  // + 4 bytes for the T2
++  //
++  ExpectedSize += 4;
++  //
++  // + (4 + sizeof (EFI_DHCP6_IA_ADDRESS)) * 2;
++  //   + 2 bytes for the option header type
++  //   + 2 bytes for the option header length
++  //   + sizeof (EFI_DHCP6_IA_ADDRESS) for the IA Address
++  //
++  ExpectedSize += (4 + sizeof (EFI_DHCP6_IA_ADDRESS)) * 2;
++
++  Cursor = Dhcp6AppendIaOptionTest::Packet->Dhcp6.Option;
++
++  Packet->Length = sizeof (EFI_DHCP6_HEADER);
++  OriginalLength = Packet->Length;
++
++  Ia->Descriptor.Type = Dhcp6OptIana;
++  Ia->Descriptor.IaId = 0x12345678;
++
++  Status = Dhcp6AppendIaOption (
++             Dhcp6AppendIaOptionTest::Packet,
++             &Cursor,
++             Ia,
++             0x12345678,
++             0x12345678,
++             Dhcp6OptIana
++             );
++
++  // verify that the pointer to cursor moved by the expected amount
++  ASSERT_EQ (Cursor, (UINT8 *)Dhcp6AppendIaOptionTest::Packet->Dhcp6.Option + ExpectedSize);
++
++  // verify that the length of the packet is now the expected amount
++  ASSERT_EQ (Dhcp6AppendIaOptionTest::Packet->Length, OriginalLength + ExpectedSize);
++
++  // verify that the status is EFI_SUCCESS
++  ASSERT_EQ (Status, EFI_SUCCESS);
++}
++
++TEST_F (Dhcp6AppendIaOptionTest, IaTaValidDataExpectSuccess) {
++  UINT8       *Cursor;
++  EFI_STATUS  Status;
++  UINTN       ExpectedSize;
++  UINTN       OriginalLength;
++
++  //
++  // 2 bytes for the option header type
++  //
++  ExpectedSize = 2;
++  //
++  // 2 bytes for the option header length
++  //
++  ExpectedSize += 2;
++  //
++  // 4 bytes for the IAID
++  //
++  ExpectedSize += 4;
++  //
++  // + (4 + sizeof (EFI_DHCP6_IA_ADDRESS)) * 2;
++  //   + 2 bytes for the option header type
++  //   + 2 bytes for the option header length
++  //   + sizeof (EFI_DHCP6_IA_ADDRESS) for the IA Address
++  //
++  ExpectedSize += (4 + sizeof (EFI_DHCP6_IA_ADDRESS)) * 2;
++
++  Cursor = Dhcp6AppendIaOptionTest::Packet->Dhcp6.Option;
++
++  Packet->Length = sizeof (EFI_DHCP6_HEADER);
++  OriginalLength = Packet->Length;
++
++  Ia->Descriptor.Type = Dhcp6OptIata;
++  Ia->Descriptor.IaId = 0x12345678;
++
++  Status = Dhcp6AppendIaOption (
++             Dhcp6AppendIaOptionTest::Packet,
++             &Cursor,
++             Ia,
++             0,
++             0,
++             Dhcp6OptIata
++             );
++
++  // verify that the pointer to cursor moved by the expected amount
++  ASSERT_EQ (Cursor, (UINT8 *)Dhcp6AppendIaOptionTest::Packet->Dhcp6.Option + ExpectedSize);
++
++  // verify that the length of the packet is now the expected amount
++  ASSERT_EQ (Dhcp6AppendIaOptionTest::Packet->Length, OriginalLength + ExpectedSize);
++
++  // verify that the status is EFI_SUCCESS
++  ASSERT_EQ (Status, EFI_SUCCESS);
++}
+diff --git a/NetworkPkg/Test/NetworkPkgHostTest.dsc b/NetworkPkg/Test/NetworkPkgHostTest.dsc
+index 1aeca5c5b3..20bc90b172 100644
+--- a/NetworkPkg/Test/NetworkPkgHostTest.dsc
++++ b/NetworkPkg/Test/NetworkPkgHostTest.dsc
+@@ -24,6 +24,7 @@
+   #
+   # Build HOST_APPLICATION that tests NetworkPkg
+   #
++  NetworkPkg/Dhcp6Dxe/GoogleTest/Dhcp6DxeGoogleTest.inf
+ 
+ # Despite these library classes being listed in [LibraryClasses] below, they are not needed for the host-based unit tests.
