summaryrefslogtreecommitdiff
path: root/NetworkPkg
AgeCommit message (Collapse)AuthorFilesLines
2024-02-14NetworkPkg: : Updating SecurityFixes.yamlDoug Flick1-0/+1
This captures the related security change for Dhcp6Dxe that is related to CVE-2023-45229 Cc: Saloni Kasbekar <saloni.kasbekar@intel.com> Cc: Zachary Clark-williams <zachary.clark-williams@intel.com> Signed-off-by: Doug Flick [MSFT] <doug.edk2@gmail.com> Reviewed-by: Saloni Kasbekar <saloni.kasbekar@intel.com> Reviewed-by: Leif Lindholm <quic_llindhol@quicinc.com>
2024-02-14NetworkPkg: Dhcp6Dxe: Packet-Length is not updated before appendingDoug Flick1-5/+5
In order for Dhcp6AppendIaAddrOption (..) to safely append the IA Address option, the Packet-Length field must be updated before appending the option. Cc: Saloni Kasbekar <saloni.kasbekar@intel.com> Cc: Zachary Clark-williams <zachary.clark-williams@intel.com> Signed-off-by: Doug Flick [MSFT] <doug.edk2@gmail.com> Reviewed-by: Saloni Kasbekar <saloni.kasbekar@intel.com> Reviewed-by: Leif Lindholm <quic_llindhol@quicinc.com>
2024-02-14NetworkPkg: Dhcp6Dxe: Removes duplicate check and replaces with macroDoug Flick1-25/+19
Removes duplicate check after merge > > // > // Verify the PacketCursor is within the packet > // > if ( (*PacketCursor < Packet->Dhcp6.Option) > || (*PacketCursor >= Packet->Dhcp6.Option + (Packet->Size - sizeof (EFI_DHCP6_HEADER)))) > { > return EFI_INVALID_PARAMETER; > } > Converts the check to a macro and replaces all instances of the check with the macro Cc: Saloni Kasbekar <saloni.kasbekar@intel.com> Cc: Zachary Clark-williams <zachary.clark-williams@intel.com> Signed-off-by: Doug Flick [MSFT] <doug.edk2@gmail.com> Reviewed-by: Saloni Kasbekar <saloni.kasbekar@intel.com> Reviewed-by: Leif Lindholm <quic_llindhol@quicinc.com>
2024-02-14NetworkPkg: Dhcp6Dxe: SECURITY PATCH CVE-2023-45229 Related PatchDoug Flick2-17/+75
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4673 REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4534 This was not part of the Quarkslab bugs however the same pattern as CVE-2023-45229 exists in Dhcp6UpdateIaInfo. This patch replaces the code in question with the safe function created to patch CVE-2023-45229 > > if (EFI_ERROR ( > Dhcp6SeekInnerOptionSafe ( > Instance->Config->IaDescriptor.Type, > Option, > OptionLen, > &IaInnerOpt, > &IaInnerLen > ) > )) > { > return EFI_DEVICE_ERROR; > } > Additionally corrects incorrect usage of macro to read the status > - StsCode = NTOHS (ReadUnaligned16 ((UINT16 *)DHCP6_OFFSET_OF_OPT_LEN (Option))); > + StsCode = NTOHS (ReadUnaligned16 ((UINT16 *) DHCP6_OFFSET_OF_STATUS_CODE (Option)); Cc: Saloni Kasbekar <saloni.kasbekar@intel.com> Cc: Zachary Clark-williams <zachary.clark-williams@intel.com> Signed-off-by: Doug Flick [MSFT] <doug.edk2@gmail.com> Reviewed-by: Saloni Kasbekar <saloni.kasbekar@intel.com> Reviewed-by: Leif Lindholm <quic_llindhol@quicinc.com>
2024-02-06NetworkPkg: : Adds a SecurityFix.yaml fileDoug Flick via groups.io1-0/+123
This creates / adds a security file that tracks the security fixes found in this package and can be used to find the fixes that were applied. Cc: Saloni Kasbekar <saloni.kasbekar@intel.com> Cc: Zachary Clark-williams <zachary.clark-williams@intel.com> Signed-off-by: Doug Flick [MSFT] <doug.edk2@gmail.com> Reviewed-by: Saloni Kasbekar <saloni.kasbekar@intel.com>
2024-02-06NetworkPkg: UefiPxeBcDxe: SECURITY PATCH CVE-2023-45235 Unit TestsDoug Flick3-3/+298
