Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[CHERRY-PICK] MdeModulePkg/Bus/Usb/UsbNetwork: Check array index range before access #774

Merged
merged 1 commit into from
Mar 20, 2024
Merged

[CHERRY-PICK] MdeModulePkg/Bus/Usb/UsbNetwork: Check array index range before access #774

merged 1 commit into from
Mar 20, 2024

Conversation

makubacki
Copy link
Member

Description

Checks that an offset used to access array elements is within
the expected range before accessing the array item.

Cc: Liming Gao gaoliming@byosoft.com.cn
Cc: Ray Ni ray.ni@intel.com
Cc: Rebecca Cran rebecca@bsdio.com
Cc: Richard Ho richardho@ami.com
Signed-off-by: Michael Kubacki michael.kubacki@microsoft.com
Reviewed-by: Liming Gao gaoliming@byosoft.com.cn
(cherry picked from commit 1f161a7)

  • Impacts functionality?
    • Functionality - Does the change ultimately impact how firmware functions?
    • Examples: Add a new library, publish a new PPI, update an algorithm, ...
  • Impacts security?
    • Security - Does the change have a direct security impact on an application,
      flow, or firmware?
    • Examples: Crypto algorithm change, buffer overflow fix, parameter
      validation improvement, ...
  • Breaking change?
    • Breaking change - Will anyone consuming this change experience a break
      in build or boot behavior?
    • Examples: Add a new library class, move a module to a different repo, call
      a function in a new library class in a pre-existing module, ...
  • Includes tests?
    • Tests - Does the change include any explicit test code?
    • Examples: Unit tests, integration tests, robot tests, ...
  • Includes documentation?
    • Documentation - Does the change contain explicit documentation additions
      outside direct code modifications (and comments)?
    • Examples: Update readme file, add feature readme file, link to documentation
      on an a separate Web page, ...

How This Was Tested

  • CodeQL locally and in CI.
  • MdeModulePkg build and CI.

Integration Instructions

N/A

@makubacki
[CHERRY-PICK] MdeModulePkg/Bus/Usb/UsbNetwork: Check array index rang…
f18be17 
…e before access

Checks that an offset used to access array elements is within the
expected range before accessing the array item.

Cc: Liming Gao <gaoliming@byosoft.com.cn>
Cc: Ray Ni <ray.ni@intel.com>
Cc: Rebecca Cran <rebecca@bsdio.com>
Cc: Richard Ho <richardho@ami.com>
Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>
Reviewed-by: Liming Gao <gaoliming@byosoft.com.cn>
(cherry picked from commit 1f161a7)
@makubacki makubacki added the semver:patch Pull requests that should increment the release patch version label Mar 20, 2024
@makubacki makubacki self-assigned this Mar 20, 2024
@github-actions github-actions bot added the impact:non-functional Does not have a functional impact label Mar 20, 2024
@makubacki makubacki enabled auto-merge (squash) March 20, 2024 20:10
@makubacki makubacki merged commit 6314188 into microsoft:release/202311 Mar 20, 2024
32 checks passed
ProjectMuBot referenced this pull request in microsoft/mu_tiano_platforms Mar 23, 2024
@ProjectMuBot
Bumps MU_BASECORE from 2023110002.0.1 to 2023110003.0.1
48815fa 
Introduces 16 new commits in [MU_BASECORE](https://github.com/microsoft/mu_basecore.git).

