Thanks Laszlo, I will update the subject to include the CVE number when commit the patch.
> -----Original Message----- > From: Laszlo Ersek [mailto:[email protected]] > Sent: Tuesday, February 26, 2019 7:17 PM > To: Wu, Jiaxin <[email protected]>; [email protected] > Cc: Ye, Ting <[email protected]>; Wang, Fan <[email protected]>; Fu, Siyuan > <[email protected]> > Subject: Re: [edk2] [PATCH v1] NetworkPkg/DnsDxe: Check the received packet > size before parsing the message. > > On 02/26/19 09:14, Jiaxin Wu wrote: > > Fix CVE-2018-12178 > > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=809 > > > > The DNS driver only checks the received packet size against the > > minimum DNS header size in DnsOnPacketReceived(), later it accesses > > the QueryName and QuerySection beyond the header scope, which might > > cause the pointer within DNS driver points to an invalid entry or > > modifies the memory content beyond the header scope. > > > > This patch is to fix above problem. > > > > Cc: Ye Ting <[email protected]> > > Cc: Fu Siyuan <[email protected]> > > Cc: Wang Fan <[email protected]> > > Contributed-under: TianoCore Contribution Agreement 1.0 > > Signed-off-by: Wu Jiaxin <[email protected]> > > --- > > NetworkPkg/DnsDxe/DnsImpl.c | 77 ++++++++++++++++++++++++++++++++-- > --- > > NetworkPkg/DnsDxe/DnsImpl.h | 2 + > > 2 files changed, 69 insertions(+), 10 deletions(-) > > Please put the precise CVE number in the subject line. > > Laszlo _______________________________________________ edk2-devel mailing list [email protected] https://lists.01.org/mailman/listinfo/edk2-devel
