339 lines
11 KiB
Diff
339 lines
11 KiB
Diff
From 3c9574af677c24b969c3baa6a527dabaf97f11a2 Mon Sep 17 00:00:00 2001
|
|
From: Laszlo Ersek <lersek@redhat.com>
|
|
Date: Mon, 2 Dec 2019 12:31:53 +0100
|
|
Subject: [PATCH 5/9] CryptoPkg/Crt: import "inet_pton.c" (CVE-2019-14553)
|
|
MIME-Version: 1.0
|
|
Content-Type: text/plain; charset=UTF-8
|
|
Content-Transfer-Encoding: 8bit
|
|
|
|
RH-Author: Laszlo Ersek <lersek@redhat.com>
|
|
Message-id: <20191117220052.15700-6-lersek@redhat.com>
|
|
Patchwork-id: 92461
|
|
O-Subject: [RHEL-8.2.0 edk2 PATCH 5/9] CryptoPkg/Crt: import "inet_pton.c" (CVE-2019-14553)
|
|
Bugzilla: 1536624
|
|
RH-Acked-by: Philippe Mathieu-Daudé <philmd@redhat.com>
|
|
RH-Acked-by: Vitaly Kuznetsov <vkuznets@redhat.com>
|
|
|
|
For TianoCore BZ#1734, StdLib has been moved from the edk2 project to the
|
|
edk2-libc project, in commit 964f432b9b0a ("edk2: Remove AppPkg, StdLib,
|
|
StdLibPrivateInternalFiles", 2019-04-29).
|
|
|
|
We'd like to use the inet_pton() function in CryptoPkg. Resurrect the
|
|
"inet_pton.c" file from just before the StdLib removal, as follows:
|
|
|
|
$ git show \
|
|
964f432b9b0a^:StdLib/BsdSocketLib/inet_pton.c \
|
|
> CryptoPkg/Library/BaseCryptLib/SysCall/inet_pton.c
|
|
|
|
The inet_pton() function is only intended for the DXE phase at this time,
|
|
therefore only the "BaseCryptLib" instance INF file receives the new file.
|
|
|
|
Cc: David Woodhouse <dwmw2@infradead.org>
|
|
Cc: Jian J Wang <jian.j.wang@intel.com>
|
|
Cc: Jiaxin Wu <jiaxin.wu@intel.com>
|
|
Cc: Sivaraman Nainar <sivaramann@amiindia.co.in>
|
|
Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
|
|
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=960
|
|
CVE: CVE-2019-14553
|
|
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
|
|
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
|
|
Reviewed-by: Jiaxin Wu <jiaxin.wu@intel.com>
|
|
(cherry picked from commit 8d16ef8269b2ff373d8da674e59992adfdc032d3)
|
|
---
|
|
CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf | 1 +
|
|
CryptoPkg/Library/BaseCryptLib/SysCall/inet_pton.c | 257 +++++++++++++++++++++
|
|
CryptoPkg/Library/Include/CrtLibSupport.h | 1 +
|
|
3 files changed, 259 insertions(+)
|
|
create mode 100644 CryptoPkg/Library/BaseCryptLib/SysCall/inet_pton.c
|
|
|
|
diff --git a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf b/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
|
|
index 8d4988e..b5cfd8b 100644
|
|
--- a/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
|
|
+++ b/CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
|
|
@@ -58,6 +58,7 @@
|
|
SysCall/CrtWrapper.c
|
|
SysCall/TimerWrapper.c
|
|
SysCall/BaseMemAllocation.c
|
|
+ SysCall/inet_pton.c
|
|
|
|
[Sources.Ia32]
|
|
Rand/CryptRandTsc.c
|
|
diff --git a/CryptoPkg/Library/BaseCryptLib/SysCall/inet_pton.c b/CryptoPkg/Library/BaseCryptLib/SysCall/inet_pton.c
|
|
new file mode 100644
|
|
index 0000000..32e1ab8
|
|
--- /dev/null
|
|
+++ b/CryptoPkg/Library/BaseCryptLib/SysCall/inet_pton.c
|
|
@@ -0,0 +1,257 @@
|
|
+/* Copyright (c) 1996 by Internet Software Consortium.
|
|
+ *
|
|
+ * Permission to use, copy, modify, and distribute this software for any
|
|
+ * purpose with or without fee is hereby granted, provided that the above
|
|
+ * copyright notice and this permission notice appear in all copies.
|
|
+ *
|
|
+ * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
|
|
+ * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
|
|
+ * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
|
|
+ * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
|
|
+ * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
|
|
+ * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
|
|
+ * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
|
|
+ * SOFTWARE.
|
|
+ */
|
|
+
|
|
+/*
|
|
+ * Portions copyright (c) 1999, 2000
|
|
+ * Intel Corporation.
|
|
+ * All rights reserved.
|
|
+ *
|
|
+ * Redistribution and use in source and binary forms, with or without
|
|
+ * modification, are permitted provided that the following conditions
|
|
+ * are met:
|
|
+ *
|
|
+ * 1. Redistributions of source code must retain the above copyright
|
|
+ * notice, this list of conditions and the following disclaimer.
|
|
+ *
|
|
+ * 2. Redistributions in binary form must reproduce the above copyright
|
|
+ * notice, this list of conditions and the following disclaimer in the
|
|
+ * documentation and/or other materials provided with the distribution.
|
|
+ *
|
|
+ * 3. All advertising materials mentioning features or use of this software
|
|
+ * must display the following acknowledgement:
|
|
+ *
|
|
+ * This product includes software developed by Intel Corporation and
|
|
+ * its contributors.
|
|
+ *
|
|
+ * 4. Neither the name of Intel Corporation or its contributors may be
|
|
+ * used to endorse or promote products derived from this software
|
|
+ * without specific prior written permission.
|
|
+ *
|
|
+ * THIS SOFTWARE IS PROVIDED BY INTEL CORPORATION AND CONTRIBUTORS ``AS IS''
|
|
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
|
+ * ARE DISCLAIMED. IN NO EVENT SHALL INTEL CORPORATION OR CONTRIBUTORS BE
|
|
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
|
|
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
|
|
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
|
|
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
|
|
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
|
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
|
|
+ * THE POSSIBILITY OF SUCH DAMAGE.
|
|
+ *
|
|
+ */
|
|
+
|
|
+#if defined(LIBC_SCCS) && !defined(lint)
|
|
+static char rcsid[] = "$Id: inet_pton.c,v 1.1.1.1 2003/11/19 01:51:30 kyu3 Exp $";
|
|
+#endif /* LIBC_SCCS and not lint */
|
|
+
|
|
+#include <sys/param.h>
|
|
+#include <sys/types.h>
|
|
+#include <sys/socket.h>
|
|
+#include <netinet/in.h>
|
|
+#include <arpa/inet.h>
|
|
+#include <arpa/nameser.h>
|
|
+#include <string.h>
|
|
+#include <errno.h>
|
|
+
|
|
+/*
|
|
+ * WARNING: Don't even consider trying to compile this on a system where
|
|
+ * sizeof(int) < 4. sizeof(int) > 4 is fine; all the world's not a VAX.
|
|
+ */
|
|
+
|
|
+static int inet_pton4 (const char *src, u_char *dst);
|
|
+static int inet_pton6 (const char *src, u_char *dst);
|
|
+
|
|
+/* int
|
|
+ * inet_pton(af, src, dst)
|
|
+ * convert from presentation format (which usually means ASCII printable)
|
|
+ * to network format (which is usually some kind of binary format).
|
|
+ * return:
|
|
+ * 1 if the address was valid for the specified address family
|
|
+ * 0 if the address wasn't valid (`dst' is untouched in this case)
|
|
+ * -1 if some other error occurred (`dst' is untouched in this case, too)
|
|
+ * author:
|
|
+ * Paul Vixie, 1996.
|
|
+ */
|
|
+int
|
|
+inet_pton(
|
|
+ int af,
|
|
+ const char *src,
|
|
+ void *dst
|
|
+ )
|
|
+{
|
|
+ switch (af) {
|
|
+ case AF_INET:
|
|
+ return (inet_pton4(src, dst));
|
|
+ case AF_INET6:
|
|
+ return (inet_pton6(src, dst));
|
|
+ default:
|
|
+ errno = EAFNOSUPPORT;
|
|
+ return (-1);
|
|
+ }
|
|
+ /* NOTREACHED */
|
|
+}
|
|
+
|
|
+/* int
|
|
+ * inet_pton4(src, dst)
|
|
+ * like inet_aton() but without all the hexadecimal and shorthand.
|
|
+ * return:
|
|
+ * 1 if `src' is a valid dotted quad, else 0.
|
|
+ * notice:
|
|
+ * does not touch `dst' unless it's returning 1.
|
|
+ * author:
|
|
+ * Paul Vixie, 1996.
|
|
+ */
|
|
+static int
|
|
+inet_pton4(
|
|
+ const char *src,
|
|
+ u_char *dst
|
|
+ )
|
|
+{
|
|
+ static const char digits[] = "0123456789";
|
|
+ int saw_digit, octets, ch;
|
|
+ u_char tmp[NS_INADDRSZ], *tp;
|
|
+
|
|
+ saw_digit = 0;
|
|
+ octets = 0;
|
|
+ *(tp = tmp) = 0;
|
|
+ while ((ch = *src++) != '\0') {
|
|
+ const char *pch;
|
|
+
|
|
+ if ((pch = strchr(digits, ch)) != NULL) {
|
|
+ u_int new = *tp * 10 + (u_int)(pch - digits);
|
|
+
|
|
+ if (new > 255)
|
|
+ return (0);
|
|
+ *tp = (u_char)new;
|
|
+ if (! saw_digit) {
|
|
+ if (++octets > 4)
|
|
+ return (0);
|
|
+ saw_digit = 1;
|
|
+ }
|
|
+ } else if (ch == '.' && saw_digit) {
|
|
+ if (octets == 4)
|
|
+ return (0);
|
|
+ *++tp = 0;
|
|
+ saw_digit = 0;
|
|
+ } else
|
|
+ return (0);
|
|
+ }
|
|
+ if (octets < 4)
|
|
+ return (0);
|
|
+
|
|
+ memcpy(dst, tmp, NS_INADDRSZ);
|
|
+ return (1);
|
|
+}
|
|
+
|
|
+/* int
|
|
+ * inet_pton6(src, dst)
|
|
+ * convert presentation level address to network order binary form.