+ [LibraryClasses]
+-- 
+2.39.3
+

SOURCES/edk2-NetworkPkg-UefiPxeBcDxe-SECURITY-PATCH-CVE-2023-4523.patch

@@ -0,0 +1,168 @@
+From 1afdf854f67fbaeea47f15efa0c34c0f1fe6a504 Mon Sep 17 00:00:00 2001
+From: Jon Maloy <jmaloy@redhat.com>
+Date: Fri, 16 Feb 2024 10:48:05 -0500
+Subject: [PATCH 10/18] NetworkPkg: UefiPxeBcDxe: SECURITY PATCH CVE-2023-45234
+ Patch
+
+RH-Author: Jon Maloy <jmaloy@redhat.com>
+RH-MergeRequest: 54: NetworkPkg: Dhcp6Dxe: SECURITY PATCH CVE-2023-45230 Patch
+RH-Jira: RHEL-21841 RHEL-21843 RHEL-21845 RHEL-21847 RHEL-21849 RHEL-21851 RHEL-21853
+RH-Acked-by: Gerd Hoffmann <None>
+RH-Acked-by: Laszlo Ersek <lersek@redhat.com>
+RH-Commit: [10/18] c7527c63ebe3afb55a2ef78103c1a57de26c36b7
+
+JIRA: https://issues.redhat.com/browse/RHEL-21851
+CVE: CVE-2022-45234
+Upstream: Merged
+
+commit 1b53515d53d303166b2bbd31e2cc7f16fd0aecd7
+Author: Doug Flick <dougflick@microsoft.com>
+Date:   Fri Jan 26 05:54:52 2024 +0800
+
+    NetworkPkg: UefiPxeBcDxe: SECURITY PATCH CVE-2023-45234 Patch
+
+    REF:https://bugzilla.tianocore.org/show_bug.cgi?id=4539
+
+    Bug Details:
+    PixieFail Bug #6
+    CVE-2023-45234
+    CVSS 8.3 : CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H
+    CWE-119 Improper Restriction of Operations within the Bounds of
+     a Memory Buffer
+
+    Buffer overflow when processing DNS Servers option in a DHCPv6
+    Advertise message
+
+    Change Overview:
+
+    Introduces a function to cache the Dns Server and perform sanitizing
+    on the incoming DnsServerLen to ensure that the length is valid
+
+    > + EFI_STATUS
+    > + PxeBcCacheDnsServerAddresses (
+    > +  IN PXEBC_PRIVATE_DATA        *Private,
+    > +  IN PXEBC_DHCP6_PACKET_CACHE  *Cache6
+    > +  )
+
+    Additional code cleanup
+
+    Cc: Saloni Kasbekar <saloni.kasbekar@intel.com>
+    Cc: Zachary Clark-williams <zachary.clark-williams@intel.com>
+
+    Signed-off-by: Doug Flick [MSFT] <doug.edk2@gmail.com>
+    Reviewed-by: Saloni Kasbekar <saloni.kasbekar@intel.com>
+
+Signed-off-by: Jon Maloy <jmaloy@redhat.com>
+---
+ NetworkPkg/UefiPxeBcDxe/PxeBcDhcp6.c | 71 +++++++++++++++++++++++++---
+ 1 file changed, 65 insertions(+), 6 deletions(-)
+
+diff --git a/NetworkPkg/UefiPxeBcDxe/PxeBcDhcp6.c b/NetworkPkg/UefiPxeBcDxe/PxeBcDhcp6.c
+index 425e0cf806..2b2d372889 100644
+--- a/NetworkPkg/UefiPxeBcDxe/PxeBcDhcp6.c
++++ b/NetworkPkg/UefiPxeBcDxe/PxeBcDhcp6.c
+@@ -3,6 +3,7 @@
+ 
+   (C) Copyright 2014 Hewlett-Packard Development Company, L.P.<BR>
+   Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR>
++  Copyright (c) Microsoft Corporation
+ 
+   SPDX-License-Identifier: BSD-2-Clause-Patent
+ 
+@@ -1312,6 +1313,65 @@ PxeBcSelectDhcp6Offer (
+   }
+ }
+ 
++/**
++  Cache the DHCPv6 DNS Server addresses
++
++  @param[in] Private               The pointer to PXEBC_PRIVATE_DATA.
++  @param[in] Cache6                The pointer to PXEBC_DHCP6_PACKET_CACHE.
++
++  @retval    EFI_SUCCESS           Cache the DHCPv6 DNS Server address successfully.
++  @retval    EFI_OUT_OF_RESOURCES  Failed to allocate resources.
++  @retval    EFI_DEVICE_ERROR      The DNS Server Address Length provided by a untrusted
++                                   option is not a multiple of 16 bytes (sizeof (EFI_IPv6_ADDRESS)).
++**/
++EFI_STATUS
++PxeBcCacheDnsServerAddresses (
++  IN PXEBC_PRIVATE_DATA        *Private,
++  IN PXEBC_DHCP6_PACKET_CACHE  *Cache6
++  )
++{
++  UINT16  DnsServerLen;
++
++  DnsServerLen = NTOHS (Cache6->OptList[PXEBC_DHCP6_IDX_DNS_SERVER]->OpLen);
++  //
++  // Make sure that the number is nonzero
++  //
++  if (DnsServerLen == 0) {
++    return EFI_DEVICE_ERROR;
++  }
++
++  //
++  // Make sure the DnsServerlen is a multiple of EFI_IPv6_ADDRESS (16)
++  //
++  if (DnsServerLen % sizeof (EFI_IPv6_ADDRESS) != 0) {
++    return EFI_DEVICE_ERROR;
++  }
++
++  //
++  // This code is currently written to only support a single DNS Server instead
++  // of multiple such as is spec defined (RFC3646, Section 3). The proper behavior
++  // would be to allocate the full space requested, CopyMem all of the data,
++  // and then add a DnsServerCount field to Private and update additional code
++  // that depends on this.
