Hi Samer, The original code in Ip6GetPrefix() uses ASSERT() to guarantee the PrefixLength < IP6_PREFIX_NUM. If you think the patch is necessary I suggest to update the ASSERT() code as well. Do you agree?
Thanks, Ting -----Original Message----- From: edk2-devel [mailto:edk2-devel-boun...@lists.01.org] On Behalf Of Samer El-Haj-Mahmoud Sent: Friday, February 12, 2016 7:58 AM To: edk2-devel@lists.01.org Cc: Samer El-Haj-Mahmoud; Fu, Siyuan Subject: [edk2] [PATCH] NetworkPkg: better sanity check on Ipv6 prefix length Fix a possible buffer overrun issue that could occur if PrefixLength > 128 . Changed == 128 to >= 128. Also remove check for Byte < 16, which is no longer possible because of the first change. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Samer El-Haj-Mahmoud <el...@hpe.com> --- NetworkPkg/Ip6Dxe/Ip6Icmp.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/NetworkPkg/Ip6Dxe/Ip6Icmp.c b/NetworkPkg/Ip6Dxe/Ip6Icmp.c index db40b81..f6a9bb4 100644 --- a/NetworkPkg/Ip6Dxe/Ip6Icmp.c +++ b/NetworkPkg/Ip6Dxe/Ip6Icmp.c @@ -2,7 +2,8 @@ The ICMPv6 handle routines to process the ICMPv6 control messages. Copyright (c) 2009 - 2010, Intel Corporation. All rights reserved.<BR> - + (C) Copyright 2016 Hewlett Packard Enterprise Development LP<BR> + This program and the accompanying materials are licensed and made available under the terms and conditions of the BSD License which accompanies this distribution. The full text of the license may be found at @@ -479,7 +480,7 @@ Ip6GetPrefix ( return ; } - if (PrefixLength == IP6_PREFIX_NUM - 1) { + if (PrefixLength >= IP6_PREFIX_NUM - 1) { return ; } @@ -487,7 +488,7 @@ Ip6GetPrefix ( Bit = (UINT8) (PrefixLength % 8); Value = Prefix->Addr[Byte]; - if ((Byte > 0) && (Byte < 16)) { + if (Byte > 0) { ZeroMem (Prefix->Addr + Byte, 16 - Byte); } -- 2.6.3.windows.1 _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
