summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMichael D Kinney <michael.d.kinney@intel.com>2024-10-24 04:51:22 +0300
committermergify[bot] <37929162+mergify[bot]@users.noreply.github.com>2024-11-11 08:07:25 +0300
commit599c8309a5ece688a704b4f95d9a39de3fd3f81c (patch)
treeff777e8922883926c30347ec1f19542a8f987e77
parent171335e34ea9c28845ae37d0d045cb9a5035eedb (diff)
downloadedk2-599c8309a5ece688a704b4f95d9a39de3fd3f81c.tar.xz
NetworkPkg/Dhcp6Dxe: Fix sanitizer issues
* EFI_DHCP6_DUID structure declares Duid[1], so the size of that structure is not large enough to hold an entire Duid. Instead, compute the correct size to allocate an EFI_DHCP6_DUID structure. * Dhcp6AppendOption() takes a length parameter that in network order. Update test cases to make sure a network order length is passed in. A value of 0x0004 was being passed in and was then converted to 0x0400 length and buffer overflow was detected. Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com>
-rw-r--r--NetworkPkg/Dhcp6Dxe/GoogleTest/Dhcp6IoGoogleTest.cpp6
1 files changed, 3 insertions, 3 deletions
diff --git a/NetworkPkg/Dhcp6Dxe/GoogleTest/Dhcp6IoGoogleTest.cpp b/NetworkPkg/Dhcp6Dxe/GoogleTest/Dhcp6IoGoogleTest.cpp
index 7db253a7b8..5998d481f6 100644
--- a/NetworkPkg/Dhcp6Dxe/GoogleTest/Dhcp6IoGoogleTest.cpp
+++ b/NetworkPkg/Dhcp6Dxe/GoogleTest/Dhcp6IoGoogleTest.cpp
@@ -161,7 +161,7 @@ TEST_F (Dhcp6AppendOptionTest, ValidDataExpectSuccess) {
Packet->Length = sizeof (EFI_DHCP6_HEADER);
OriginalLength = Packet->Length;
- UntrustedDuid = (EFI_DHCP6_DUID *)AllocateZeroPool (sizeof (EFI_DHCP6_DUID));
+ UntrustedDuid = (EFI_DHCP6_DUID *)AllocateZeroPool (OFFSET_OF (EFI_DHCP6_DUID, Duid) + sizeof (Duid));
ASSERT_NE (UntrustedDuid, (EFI_DHCP6_DUID *)NULL);
UntrustedDuid->Length = NTOHS (sizeof (Duid));
@@ -763,7 +763,7 @@ TEST_F (Dhcp6SeekStsOptionTest, SeekIATAOptionExpectFail) {
Dhcp6SeekStsOptionTest::Packet,
&Option,
Dhcp6OptStatusCode,
- SearchPatternLength,
+ HTONS (SearchPatternLength),
(UINT8 *)&SearchPattern
);
ASSERT_EQ (Status, EFI_SUCCESS);
@@ -815,7 +815,7 @@ TEST_F (Dhcp6SeekStsOptionTest, SeekIANAOptionExpectSuccess) {
Dhcp6SeekStsOptionTest::Packet,
&Option,
Dhcp6OptStatusCode,
- SearchPatternLength,
+ HTONS (SearchPatternLength),
(UINT8 *)&SearchPattern
);
ASSERT_EQ (Status, EFI_SUCCESS);