++  //
++  // To support multiple DNS servers the `AllocationSize` would need to be changed to DnsServerLen
++  //
++  // This is tracked in https://bugzilla.tianocore.org/show_bug.cgi?id=1886
++  //
++  Private->DnsServer = AllocateZeroPool (sizeof (EFI_IPv6_ADDRESS));
++  if (Private->DnsServer == NULL) {
++    return EFI_OUT_OF_RESOURCES;
++  }
++
++  //
++  // Intentionally only copy over the first server address.
++  // To support multiple DNS servers, the `Length` would need to be changed to DnsServerLen
++  //
++  CopyMem (Private->DnsServer, Cache6->OptList[PXEBC_DHCP6_IDX_DNS_SERVER]->Data, sizeof (EFI_IPv6_ADDRESS));
++
++  return EFI_SUCCESS;
++}
++
+ /**
+   Handle the DHCPv6 offer packet.
+ 
+@@ -1335,6 +1395,7 @@ PxeBcHandleDhcp6Offer (
+   UINT32                    SelectIndex;
+   UINT32                    Index;
+ 
++  ASSERT (Private != NULL);
+   ASSERT (Private->SelectIndex > 0);
+   SelectIndex = (UINT32)(Private->SelectIndex - 1);
+   ASSERT (SelectIndex < PXEBC_OFFER_MAX_NUM);
+@@ -1342,15 +1403,13 @@ PxeBcHandleDhcp6Offer (
+   Status = EFI_SUCCESS;
+ 
+   //
+-  // First try to cache DNS server address if DHCP6 offer provides.
++  // First try to cache DNS server addresses if DHCP6 offer provides.
+   //
+   if (Cache6->OptList[PXEBC_DHCP6_IDX_DNS_SERVER] != NULL) {
+-    Private->DnsServer = AllocateZeroPool (NTOHS (Cache6->OptList[PXEBC_DHCP6_IDX_DNS_SERVER]->OpLen));
+-    if (Private->DnsServer == NULL) {
+-      return EFI_OUT_OF_RESOURCES;
++    Status = PxeBcCacheDnsServerAddresses (Private, Cache6);
++    if (EFI_ERROR (Status)) {
++      return Status;
+     }
+-
+-    CopyMem (Private->DnsServer, Cache6->OptList[PXEBC_DHCP6_IDX_DNS_SERVER]->Data, sizeof (EFI_IPv6_ADDRESS));
+   }
+ 
+   if (Cache6->OfferType == PxeOfferTypeDhcpBinl) {
+-- 
+2.39.3
+

SOURCES/edk2-NetworkPkg-UefiPxeBcDxe-SECURITY-PATCH-CVE-2023-4523p2.patch

@@ -0,0 +1,511 @@
+From d60257df151a6c58aefe74c2d2baee59344318d2 Mon Sep 17 00:00:00 2001
+From: Jon Maloy <jmaloy@redhat.com>
+Date: Fri, 16 Feb 2024 10:48:05 -0500
+Subject: [PATCH 11/18] NetworkPkg: UefiPxeBcDxe: SECURITY PATCH CVE-2023-45234
+ Unit Tests
+
+RH-Author: Jon Maloy <jmaloy@redhat.com>
+RH-MergeRequest: 54: NetworkPkg: Dhcp6Dxe: SECURITY PATCH CVE-2023-45230 Patch
+RH-Jira: RHEL-21841 RHEL-21843 RHEL-21845 RHEL-21847 RHEL-21849 RHEL-21851 RHEL-21853
+RH-Acked-by: Gerd Hoffmann <None>
+RH-Acked-by: Laszlo Ersek <lersek@redhat.com>
+RH-Commit: [11/18] b917383d597172d4bf75548d9b281d08bf34e299
+
+JIRA: https://issues.redhat.com/browse/RHEL-21851
+CVE: CVE-2022-45234
+Upstream: Merged
+
+commit 458c582685fc0e8057d2511c5a0394078d988c17
+Author: Doug Flick <dougflick@microsoft.com>
+Date:   Fri Jan 26 05:54:53 2024 +0800
+
+    NetworkPkg: UefiPxeBcDxe: SECURITY PATCH CVE-2023-45234 Unit Tests
+
+    REF:https://bugzilla.tianocore.org/show_bug.cgi?id=4539
+
+    Unit tests to that the bug..
+
+    Buffer overflow when processing DNS Servers option in a DHCPv6 Advertise
+    message
+
+    ..has been patched
+
+    This contains tests for the following functions:
+    PxeBcHandleDhcp6Offer
+    PxeBcCacheDnsServerAddresses
+
+    Cc: Saloni Kasbekar <saloni.kasbekar@intel.com>
+    Cc: Zachary Clark-williams <zachary.clark-williams@intel.com>
+
+    Signed-off-by: Doug Flick [MSFT] <doug.edk2@gmail.com>
+    Reviewed-by: Saloni Kasbekar <saloni.kasbekar@intel.com>
+
+Signed-off-by: Jon Maloy <jmaloy@redhat.com>
+---
+ NetworkPkg/Test/NetworkPkgHostTest.dsc        |   1 +
+ .../GoogleTest/PxeBcDhcp6GoogleTest.cpp       | 300 ++++++++++++++++++
+ .../GoogleTest/PxeBcDhcp6GoogleTest.h         |  50 +++
+ .../GoogleTest/UefiPxeBcDxeGoogleTest.cpp     |  19 ++
+ .../GoogleTest/UefiPxeBcDxeGoogleTest.inf     |  48 +++
+ 5 files changed, 418 insertions(+)
+ create mode 100644 NetworkPkg/UefiPxeBcDxe/GoogleTest/PxeBcDhcp6GoogleTest.cpp
+ create mode 100644 NetworkPkg/UefiPxeBcDxe/GoogleTest/PxeBcDhcp6GoogleTest.h
+ create mode 100644 NetworkPkg/UefiPxeBcDxe/GoogleTest/UefiPxeBcDxeGoogleTest.cpp
+ create mode 100644 NetworkPkg/UefiPxeBcDxe/GoogleTest/UefiPxeBcDxeGoogleTest.inf
+
+diff --git a/NetworkPkg/Test/NetworkPkgHostTest.dsc b/NetworkPkg/Test/NetworkPkgHostTest.dsc
+index 7fa7b0f9d5..a0273c4310 100644
+--- a/NetworkPkg/Test/NetworkPkgHostTest.dsc
++++ b/NetworkPkg/Test/NetworkPkgHostTest.dsc
+@@ -25,6 +25,8 @@
+   # Build HOST_APPLICATION that tests NetworkPkg
+   #
+   NetworkPkg/Dhcp6Dxe/GoogleTest/Dhcp6DxeGoogleTest.inf
++  NetworkPkg/Ip6Dxe/GoogleTest/Ip6DxeGoogleTest.inf
++  NetworkPkg/UefiPxeBcDxe/GoogleTest/UefiPxeBcDxeGoogleTest.inf
+ 
+ # Despite these library classes being listed in [LibraryClasses] below, they are not needed for the host-based unit tests.
+ [LibraryClasses]
+diff --git a/NetworkPkg/UefiPxeBcDxe/GoogleTest/PxeBcDhcp6GoogleTest.cpp b/NetworkPkg/UefiPxeBcDxe/GoogleTest/PxeBcDhcp6GoogleTest.cpp
+new file mode 100644
+index 0000000000..8260eeee50
+--- /dev/null
++++ b/NetworkPkg/UefiPxeBcDxe/GoogleTest/PxeBcDhcp6GoogleTest.cpp
+@@ -0,0 +1,300 @@
++/** @file
++  Host based unit test for PxeBcDhcp6.c.
++
++  Copyright (c) Microsoft Corporation
++  SPDX-License-Identifier: BSD-2-Clause-Patent
++**/
++#include <gtest/gtest.h>
++
++extern "C" {
++  #include <Uefi.h>
++  #include <Library/BaseLib.h>
++  #include <Library/DebugLib.h>
++  #include "../PxeBcImpl.h"
++  #include "../PxeBcDhcp6.h"
++  #include "PxeBcDhcp6GoogleTest.h"
++}
++
++///////////////////////////////////////////////////////////////////////////////
++// Definitions
++///////////////////////////////////////////////////////////////////////////////
++
++#define PACKET_SIZE  (1500)
++
++typedef struct {
++  UINT16    OptionCode;   // The option code for DHCP6_OPT_SERVER_ID (e.g., 0x03)
++  UINT16    OptionLen;    // The length of the option (e.g., 16 bytes)
++  UINT8     ServerId[16]; // The 16-byte DHCPv6 Server Identifier
++} DHCP6_OPTION_SERVER_ID;
++
++///////////////////////////////////////////////////////////////////////////////
++/// Symbol Definitions
++///////////////////////////////////////////////////////////////////////////////
++
++EFI_STATUS
++MockUdpWrite (
++  IN EFI_PXE_BASE_CODE_PROTOCOL      *This,
++  IN UINT16                          OpFlags,
++  IN EFI_IP_ADDRESS                  *DestIp,
++  IN EFI_PXE_BASE_CODE_UDP_PORT      *DestPort,
++  IN EFI_IP_ADDRESS                  *GatewayIp   OPTIONAL,
++  IN EFI_IP_ADDRESS                  *SrcIp       OPTIONAL,
++  IN OUT EFI_PXE_BASE_CODE_UDP_PORT  *SrcPort     OPTIONAL,
++  IN UINTN                           *HeaderSize  OPTIONAL,
++  IN VOID                            *HeaderPtr   OPTIONAL,
++  IN UINTN                           *BufferSize,
++  IN VOID                            *BufferPtr
++  )
++{
++  return EFI_SUCCESS;
++}
++
++EFI_STATUS
++MockUdpRead (
++  IN EFI_PXE_BASE_CODE_PROTOCOL      *This,
++  IN UINT16                          OpFlags,
++  IN OUT EFI_IP_ADDRESS              *DestIp      OPTIONAL,
++  IN OUT EFI_PXE_BASE_CODE_UDP_PORT  *DestPort    OPTIONAL,
++  IN OUT EFI_IP_ADDRESS              *SrcIp       OPTIONAL,
++  IN OUT EFI_PXE_BASE_CODE_UDP_PORT  *SrcPort     OPTIONAL,
++  IN UINTN                           *HeaderSize  OPTIONAL,
++  IN VOID                            *HeaderPtr   OPTIONAL,
++  IN OUT UINTN                       *BufferSize,
++  IN VOID                            *BufferPtr
++  )
++{
++  return EFI_SUCCESS;
++}
++
++EFI_STATUS
++MockConfigure (
++  IN EFI_UDP6_PROTOCOL     *This,
++  IN EFI_UDP6_CONFIG_DATA  *UdpConfigData OPTIONAL
++  )
++{
++  return EFI_SUCCESS;
++}
++
++// Needed by PxeBcSupport
++EFI_STATUS
++EFIAPI
++QueueDpc (
++  IN EFI_TPL            DpcTpl,
++  IN EFI_DPC_PROCEDURE  DpcProcedure,
++  IN VOID               *DpcContext    OPTIONAL
++  )
++{
++  return EFI_SUCCESS;
++}
++
++///////////////////////////////////////////////////////////////////////////////
++// PxeBcHandleDhcp6OfferTest Tests
++///////////////////////////////////////////////////////////////////////////////
++
++class PxeBcHandleDhcp6OfferTest : public ::testing::Test {
++public:
++  PXEBC_PRIVATE_DATA Private = { 0 };
++  EFI_UDP6_PROTOCOL Udp6Read;
++  EFI_PXE_BASE_CODE_MODE Mode = { 0 };
++
++protected:
++  // Add any setup code if needed
++  virtual void
++  SetUp (
++    )
++  {
++    Private.Dhcp6Request = (EFI_DHCP6_PACKET *)AllocateZeroPool (PACKET_SIZE);
++
++    // Need to setup the EFI_PXE_BASE_CODE_PROTOCOL
++    // The function under test really only needs the following:
++    //  UdpWrite
++    //  UdpRead
++
++    Private.PxeBc.UdpWrite = (EFI_PXE_BASE_CODE_UDP_WRITE)MockUdpWrite;
++    Private.PxeBc.UdpRead  = (EFI_PXE_BASE_CODE_UDP_READ)MockUdpRead;
++
++    // Need to setup EFI_UDP6_PROTOCOL
++    // The function under test really only needs the following:
++    //  Configure
++
++    Udp6Read.Configure = (EFI_UDP6_CONFIGURE)MockConfigure;
++    Private.Udp6Read   = &Udp6Read;
++
++    // Need to setup the EFI_PXE_BASE_CODE_MODE
++    Private.PxeBc.Mode = &Mode;
++
++    // for this test it doesn't really matter what the Dhcpv6 ack is set to
++  }
++
++  // Add any cleanup code if needed
++  virtual void
++  TearDown (
++    )
++  {
++    if (Private.Dhcp6Request != NULL) {
++      FreePool (Private.Dhcp6Request);
++    }
++
++    // Clean up any resources or variables
++  }
++};
++
++// Note:
++// Testing PxeBcHandleDhcp6Offer() is difficult because it depends on a
++// properly setup Private structure. Attempting to properly test this function
++// without a signficant refactor is a fools errand. Instead, we will test
++// that we can prevent an overflow in the function.
++TEST_F (PxeBcHandleDhcp6OfferTest, BasicUsageTest) {
++  PXEBC_DHCP6_PACKET_CACHE  *Cache6 = NULL;
++  EFI_DHCP6_PACKET_OPTION   Option  = { 0 };
++
++  Private.SelectIndex = 1; // SelectIndex is 1-based
++  Cache6              = &Private.OfferBuffer[Private.SelectIndex - 1].Dhcp6;
++
++  Cache6->OptList[PXEBC_DHCP6_IDX_DNS_SERVER] = &Option;
++  // Setup the DHCPv6 offer packet
++  Cache6->OptList[PXEBC_DHCP6_IDX_DNS_SERVER]->OpCode = DHCP6_OPT_SERVER_ID;
++  Cache6->OptList[PXEBC_DHCP6_IDX_DNS_SERVER]->OpLen  = NTOHS (1337);
++
++  ASSERT_EQ (PxeBcHandleDhcp6Offer (&(PxeBcHandleDhcp6OfferTest::Private)), EFI_DEVICE_ERROR);
++}
++
++class PxeBcCacheDnsServerAddressesTest : public ::testing::Test {
++public:
++  PXEBC_PRIVATE_DATA Private = { 0 };
++
++protected:
++  // Add any setup code if needed
++  virtual void
++  SetUp (
++    )
++  {
++  }
++
++  // Add any cleanup code if needed
++  virtual void
++  TearDown (
++    )
++  {
++  }
++};
++
++// Test Description
++// Test that we cache the DNS server address from the DHCPv6 offer packet
++TEST_F (PxeBcCacheDnsServerAddressesTest, BasicUsageTest) {
++  UINT8                     SearchPattern[16] = { 0xDE, 0xAD, 0xBE, 0xEF, 0xDE, 0xAD, 0xBE, 0xEF, 0xDE, 0xAD, 0xBE, 0xEF, 0xDE, 0xAD, 0xBE, 0xEF };
++  EFI_DHCP6_PACKET_OPTION   *Option;
++  PXEBC_DHCP6_PACKET_CACHE  *Cache6 = NULL;
++
++  Option = (EFI_DHCP6_PACKET_OPTION *)AllocateZeroPool (sizeof (EFI_DHCP6_PACKET_OPTION) + sizeof (SearchPattern));
++  ASSERT_NE (Option, nullptr);
++
++  Option->OpCode = DHCP6_OPT_SERVER_ID;
++  Option->OpLen  = NTOHS (sizeof (SearchPattern));
++  CopyMem (Option->Data, SearchPattern, sizeof (SearchPattern));
++
++  Private.SelectIndex                         = 1; // SelectIndex is 1-based
++  Cache6                                      = &Private.OfferBuffer[Private.SelectIndex - 1].Dhcp6;
++  Cache6->OptList[PXEBC_DHCP6_IDX_DNS_SERVER] = Option;
++
++  Private.DnsServer = nullptr;
++
++  ASSERT_EQ (PxeBcCacheDnsServerAddresses (&(PxeBcCacheDnsServerAddressesTest::Private), Cache6), EFI_SUCCESS);
++  ASSERT_NE (Private.DnsServer, nullptr);
++  ASSERT_EQ (CompareMem (Private.DnsServer, SearchPattern, sizeof (SearchPattern)), 0);
++
++  if (Private.DnsServer) {
++    FreePool (Private.DnsServer);
++  }
++
++  if (Option) {
++    FreePool (Option);
++  }
++}
++// Test Description
++// Test that we can prevent an overflow in the function
++TEST_F (PxeBcCacheDnsServerAddressesTest, AttemptOverflowTest) {
++  EFI_DHCP6_PACKET_OPTION   Option  = { 0 };
++  PXEBC_DHCP6_PACKET_CACHE  *Cache6 = NULL;
++
++  Private.SelectIndex                         = 1; // SelectIndex is 1-based
++  Cache6                                      = &Private.OfferBuffer[Private.SelectIndex - 1].Dhcp6;
++  Cache6->OptList[PXEBC_DHCP6_IDX_DNS_SERVER] = &Option;
++  // Setup the DHCPv6 offer packet
++  Cache6->OptList[PXEBC_DHCP6_IDX_DNS_SERVER]->OpCode = DHCP6_OPT_SERVER_ID;
++  Cache6->OptList[PXEBC_DHCP6_IDX_DNS_SERVER]->OpLen  = NTOHS (1337);
++
++  Private.DnsServer = NULL;
++
++  ASSERT_EQ (PxeBcCacheDnsServerAddresses (&(PxeBcCacheDnsServerAddressesTest::Private), Cache6), EFI_DEVICE_ERROR);
++  ASSERT_EQ (Private.DnsServer, nullptr);
++
++  if (Private.DnsServer) {
++    FreePool (Private.DnsServer);
++  }
++}
++
++// Test Description
++// Test that we can prevent an underflow in the function
++TEST_F (PxeBcCacheDnsServerAddressesTest, AttemptUnderflowTest) {
++  EFI_DHCP6_PACKET_OPTION   Option  = { 0 };
++  PXEBC_DHCP6_PACKET_CACHE  *Cache6 = NULL;
++
++  Private.SelectIndex                         = 1; // SelectIndex is 1-based
++  Cache6                                      = &Private.OfferBuffer[Private.SelectIndex - 1].Dhcp6;
++  Cache6->OptList[PXEBC_DHCP6_IDX_DNS_SERVER] = &Option;
++  // Setup the DHCPv6 offer packet
++  Cache6->OptList[PXEBC_DHCP6_IDX_DNS_SERVER]->OpCode = DHCP6_OPT_SERVER_ID;
++  Cache6->OptList[PXEBC_DHCP6_IDX_DNS_SERVER]->OpLen  = NTOHS (2);
++
++  Private.DnsServer = NULL;
++
++  ASSERT_EQ (PxeBcCacheDnsServerAddresses (&(PxeBcCacheDnsServerAddressesTest::Private), Cache6), EFI_DEVICE_ERROR);
++  ASSERT_EQ (Private.DnsServer, nullptr);
++
++  if (Private.DnsServer) {
++    FreePool (Private.DnsServer);
++  }
++}
++
++// Test Description
++// Test that we can handle recursive dns (multiple dns entries)
++TEST_F (PxeBcCacheDnsServerAddressesTest, MultipleDnsEntries) {
++  EFI_DHCP6_PACKET_OPTION   Option  = { 0 };
