Skip to content

Commit

Permalink
NetworkPkg/Dhcp6Dxe: Fix sanitizer issues
Browse files Browse the repository at this point in the history
* EFI_DHCP6_DUID structure declares Duid[1], so the size
  of that structure is not large enough to hold an entire
  Duid. Instead, compute the correct size to allocate an
  EFI_DHCP6_DUID structure.
* Dhcp6AppendOption() takes a length parameter that in
  network order. Update test cases to make sure a network
  order length is passed in. A value of 0x0004 was being
  passed in and was then converted to 0x0400 length and
  buffer overflow was detected.

Signed-off-by: Michael D Kinney <[email protected]>
  • Loading branch information
mdkinney authored and lgao4 committed Nov 11, 2024
1 parent 171335e commit 77b4e48
Showing 1 changed file with 3 additions and 3 deletions.
6 changes: 3 additions & 3 deletions NetworkPkg/Dhcp6Dxe/GoogleTest/Dhcp6IoGoogleTest.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -161,7 +161,7 @@ TEST_F (Dhcp6AppendOptionTest, ValidDataExpectSuccess) {
Packet->Length = sizeof (EFI_DHCP6_HEADER);
OriginalLength = Packet->Length;

UntrustedDuid = (EFI_DHCP6_DUID *)AllocateZeroPool (sizeof (EFI_DHCP6_DUID));
UntrustedDuid = (EFI_DHCP6_DUID *)AllocateZeroPool (OFFSET_OF (EFI_DHCP6_DUID, Duid) + sizeof (Duid));
ASSERT_NE (UntrustedDuid, (EFI_DHCP6_DUID *)NULL);

UntrustedDuid->Length = NTOHS (sizeof (Duid));
Expand Down Expand Up @@ -763,7 +763,7 @@ TEST_F (Dhcp6SeekStsOptionTest, SeekIATAOptionExpectFail) {
Dhcp6SeekStsOptionTest::Packet,
&Option,
Dhcp6OptStatusCode,
SearchPatternLength,
HTONS (SearchPatternLength),
(UINT8 *)&SearchPattern
);
ASSERT_EQ (Status, EFI_SUCCESS);
Expand Down Expand Up @@ -815,7 +815,7 @@ TEST_F (Dhcp6SeekStsOptionTest, SeekIANAOptionExpectSuccess) {
Dhcp6SeekStsOptionTest::Packet,
&Option,
Dhcp6OptStatusCode,
SearchPatternLength,
HTONS (SearchPatternLength),
(UINT8 *)&SearchPattern
);
ASSERT_EQ (Status, EFI_SUCCESS);
Expand Down

0 comments on commit 77b4e48

Please sign in to comment.