<details>
<summary>Commits</summary>
<ul>
<li><a href="https://github.com/microsoft/mu_basecore/commit/21b1647326d69c0dec0fdf8a6e420715f34f5f78">21b164</a> pip: update edk2-pytool-extensions requirement from ~=0.27.2 to ~=0.27.3 (<a href="https://github.com/microsoft/mu_basecore/pull/753">#753</a>)</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/09be074085bc0d2d93792671b0f9c8c2e9b88f17">09be07</a> pip: update edk2-pytool-library requirement from ~=0.21.3 to ~=0.21.4 (<a href="https://github.com/microsoft/mu_basecore/pull/760">#760</a>)</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/086463dde58d49debecbbc45664f92c918baa6e0">086463</a> Repo File Sync: prevent `rustup` from self-updating (<a href="https://github.com/microsoft/mu_basecore/pull/767">#767</a>)</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/60187565c895f091eaed3271da3bf015385217ef">601875</a> Revert "MdeModulePkg: Swap to MmuLib instead of Arm-specific lib and Drop all remaining references to ArmPkg"</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/fd0d5764acafaff8121e236d6067db85b124cfde">fd0d57</a> [CHERRY-PICK] MdeModulePkg: Remove ArmPkg Dependency</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/4584975b4bed3c4c6ccb047136ea0c6d52fb2815">458497</a> Remove ArmPkg Dependencies from NetworkPkg</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/3208cb338111936be8dd1103dfac20d5832d0993">3208cb</a> Remove ArmPkg and EmbeddedPkg Dependencies in StandaloneMmPkg</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/fba09d01a35746f4e8a3b03a70b1f13fb43342be">fba09d</a> [CHERRY-PICK] UefiCpuPkg: Adds SmmCpuSyncLib library class</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/f5417b804d5cb89dbbe384458fa6dfc0b81377ff">f5417b</a> [CHERRY-PICK] UefiCpuPkg: Implements SmmCpuSyncLib library instance</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/d421e2b9c9d1af511aca95a20f6fe483f646909b">d421e2</a> [CHERRY-PICK] UefiCpuPkg/PiSmmCpuDxeSmm: Consume SmmCpuSyncLib</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/bb7120572e7f8754fa46aaf01b76f9734ab4b29e">bb7120</a> [CHERRY-PICK] UefiCpuPkg/PiSmmCpuDxeSmm: Simplify RunningApCount decrement</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/631418833c96f3b775a7d12b751f2ad3fa420f84">631418</a> [CHERRY-PICK] MdeModulePkg/Bus/Usb/UsbNetwork: Check array index range before access (<a href="https://github.com/microsoft/mu_basecore/pull/774">#774</a>)</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/6cc02e2da5aef3364bc161854382cfada0c6a2b4">6cc02e</a> CryptoPkg/BaseCryptLib: add additional RSAES-OAEP crypto functions (<a href="https://github.com/microsoft/mu_basecore/pull/771">#771</a>)</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/d093b84ae7dcf27ab4554edfd1f8a80adc408e07">d093b8</a> [CHERRY-PICK] MdeModulePkg/TraceHubDebugSysTLib: Use wider type for loop comparisons (<a href="https://github.com/microsoft/mu_basecore/pull/775">#775</a>)</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/6db656f2bb8a411f06e863b22e60fe6c65341953">6db656</a> BmpCheckPlugin: Pass build vars to FDF parser (<a href="https://github.com/microsoft/mu_basecore/pull/776">#776</a>)</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/884e5da43136e0d56863ccb1c842fa74f10088ce">884e5d</a> CryptoPkg: Update shared crypto to 2023.11.2 (<a href="https://github.com/microsoft/mu_basecore/pull/777">#777</a>)</li>
</ul>
</details>

Signed-off-by: Project Mu Bot <mubot@microsoft.com>
@ProjectMuBot ProjectMuBot mentioned this pull request Mar 23, 2024
Closed
ProjectMuBot referenced this pull request in microsoft/mu_tiano_platforms Apr 3, 2024
@ProjectMuBot
Bumps MU_BASECORE from 2023110002.0.1 to 2023110003.1.0
e8e00a0 
Introduces 20 new commits in [MU_BASECORE](https://github.com/microsoft/mu_basecore.git).

