diff options
author | Michael D Kinney <michael.d.kinney@intel.com> | 2024-10-23 18:51:22 -0700 |
---|---|---|
committer | mergify[bot] <37929162+mergify[bot]@users.noreply.github.com> | 2024-11-11 05:07:25 +0000 |
commit | 599c8309a5ece688a704b4f95d9a39de3fd3f81c (patch) | |
tree | ff777e8922883926c30347ec1f19542a8f987e77 | |
parent | 171335e34ea9c28845ae37d0d045cb9a5035eedb (diff) | |
download | edk2-599c8309a5ece688a704b4f95d9a39de3fd3f81c.tar.gz edk2-599c8309a5ece688a704b4f95d9a39de3fd3f81c.tar.bz2 edk2-599c8309a5ece688a704b4f95d9a39de3fd3f81c.zip |
NetworkPkg/Dhcp6Dxe: Fix sanitizer issues
* EFI_DHCP6_DUID structure declares Duid[1], so the size
of that structure is not large enough to hold an entire
Duid. Instead, compute the correct size to allocate an
EFI_DHCP6_DUID structure.
* Dhcp6AppendOption() takes a length parameter that in
network order. Update test cases to make sure a network
order length is passed in. A value of 0x0004 was being
passed in and was then converted to 0x0400 length and
buffer overflow was detected.
Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com>
-rw-r--r-- | NetworkPkg/Dhcp6Dxe/GoogleTest/Dhcp6IoGoogleTest.cpp | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/NetworkPkg/Dhcp6Dxe/GoogleTest/Dhcp6IoGoogleTest.cpp b/NetworkPkg/Dhcp6Dxe/GoogleTest/Dhcp6IoGoogleTest.cpp index 7db253a7b8..5998d481f6 100644 --- a/NetworkPkg/Dhcp6Dxe/GoogleTest/Dhcp6IoGoogleTest.cpp +++ b/NetworkPkg/Dhcp6Dxe/GoogleTest/Dhcp6IoGoogleTest.cpp @@ -161,7 +161,7 @@ TEST_F (Dhcp6AppendOptionTest, ValidDataExpectSuccess) { Packet->Length = sizeof (EFI_DHCP6_HEADER);
OriginalLength = Packet->Length;
- UntrustedDuid = (EFI_DHCP6_DUID *)AllocateZeroPool (sizeof (EFI_DHCP6_DUID));
+ UntrustedDuid = (EFI_DHCP6_DUID *)AllocateZeroPool (OFFSET_OF (EFI_DHCP6_DUID, Duid) + sizeof (Duid));
ASSERT_NE (UntrustedDuid, (EFI_DHCP6_DUID *)NULL);
UntrustedDuid->Length = NTOHS (sizeof (Duid));
@@ -763,7 +763,7 @@ TEST_F (Dhcp6SeekStsOptionTest, SeekIATAOptionExpectFail) { Dhcp6SeekStsOptionTest::Packet,
&Option,
Dhcp6OptStatusCode,
- SearchPatternLength,
+ HTONS (SearchPatternLength),
(UINT8 *)&SearchPattern
);
ASSERT_EQ (Status, EFI_SUCCESS);
@@ -815,7 +815,7 @@ TEST_F (Dhcp6SeekStsOptionTest, SeekIANAOptionExpectSuccess) { Dhcp6SeekStsOptionTest::Packet,
&Option,
Dhcp6OptStatusCode,
- SearchPatternLength,
+ HTONS (SearchPatternLength),
(UINT8 *)&SearchPattern
);
ASSERT_EQ (Status, EFI_SUCCESS);
|