rpms/edk2
7
0
Fork 0
Code Issues Pull Requests Releases Activity
fe4d8ec127
edk2/edk2-NetworkPkg-Ip6Dxe-SECURITY-PATCH-CVE-2023-45231-Patc.patch
Miroslav Rezanina 0aa9ecf1e3 * Tue Feb 27 2024 Miroslav Rezanina <mrezanin@redhat.com> - 20220126gitbb1bba3d77-12 
- edk2-Apply-uncrustify-changes-to-.c-.h-files-in-the-Netwo.patch [RHEL-21840 RHEL-21844 RHEL-21846 RHEL-21848 RHEL-21850 RHEL-21852]
- edk2-NetworkPkg-Ip6Dxe-SECURITY-PATCH-CVE-2023-45231-Patc.patch [RHEL-21840 RHEL-21844 RHEL-21846 RHEL-21848 RHEL-21850 RHEL-21852]
- edk2-NetworkPkg-Ip6Dxe-SECURITY-PATCH-CVE-2023-45231-Unit.patch [RHEL-21840 RHEL-21844 RHEL-21846 RHEL-21848 RHEL-21850 RHEL-21852]
- edk2-NetworkPkg-Ip6Dxe-SECURITY-PATCH-CVE-2023-45232-Patc.patch [RHEL-21840 RHEL-21844 RHEL-21846 RHEL-21848 RHEL-21850 RHEL-21852]
- edk2-NetworkPkg-Ip6Dxe-SECURITY-PATCH-CVE-2023-45232-Unit.patch [RHEL-21840 RHEL-21844 RHEL-21846 RHEL-21848 RHEL-21850 RHEL-21852]
- edk2-NetworkPkg-Apply-uncrustify-changes.patch [RHEL-21840 RHEL-21844 RHEL-21846 RHEL-21848 RHEL-21850 RHEL-21852]
- edk2-NetworkPkg-UefiPxeBcDxe-SECURITY-PATCH-CVE-2023-4523.patch [RHEL-21840 RHEL-21844 RHEL-21846 RHEL-21848 RHEL-21850 RHEL-21852]
- edk2-NetworkPkg-UefiPxeBcDxe-SECURITY-PATCH-CVE-2023-4523p2.patch [RHEL-21840 RHEL-21844 RHEL-21846 RHEL-21848 RHEL-21850 RHEL-21852]
- edk2-NetworkPkg-UefiPxeBcDxe-SECURITY-PATCH-CVE-2023-4523p3.patch [RHEL-21840 RHEL-21844 RHEL-21846 RHEL-21848 RHEL-21850 RHEL-21852]
- edk2-NetworkPkg-UefiPxeBcDxe-SECURITY-PATCH-CVE-2023-4523p4.patch [RHEL-21840 RHEL-21844 RHEL-21846 RHEL-21848 RHEL-21850 RHEL-21852]
- edk2-NetworkPkg-Adds-a-SecurityFix.yaml-file.patch [RHEL-21840 RHEL-21844 RHEL-21846 RHEL-21848 RHEL-21850 RHEL-21852]
- edk2-NetworkPkg-Apply-uncrustify-changes-p2.patch [RHEL-21840 RHEL-21844 RHEL-21846 RHEL-21848 RHEL-21850 RHEL-21852]
- edk2-NetworkPkg-Dhcp6Dxe-SECURITY-PATCH-CVE-2023-45229-Re.patch [RHEL-21840 RHEL-21844 RHEL-21846 RHEL-21848 RHEL-21850 RHEL-21852]
- edk2-NetworkPkg-Dhcp6Dxe-Removes-duplicate-check-and-repl.patch [RHEL-21840 RHEL-21844 RHEL-21846 RHEL-21848 RHEL-21850 RHEL-21852]
- edk2-NetworkPkg-Dhcp6Dxe-Packet-Length-is-not-updated-bef.patch [RHEL-21840 RHEL-21844 RHEL-21846 RHEL-21848 RHEL-21850 RHEL-21852]
- Resolves: RHEL-21840
  (CVE-2023-45229 edk2: Integer underflow when processing IA_NA/IA_TA options in a DHCPv6 Advertise message [rhel-8])
- Resolves: RHEL-21844
  (CVE-2023-45231 edk2: Out of Bounds read when handling a ND Redirect message with truncated options [rhel-8])
- Resolves: RHEL-21846
  (CVE-2023-45232 edk2: Infinite loop when parsing unknown options in the Destination Options header [rhel-8])
- Resolves: RHEL-21848