++  PXEBC_DHCP6_PACKET_CACHE  *Cache6 = NULL;
++
++  Private.SelectIndex                         = 1; // SelectIndex is 1-based
++  Cache6                                      = &Private.OfferBuffer[Private.SelectIndex - 1].Dhcp6;
++  Cache6->OptList[PXEBC_DHCP6_IDX_DNS_SERVER] = &Option;
++  // Setup the DHCPv6 offer packet
++  Cache6->OptList[PXEBC_DHCP6_IDX_DNS_SERVER]->OpCode = DHCP6_OPT_SERVER_ID;
++
++  EFI_IPv6_ADDRESS  addresses[2] = {
++    // 2001:db8:85a3::8a2e:370:7334
++    { 0x20, 0x01, 0x0d, 0xb8, 0x85, 0xa3, 0x00, 0x00, 0x00, 0x00, 0x8a, 0x2e, 0x03, 0x70, 0x73, 0x34 },
++    // fe80::d478:91c3:ecd7:4ff9
++    { 0xfe, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xd4, 0x78, 0x91, 0xc3, 0xec, 0xd7, 0x4f, 0xf9 }
++  };
++
++  CopyMem (Cache6->OptList[PXEBC_DHCP6_IDX_DNS_SERVER]->Data, &addresses, sizeof (addresses));
++
++  Cache6->OptList[PXEBC_DHCP6_IDX_DNS_SERVER]->OpLen = NTOHS (sizeof (addresses));
++
++  Private.DnsServer = NULL;
++
++  ASSERT_EQ (PxeBcCacheDnsServerAddresses (&(PxeBcCacheDnsServerAddressesTest::Private), Cache6), EFI_SUCCESS);
++
++  ASSERT_NE (Private.DnsServer, nullptr);
++
++  //
++  // This is expected to fail until DnsServer supports multiple DNS servers
++  //
++  // This is tracked in https://bugzilla.tianocore.org/show_bug.cgi?id=1886
++  //
++  // Disabling:
++  // ASSERT_EQ (CompareMem(Private.DnsServer, &addresses, sizeof(addresses)), 0);
++
++  if (Private.DnsServer) {
++    FreePool (Private.DnsServer);
++  }
++}
+diff --git a/NetworkPkg/UefiPxeBcDxe/GoogleTest/PxeBcDhcp6GoogleTest.h b/NetworkPkg/UefiPxeBcDxe/GoogleTest/PxeBcDhcp6GoogleTest.h
+new file mode 100644
+index 0000000000..b17c314791
+--- /dev/null
++++ b/NetworkPkg/UefiPxeBcDxe/GoogleTest/PxeBcDhcp6GoogleTest.h
+@@ -0,0 +1,50 @@
++/** @file
++  This file exposes the internal interfaces which may be unit tested
++  for the PxeBcDhcp6Dxe driver.
++
++  Copyright (c) Microsoft Corporation.<BR>
++  SPDX-License-Identifier: BSD-2-Clause-Patent
++**/
++
++#ifndef PXE_BC_DHCP6_GOOGLE_TEST_H_
++#define PXE_BC_DHCP6_GOOGLE_TEST_H_
++
++//
++// Minimal includes needed to compile
++//
++#include <Uefi.h>
++#include "../PxeBcImpl.h"
++
++/**
++  Handle the DHCPv6 offer packet.
++
++  @param[in]  Private             The pointer to PXEBC_PRIVATE_DATA.
++
++  @retval     EFI_SUCCESS           Handled the DHCPv6 offer packet successfully.
++  @retval     EFI_NO_RESPONSE       No response to the following request packet.
++  @retval     EFI_OUT_OF_RESOURCES  Failed to allocate resources.
++  @retval     EFI_BUFFER_TOO_SMALL  Can't cache the offer pacet.
++
++**/
++EFI_STATUS
++PxeBcHandleDhcp6Offer (
++  IN PXEBC_PRIVATE_DATA  *Private
++  );
++
++/**
++  Cache the DHCPv6 Server address
++
++  @param[in] Private               The pointer to PXEBC_PRIVATE_DATA.
++  @param[in] Cache6                The pointer to PXEBC_DHCP6_PACKET_CACHE.
++
++  @retval    EFI_SUCCESS           Cache the DHCPv6 Server address successfully.
++  @retval    EFI_OUT_OF_RESOURCES  Failed to allocate resources.
++  @retval    EFI_DEVICE_ERROR      Failed to cache the DHCPv6 Server address.
++**/
++EFI_STATUS
++PxeBcCacheDnsServerAddresses (
++  IN PXEBC_PRIVATE_DATA        *Private,
++  IN PXEBC_DHCP6_PACKET_CACHE  *Cache6
++  );
++
++#endif // PXE_BC_DHCP6_GOOGLE_TEST_H_
+diff --git a/NetworkPkg/UefiPxeBcDxe/GoogleTest/UefiPxeBcDxeGoogleTest.cpp b/NetworkPkg/UefiPxeBcDxe/GoogleTest/UefiPxeBcDxeGoogleTest.cpp
+new file mode 100644
+index 0000000000..cc4fdf525b
+--- /dev/null
++++ b/NetworkPkg/UefiPxeBcDxe/GoogleTest/UefiPxeBcDxeGoogleTest.cpp
+@@ -0,0 +1,19 @@
++/** @file
++  Acts as the main entry point for the tests for the UefiPxeBcDxe module.