<details>
<summary>Commits</summary>
<ul>
<li><a href="https://github.com/microsoft/mu_basecore/commit/21b1647326d69c0dec0fdf8a6e420715f34f5f78">21b164</a> pip: update edk2-pytool-extensions requirement from ~=0.27.2 to ~=0.27.3 (<a href="https://github.com/microsoft/mu_basecore/pull/753">#753</a>)</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/09be074085bc0d2d93792671b0f9c8c2e9b88f17">09be07</a> pip: update edk2-pytool-library requirement from ~=0.21.3 to ~=0.21.4 (<a href="https://github.com/microsoft/mu_basecore/pull/760">#760</a>)</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/086463dde58d49debecbbc45664f92c918baa6e0">086463</a> Repo File Sync: prevent `rustup` from self-updating (<a href="https://github.com/microsoft/mu_basecore/pull/767">#767</a>)</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/60187565c895f091eaed3271da3bf015385217ef">601875</a> Revert "MdeModulePkg: Swap to MmuLib instead of Arm-specific lib and Drop all remaining references to ArmPkg"</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/fd0d5764acafaff8121e236d6067db85b124cfde">fd0d57</a> [CHERRY-PICK] MdeModulePkg: Remove ArmPkg Dependency</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/4584975b4bed3c4c6ccb047136ea0c6d52fb2815">458497</a> Remove ArmPkg Dependencies from NetworkPkg</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/3208cb338111936be8dd1103dfac20d5832d0993">3208cb</a> Remove ArmPkg and EmbeddedPkg Dependencies in StandaloneMmPkg</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/fba09d01a35746f4e8a3b03a70b1f13fb43342be">fba09d</a> [CHERRY-PICK] UefiCpuPkg: Adds SmmCpuSyncLib library class</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/f5417b804d5cb89dbbe384458fa6dfc0b81377ff">f5417b</a> [CHERRY-PICK] UefiCpuPkg: Implements SmmCpuSyncLib library instance</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/d421e2b9c9d1af511aca95a20f6fe483f646909b">d421e2</a> [CHERRY-PICK] UefiCpuPkg/PiSmmCpuDxeSmm: Consume SmmCpuSyncLib</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/bb7120572e7f8754fa46aaf01b76f9734ab4b29e">bb7120</a> [CHERRY-PICK] UefiCpuPkg/PiSmmCpuDxeSmm: Simplify RunningApCount decrement</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/631418833c96f3b775a7d12b751f2ad3fa420f84">631418</a> [CHERRY-PICK] MdeModulePkg/Bus/Usb/UsbNetwork: Check array index range before access (<a href="https://github.com/microsoft/mu_basecore/pull/774">#774</a>)</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/6cc02e2da5aef3364bc161854382cfada0c6a2b4">6cc02e</a> CryptoPkg/BaseCryptLib: add additional RSAES-OAEP crypto functions (<a href="https://github.com/microsoft/mu_basecore/pull/771">#771</a>)</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/d093b84ae7dcf27ab4554edfd1f8a80adc408e07">d093b8</a> [CHERRY-PICK] MdeModulePkg/TraceHubDebugSysTLib: Use wider type for loop comparisons (<a href="https://github.com/microsoft/mu_basecore/pull/775">#775</a>)</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/6db656f2bb8a411f06e863b22e60fe6c65341953">6db656</a> BmpCheckPlugin: Pass build vars to FDF parser (<a href="https://github.com/microsoft/mu_basecore/pull/776">#776</a>)</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/884e5da43136e0d56863ccb1c842fa74f10088ce">884e5d</a> CryptoPkg: Update shared crypto to 2023.11.2 (<a href="https://github.com/microsoft/mu_basecore/pull/777">#777</a>)</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/c8f98831a5e24496ce1707f58588792973959f2c">c8f988</a> Added Mock GoogleTest folder for PolicyLibCommon (<a href="https://github.com/microsoft/mu_basecore/pull/780">#780</a>)</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/888b27ce79184023034d6afe5a89af22f1a6a0fb">888b27</a> Rework Buildtime Random Stack Cookie Values to Improve Incremental Build Times and Ensure Binary Reproducibility (<a href="https://github.com/microsoft/mu_basecore/pull/773">#773</a>)</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/633535478ed1ad44b5f5a6b9ec7f076560bd0308">633535</a> BaseTools: InfBuildData: Fix Private dec data retrieval (<a href="https://github.com/microsoft/mu_basecore/pull/785">#785</a>)</li>
<li><a href="https://github.com/microsoft/mu_basecore/commit/dcdd08f1f09de204b5c8499a7799981060802399">dcdd08</a> Add CRC16 CCITT False Implementation (<a href="https://github.com/microsoft/mu_basecore/pull/782">#782</a>)</li>
</ul>
</details>

Signed-off-by: Project Mu Bot <mubot@microsoft.com>
@ProjectMuBot ProjectMuBot mentioned this pull request Apr 3, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@apop5 apop5 apop5 approved these changes

@kenlautner kenlautner kenlautner approved these changes

Assignees

@makubacki makubacki

Labels
impact:non-functional Does not have a functional impact semver:patch Pull requests that should increment the release patch version
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@makubacki @kenlautner @apop5