Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
NetworkPkg: UefiPxeBcDxe: SECURITY PATCH CVE-2023-45234 Patch
REF:https://bugzilla.tianocore.org/show_bug.cgi?id=4539 Bug Details: PixieFail Bug tianocore#6 CVE-2023-45234 CVSS 8.3 : CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer Buffer overflow when processing DNS Servers option in a DHCPv6 Advertise message Change Overview: Introduces a function to cache the Dns Server and perform sanitizing on the incoming DnsServerLen to ensure that the length is valid > + EFI_STATUS > + PxeBcCacheDnsServerAddresses ( > + IN PXEBC_PRIVATE_DATA *Private, > + IN PXEBC_DHCP6_PACKET_CACHE *Cache6 > + ) Additional code cleanup Bug 4457168 Cc: Saloni Kasbekar <[email protected]> Cc: Zachary Clark-williams <[email protected]> Signed-off-by: Doug Flick [MSFT] <[email protected]> Reviewed-by: Saloni Kasbekar <[email protected]> Change-Id: Ibfee820cc46eda0468d9a7cb1ab2565ac60059e5 Reviewed-on: https://git-master.nvidia.com/r/c/3rdparty/edk2/+/3073488 Reviewed-by: svcacv <[email protected]> Reviewed-by: svc-sw-mobile-l4t <[email protected]> Reviewed-by: Jeff Brasen <[email protected]> GVS: Gerrit_Virtual_Submit <[email protected]> Tested-by: Jeff Brasen <[email protected]>
- Loading branch information