++  Copyright (c) Microsoft Corporation
++  SPDX-License-Identifier: BSD-2-Clause-Patent
++**/
++#include <gtest/gtest.h>
++
++////////////////////////////////////////////////////////////////////////////////
++// Run the tests
++////////////////////////////////////////////////////////////////////////////////
++int
++main (
++  int   argc,
++  char  *argv[]
++  )
++{
++  testing::InitGoogleTest (&argc, argv);
++  return RUN_ALL_TESTS ();
++}
+diff --git a/NetworkPkg/UefiPxeBcDxe/GoogleTest/UefiPxeBcDxeGoogleTest.inf b/NetworkPkg/UefiPxeBcDxe/GoogleTest/UefiPxeBcDxeGoogleTest.inf
+new file mode 100644
+index 0000000000..301dcdf611
+--- /dev/null
++++ b/NetworkPkg/UefiPxeBcDxe/GoogleTest/UefiPxeBcDxeGoogleTest.inf
+@@ -0,0 +1,48 @@
++## @file
++# Unit test suite for the UefiPxeBcDxe using Google Test
++#
++# Copyright (c) Microsoft Corporation.<BR>
++# SPDX-License-Identifier: BSD-2-Clause-Patent
++##
++[Defines]
++INF_VERSION    = 0x00010005
++BASE_NAME      = UefiPxeBcDxeGoogleTest
++FILE_GUID      = 77D45C64-EC1E-4174-887B-886E89FD1EDF
++MODULE_TYPE    = HOST_APPLICATION
++VERSION_STRING = 1.0
++
++#
++# The following information is for reference only and not required by the build tools.
++#
++#  VALID_ARCHITECTURES           = IA32 X64
++#
++
++[Sources]
++  UefiPxeBcDxeGoogleTest.cpp
++  PxeBcDhcp6GoogleTest.cpp
++  PxeBcDhcp6GoogleTest.h
++  ../PxeBcDhcp6.c
++  ../PxeBcSupport.c
++
++[Packages]
++  MdePkg/MdePkg.dec
++  MdeModulePkg/MdeModulePkg.dec
++  UnitTestFrameworkPkg/UnitTestFrameworkPkg.dec
++  NetworkPkg/NetworkPkg.dec
++
++[LibraryClasses]
++  GoogleTestLib
++  DebugLib
++  NetLib
++  PcdLib
++
++[Protocols]
++  gEfiDhcp6ServiceBindingProtocolGuid
++  gEfiDns6ServiceBindingProtocolGuid
++  gEfiDns6ProtocolGuid
++
++[Pcd]
++  gEfiNetworkPkgTokenSpaceGuid.PcdDhcp6UidType
++
++[Guids]
++  gZeroGuid
+-- 
+2.39.3

SPECS/edk2.spec

@@ -18,7 +18,7 @@ ExclusiveArch: x86_64 aarch64
 
 Name:       edk2
 Version:    %{GITDATE}
-Release:    4%{?dist}
+Release:    4%{?dist}.2.alma
 Summary:    UEFI firmware for 64-bit virtual machines
 License:    BSD-2-Clause-Patent and OpenSSL and MIT
 URL:        http://www.tianocore.org
@@ -111,6 +111,16 @@ Patch44: edk2-OvmfPkg-AmdSevDxe-Shim-Reboot-workaround-RHEL-only.patch
 Patch45: edk2-OvmfPkg-ResetVector-Fix-assembler-bit-test-flag-chec.patch
 
 
+# Patches were taken from:
+# https://git.almalinux.org/rpms/edk2/commit/8fbeb84967d7649fe4ad8f7db82983c2194a4750
+Patch46: edk2-NetworkPkg-Add-Unit-tests-to-CI-and-create-Host-Test.patch
+# https://gitlab.com/redhat/centos-stream/rpms/edk2/-/commit/9ab668cc6b0651bd6e84c96305139fb5031597fb
+Patch47: edk2-NetworkPkg-Dhcp6Dxe-SECURITY-PATCH-CVE-2023-45230-Pa.patch
+Patch48: edk2-NetworkPkg-Dhcp6Dxe-SECURITY-PATCH-CVE-2023-45230-Un.patch
+# https://gitlab.com/redhat/centos-stream/rpms/edk2/-/commit/9ab668cc6b0651bd6e84c96305139fb5031597fb
+Patch49: edk2-NetworkPkg-UefiPxeBcDxe-SECURITY-PATCH-CVE-2023-4523.patch
+Patch50: edk2-NetworkPkg-UefiPxeBcDxe-SECURITY-PATCH-CVE-2023-4523p2.patch
+
 # python3-devel and libuuid-devel are required for building tools.
 # python3-devel is also needed for varstore template generation and
 # verification with "ovmf-vars-generator".
@@ -428,6 +438,18 @@ install -m 0644 \
 
 
 %changelog
+* Tue Mar 05 2024 Eduard Abdullin <eabdullin@almalinux.org> - 20230524-4.2.alma
+- NetworkPkg: : Add Unit tests to CI and create Host Test
+ DSC
+- NetworkPkg: Dhcp6Dxe: SECURITY PATCH CVE-2023-45230
+ Patch
+- NetworkPkg: Dhcp6Dxe: SECURITY PATCH CVE-2023-45230
+ Unit Tests
+- NetworkPkg: UefiPxeBcDxe: SECURITY PATCH CVE-2023-45234
+ Patch
+- NetworkPkg: UefiPxeBcDxe: SECURITY PATCH CVE-2023-45234
+ Unit Tests
+
 * Mon Oct 09 2023 Miroslav Rezanina <mrezanin@redhat.com> - 20230524-4
 - edk2-OvmfPkg-ResetVector-Fix-assembler-bit-test-flag-chec.patch [RHEL-9943]
 - Resolves: RHEL-9943