Projects
openEuler:20.03:LTS:SP3
edk2
_service:tar_scm_kernel_repo:0072-NetworkPkg-Ip...
Sign Up
Log In
Username
Password
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File _service:tar_scm_kernel_repo:0072-NetworkPkg-Ip6Dxe-SECURITY-PATCH-CVE-2023-45231-Patc.patch of Package edk2
From e6b179d4fbab5e878b5ba562d70c1ed75b9d6c7a Mon Sep 17 00:00:00 2001 From: adttil <13380049+adttil@user.noreply.gitee.com> Date: Sat, 24 Feb 2024 14:20:27 +0800 Subject: [PATCH 07/14] NetworkPkg: Ip6Dxe: SECURITY PATCH CVE-2023-45231 Patch Bug Overview: PixieFail Bug #3 CVE-2023-45231 CVSS 6.5 : CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CWE-125 Out-of-bounds Read Out-of-bounds read when handling a ND Redirect message with truncated options Change Overview: Adds a check to prevent truncated options from being parsed + // + // Cannot process truncated options. + // Cannot process options with a length of 0 as there is no Type field. + // + if (OptionLen < sizeof (IP6_OPTION_HEADER)) { + return FALSE; + } Signed-off-by: Doug Flick [MSFT] <doug.edk2@gmail.com> ref: https://github.com/tianocore/edk2/commit/bbfee34f4188ac00371abe1389ae9c9fb989a0cd Signed-off-by: yexiao yexiao7@huawei.com --- NetworkPkg/Ip6Dxe/Ip6Option.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/NetworkPkg/Ip6Dxe/Ip6Option.c b/NetworkPkg/Ip6Dxe/Ip6Option.c index 364e124e..33ca3746 100644 --- a/NetworkPkg/Ip6Dxe/Ip6Option.c +++ b/NetworkPkg/Ip6Dxe/Ip6Option.c @@ -138,6 +138,14 @@ Ip6IsNDOptionValid ( return FALSE; } + // + // Cannot process truncated options. + // Cannot process options with a length of 0 as there is no Type field. + // + if (OptionLen < sizeof (IP6_OPTION_HEADER)) { + return FALSE; + } + Offset = 0; // -- 2.33.0
Locations
Projects
Search
Status Monitor
Help
Open Build Service
OBS Manuals
API Documentation
OBS Portal
Reporting a Bug
Contact
Mailing List
Forums
Chat (IRC)
Twitter
Open Build Service (OBS)
is an
openSUSE project
.