|
|
+ * return:
|
|
+ * 1 if `src' is a valid [RFC1884 2.2] address, else 0.
|
|
+ * notice:
|
|
+ * (1) does not touch `dst' unless it's returning 1.
|
|
+ * (2) :: in a full address is silently ignored.
|
|
+ * credit:
|
|
+ * inspired by Mark Andrews.
|
|
+ * author:
|
|
+ * Paul Vixie, 1996.
|
|
+ */
|
|
+static int
|
|
+inet_pton6(
|
|
+ const char *src,
|
|
+ u_char *dst
|
|
+ )
|
|
+{
|
|
+ static const char xdigits_l[] = "0123456789abcdef",
|
|
+ xdigits_u[] = "0123456789ABCDEF";
|
|
+ u_char tmp[NS_IN6ADDRSZ], *tp, *endp, *colonp;
|
|
+ const char *xdigits, *curtok;
|
|
+ int ch, saw_xdigit;
|
|
+ u_int val;
|
|
+
|
|
+ memset((tp = tmp), '\0', NS_IN6ADDRSZ);
|
|
+ endp = tp + NS_IN6ADDRSZ;
|
|
+ colonp = NULL;
|
|
+ /* Leading :: requires some special handling. */
|
|
+ if (*src == ':')
|
|
+ if (*++src != ':')
|
|
+ return (0);
|
|
+ curtok = src;
|
|
+ saw_xdigit = 0;
|
|
+ val = 0;
|
|
+ while ((ch = *src++) != '\0') {
|
|
+ const char *pch;
|
|
+
|
|
+ if ((pch = strchr((xdigits = xdigits_l), ch)) == NULL)
|
|
+ pch = strchr((xdigits = xdigits_u), ch);
|
|
+ if (pch != NULL) {
|
|
+ val <<= 4;
|
|
+ val |= (pch - xdigits);
|
|
+ if (val > 0xffff)
|
|
+ return (0);
|
|
+ saw_xdigit = 1;
|
|
+ continue;
|
|
+ }
|
|
+ if (ch == ':') {
|
|
+ curtok = src;
|
|
+ if (!saw_xdigit) {
|
|
+ if (colonp)
|
|
+ return (0);
|
|
+ colonp = tp;
|
|
+ continue;
|
|
+ }
|
|
+ if (tp + NS_INT16SZ > endp)
|
|
+ return (0);
|
|
+ *tp++ = (u_char) (val >> 8) & 0xff;
|
|
+ *tp++ = (u_char) val & 0xff;
|
|
+ saw_xdigit = 0;
|
|
+ val = 0;
|
|
+ continue;
|
|
+ }
|
|
+ if (ch == '.' && ((tp + NS_INADDRSZ) <= endp) &&
|
|
+ inet_pton4(curtok, tp) > 0) {
|
|
+ tp += NS_INADDRSZ;
|
|
+ saw_xdigit = 0;
|
|
+ break; /* '\0' was seen by inet_pton4(). */
|
|
+ }
|
|
+ return (0);
|
|
+ }
|
|
+ if (saw_xdigit) {
|
|
+ if (tp + NS_INT16SZ > endp)
|
|
+ return (0);
|
|
+ *tp++ = (u_char) (val >> 8) & 0xff;
|
|
+ *tp++ = (u_char) val & 0xff;
|
|
+ }
|
|
+ if (colonp != NULL) {
|
|
+ /*
|
|
+ * Since some memmove()'s erroneously fail to handle
|
|
+ * overlapping regions, we'll do the shift by hand.
|
|
+ */
|
|
+ const int n = (int)(tp - colonp);
|
|
+ int i;
|
|
+
|
|
+ for (i = 1; i <= n; i++) {
|
|
+ endp[- i] = colonp[n - i];
|
|
+ colonp[n - i] = 0;
|
|
+ }
|
|
+ tp = endp;
|
|
+ }
|
|
+ if (tp != endp)
|
|
+ return (0);
|
|
+ memcpy(dst, tmp, NS_IN6ADDRSZ);
|
|
+ return (1);
|
|
+}
|
|
diff --git a/CryptoPkg/Library/Include/CrtLibSupport.h b/CryptoPkg/Library/Include/CrtLibSupport.h
|
|
index e603fad..5a20ba6 100644
|
|
--- a/CryptoPkg/Library/Include/CrtLibSupport.h
|
|
+++ b/CryptoPkg/Library/Include/CrtLibSupport.h
|
|
@@ -192,6 +192,7 @@ void abort (void) __attribute__((__noreturn__));
|
|
#else
|
|
void abort (void);
|
|
#endif
|
|
+int inet_pton (int, const char *, void *);
|
|
|
|
//
|
|
// Macros that directly map functions to BaseLib, BaseMemoryLib, and DebugLib functions
|
|
--
|
|
1.8.3.1
|
|
|