[PUBLIC edk2 PATCH v2 00/10] NetworkPkg/IScsiDxe: fix IScsiHexToBin() security and functionality bugs

Laszlo Ersek

Bugzilla: https://bugzilla.tianocore.org/show_bug.cgi?id=3356
Repo: https://pagure.io/lersek/edk2.git
Branch: iscsi_overflow_bz3356

The main goal of this series is to fix a remotely exploitable buffer
overflow in the IScsiHexToBin() function.

This posting corresponds to:


meaning that it corresponds to the v2 patches attached to, and tested


and that it carries Phil's and Maciej's R-b's that were given up to

Today is the Public Date for this embargoed security issue; I intend to
merge the patches tomorrow, based on Maciej's (already given) R-b.
(Simultaneously with this posting, I'm opening up the BZ publicly.) No
further review is required; the one day delay on the list is just to
give the community a (brief) opportunity to speak up, before the patches
are merged.

Cc: Jiaxin Wu <jiaxin.wu@...>
Cc: Maciej Rabeda <maciej.rabeda@...>
Cc: Philippe Mathieu-Daudé <philmd@...>
Cc: Siyuan Fu <siyuan.fu@...>


Laszlo Ersek (10):
NetworkPkg/IScsiDxe: wrap IScsiCHAP source files to 80 characters
NetworkPkg/IScsiDxe: simplify "ISCSI_CHAP_AUTH_DATA.InChallenge" size
NetworkPkg/IScsiDxe: clean up
NetworkPkg/IScsiDxe: clean up library class dependencies
NetworkPkg/IScsiDxe: fix potential integer overflow in IScsiBinToHex()
NetworkPkg/IScsiDxe: assert that IScsiBinToHex() always succeeds
NetworkPkg/IScsiDxe: reformat IScsiHexToBin() leading comment block
NetworkPkg/IScsiDxe: fix IScsiHexToBin() hex parsing
NetworkPkg/IScsiDxe: fix IScsiHexToBin() buffer overflow
NetworkPkg/IScsiDxe: check IScsiHexToBin() return values

NetworkPkg/IScsiDxe/IScsiCHAP.c | 108 +++++++++++++++-----
NetworkPkg/IScsiDxe/IScsiCHAP.h | 14 ++-
NetworkPkg/IScsiDxe/IScsiDxe.inf | 7 +-
NetworkPkg/IScsiDxe/IScsiImpl.h | 18 ++--
NetworkPkg/IScsiDxe/IScsiMisc.c | 65 +++++++++---
NetworkPkg/IScsiDxe/IScsiMisc.h | 19 ++--
6 files changed, 166 insertions(+), 65 deletions(-)


Join devel@edk2.groups.io to automatically receive all group messages.