edk2 - Cross-platform firmware development environment

diff options

author	Jiaxin Wu <Jiaxin.wu@intel.com>	2018-07-02 09:20:56 +0800
committer	Jiaxin Wu <Jiaxin.wu@intel.com>	2019-02-28 08:39:16 +0800
commit	84110bbe4bb3a346514b9bb12eadb7586bca7dfd (patch)
tree	7101546393771f08a14293f6e72c2df0505488d8 /MdePkg/Include/Ia32
parent	38c9fbdcaa0219eb86fe82d90e3f8cfb5a54be9f (diff)
download	edk2-84110bbe4bb3a346514b9bb12eadb7586bca7dfd.tar.gz edk2-84110bbe4bb3a346514b9bb12eadb7586bca7dfd.tar.bz2 edk2-84110bbe4bb3a346514b9bb12eadb7586bca7dfd.zip

NetworkPkg/DnsDxe: [CVE-2018-12178] Check the received packet size before parsing the message.

Fix CVE-2018-12178 REF: https://bugzilla.tianocore.org/show_bug.cgi?id=809 The DNS driver only checks the received packet size against the minimum DNS header size in DnsOnPacketReceived(), later it accesses the QueryName and QuerySection beyond the header scope, which might cause the pointer within DNS driver points to an invalid entry or modifies the memory content beyond the header scope. This patch is to fix above problem. Cc: Ye Ting <ting.ye@intel.com> Cc: Fu Siyuan <siyuan.fu@intel.com> Cc: Wang Fan <fan.wang@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Wu Jiaxin <jiaxin.wu@intel.com> Reviewed-by: Siyuan Fu <siyuan.fu@intel.com>

Diffstat (limited to 'MdePkg/Include/Ia32')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: