9fe974a680
Fix CVE-2023-45229、CVE-2023-45230、CVE-2023-45231、 CVE-2023-45232、CVE-2023-45233、CVE-2023-45234、CVE-2023-45235 Signed-off-by: yexiao <yexiao7@huawei.com>
57 lines
1.5 KiB
Diff
57 lines
1.5 KiB
Diff
From 816a19fcd3a2b9a4b32de4613a9e6dc60814ee4f Mon Sep 17 00:00:00 2001
|
|
From: adttil <13380049+adttil@user.noreply.gitee.com>
|
|
Date: Sat, 24 Feb 2024 14:20:27 +0800
|
|
Subject: [PATCH 06/13] NetworkPkg: Ip6Dxe: SECURITY PATCH CVE-2023-45231 Patch
|
|
|
|
Bug Overview:
|
|
PixieFail Bug #3
|
|
CVE-2023-45231
|
|
CVSS 6.5 : CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
|
CWE-125 Out-of-bounds Read
|
|
|
|
Out-of-bounds read when handling a ND Redirect message with truncated
|
|
options
|
|
|
|
Change Overview:
|
|
|
|
Adds a check to prevent truncated options from being parsed
|
|
+ //
|
|
+ // Cannot process truncated options.
|
|
+ // Cannot process options with a length of 0 as there is no Type
|
|
field.
|
|
+ //
|
|
+ if (OptionLen < sizeof (IP6_OPTION_HEADER)) {
|
|
+ return FALSE;
|
|
+ }
|
|
|
|
Signed-off-by: Doug Flick [MSFT] <doug.edk2@gmail.com>
|
|
|
|
ref: https://github.com/tianocore/edk2/commit/bbfee34f4188ac00371abe1389ae9c9fb989a0cd
|
|
Signed-off-by: yexiao yexiao7@huawei.com
|
|
---
|
|
NetworkPkg/Ip6Dxe/Ip6Option.c | 8 ++++++++
|
|
1 file changed, 8 insertions(+)
|
|
|
|
diff --git a/NetworkPkg/Ip6Dxe/Ip6Option.c b/NetworkPkg/Ip6Dxe/Ip6Option.c
|
|
index 6b4b029d..5c48006f 100644
|
|
--- a/NetworkPkg/Ip6Dxe/Ip6Option.c
|
|
+++ b/NetworkPkg/Ip6Dxe/Ip6Option.c
|
|
@@ -138,6 +138,14 @@ Ip6IsNDOptionValid (
|
|
return FALSE;
|
|
}
|
|
|
|
+ //
|
|
+ // Cannot process truncated options.
|
|
+ // Cannot process options with a length of 0 as there is no Type field.
|
|
+ //
|
|
+ if (OptionLen < sizeof (IP6_OPTION_HEADER)) {
|
|
+ return FALSE;
|
|
+ }
|
|
+
|
|
Offset = 0;
|
|
|
|
//
|
|
--
|
|
2.33.0
|
|
|