  (CVE-2023-45233 edk2: Infinite loop when parsing a PadN option in the Destination Options header [rhel-8])
- Resolves: RHEL-21850
  (CVE-2023-45234 edk2: Buffer overflow when processing DNS Servers option in a DHCPv6 Advertise message [rhel-8])
- Resolves: RHEL-21852
  (CVE-2023-45235 edk2: Buffer overflow when handling Server ID option from a DHCPv6 proxy Advertise message [rhel-8])
2024-02-27 06:10:11 -05:00

79 lines
2.3 KiB
Diff
Raw Blame History

From e3f153773bd2ca13ee4869187f1711840fc8afc9 Mon Sep 17 00:00:00 2001
From: Jon Maloy <jmaloy@redhat.com>
Date: Thu, 15 Feb 2024 11:51:09 -0500
Subject: [PATCH 02/15] NetworkPkg: Ip6Dxe: SECURITY PATCH CVE-2023-45231 Patch
RH-Author: Jon Maloy <jmaloy@redhat.com>
RH-MergeRequest: 56: Pixiefail issues in NetworkPkg package
RH-Jira: RHEL-21840 RHEL-21844 RHEL-21846 RHEL-21848 RHEL-21850 RHEL-21852
RH-Acked-by: Gerd Hoffmann <None>
RH-Acked-by: Oliver Steffen <osteffen@redhat.com>
RH-Commit: [2/15] 61eaf6aac61b774c3a8ace54af8abd607651d2db
JIRA: https://issues.redhat.com/browse/RHEL-21844
CVE: CVE-2022-45231
Upstream: Merged
commit bbfee34f4188ac00371abe1389ae9c9fb989a0cd
Author: Doug Flick <dougflick@microsoft.com>
Date: Fri Jan 26 05:54:48 2024 +0800
NetworkPkg: Ip6Dxe: SECURITY PATCH CVE-2023-45231 Patch
REF:https://bugzilla.tianocore.org/show_bug.cgi?id=4536
Bug Overview:
PixieFail Bug #3
CVE-2023-45231
CVSS 6.5 : CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE-125 Out-of-bounds Read
Out-of-bounds read when handling a ND Redirect message with truncated
options
Change Overview:
Adds a check to prevent truncated options from being parsed
+ //
+ // Cannot process truncated options.
+ // Cannot process options with a length of 0 as there is no Type
field.
+ //
+ if (OptionLen < sizeof (IP6_OPTION_HEADER)) {
+ return FALSE;
+ }
Cc: Saloni Kasbekar <saloni.kasbekar@intel.com>
Cc: Zachary Clark-williams <zachary.clark-williams@intel.com>
Signed-off-by: Doug Flick [MSFT] <doug.edk2@gmail.com>
Reviewed-by: Saloni Kasbekar <saloni.kasbekar@intel.com>
Signed-off-by: Jon Maloy <jmaloy@redhat.com>
---
NetworkPkg/Ip6Dxe/Ip6Option.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/NetworkPkg/Ip6Dxe/Ip6Option.c b/NetworkPkg/Ip6Dxe/Ip6Option.c
index 199eea124d..8718d5d875 100644
--- a/NetworkPkg/Ip6Dxe/Ip6Option.c
+++ b/NetworkPkg/Ip6Dxe/Ip6Option.c
@@ -137,6 +137,14 @@ Ip6IsNDOptionValid (
return FALSE;
}
+ //
+ // Cannot process truncated options.
+ // Cannot process options with a length of 0 as there is no Type field.
+ //
+ if (OptionLen < sizeof (IP6_OPTION_HEADER)) {
+ return FALSE;
+ }
+
Offset = 0;
//
--
2.39.3
Reference in New Issue View Git Blame Copy Permalink