REF:https://bugzilla.tianocore.org/show_bug.cgi?id=4540 Unit tests to confirm that the bug.. Buffer overflow when handling Server ID option from a DHCPv6 proxy Advertise message ..has been patched. This patch contains unit tests for the following functions: PxeBcRequestBootService PxeBcDhcp6Discover Cc: Saloni Kasbekar <saloni.kasbekar@intel.com> Cc: Zachary Clark-williams <zachary.clark-williams@intel.com> Signed-off-by: Doug Flick [MSFT] <doug.edk2@gmail.com> Reviewed-by: Saloni Kasbekar <saloni.kasbekar@intel.com>
2024-02-06NetworkPkg: UefiPxeBcDxe: SECURITY PATCH CVE-2023-45235 PatchDoug Flick2-16/+78
REF:https://bugzilla.tianocore.org/show_bug.cgi?id=4540 Bug Details: PixieFail Bug #7 CVE-2023-45235 CVSS 8.3 : CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer Buffer overflow when handling Server ID option from a DHCPv6 proxy Advertise message Change Overview: Performs two checks 1. Checks that the length of the duid is accurate > + // > + // Check that the minimum and maximum requirements are met > + // > + if ((OpLen < PXEBC_MIN_SIZE_OF_DUID) || (OpLen > PXEBC_MAX_SIZE_OF_DUID)) { > + Status = EFI_INVALID_PARAMETER; > + goto ON_ERROR; > + } 2. Ensures that the amount of data written to the buffer is tracked and never exceeds that > + // > + // Check that the option length is valid. > + // > + if ((DiscoverLen + OpLen + PXEBC_COMBINED_SIZE_OF_OPT_CODE_AND_LEN) > DiscoverLenNeeded) { > + Status = EFI_OUT_OF_RESOURCES; > + goto ON_ERROR; > + } Additional code clean up and fix for memory leak in case Option was NULL Cc: Saloni Kasbekar <saloni.kasbekar@intel.com> Cc: Zachary Clark-williams <zachary.clark-williams@intel.com> Signed-off-by: Doug Flick [MSFT] <doug.edk2@gmail.com> Reviewed-by: Saloni Kasbekar <saloni.kasbekar@intel.com>
2024-02-06NetworkPkg: UefiPxeBcDxe: SECURITY PATCH CVE-2023-45234 Unit TestsDoug Flick5-0/+418
REF:https://bugzilla.tianocore.org/show_bug.cgi?id=4539 Unit tests to that the bug.. Buffer overflow when processing DNS Servers option in a DHCPv6 Advertise message ..has been patched This contains tests for the following functions: PxeBcHandleDhcp6Offer PxeBcCacheDnsServerAddresses Cc: Saloni Kasbekar <saloni.kasbekar@intel.com> Cc: Zachary Clark-williams <zachary.clark-williams@intel.com> Signed-off-by: Doug Flick [MSFT] <doug.edk2@gmail.com> Reviewed-by: Saloni Kasbekar <saloni.kasbekar@intel.com>
2024-02-06NetworkPkg: UefiPxeBcDxe: SECURITY PATCH CVE-2023-45234 PatchDoug Flick1-6/+65
REF:https://bugzilla.tianocore.org/show_bug.cgi?id=4539 Bug Details: PixieFail Bug #6 CVE-2023-45234 CVSS 8.3 : CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer Buffer overflow when processing DNS Servers option in a DHCPv6 Advertise message Change Overview: Introduces a function to cache the Dns Server and perform sanitizing on the incoming DnsServerLen to ensure that the length is valid > + EFI_STATUS > + PxeBcCacheDnsServerAddresses ( > + IN PXEBC_PRIVATE_DATA *Private, > + IN PXEBC_DHCP6_PACKET_CACHE *Cache6 > + ) Additional code cleanup Cc: Saloni Kasbekar <saloni.kasbekar@intel.com> Cc: Zachary Clark-williams <zachary.clark-williams@intel.com> Signed-off-by: Doug Flick [MSFT] <doug.edk2@gmail.com> Reviewed-by: Saloni Kasbekar <saloni.kasbekar@intel.com>
2024-02-06NetworkPkg: Ip6Dxe: SECURITY PATCH CVE-2023-45232 Unit TestsDoug Flick3-4/+324
REF:https://bugzilla.tianocore.org/show_bug.cgi?id=4537 REF:https://bugzilla.tianocore.org/show_bug.cgi?id=4538 Unit tests to confirm that.. Infinite loop when parsing unknown options in the Destination Options header and Infinite loop when parsing a PadN option in the Destination Options header ... have been patched This patch tests the following functions: Ip6IsOptionValid Cc: Saloni Kasbekar <saloni.kasbekar@intel.com> Cc: Zachary Clark-williams <zachary.clark-williams@intel.com> Signed-off-by: Doug Flick [MSFT] <doug.edk2@gmail.com> Reviewed-by: Saloni Kasbekar <saloni.kasbekar@intel.com>
2024-02-06NetworkPkg: Ip6Dxe: SECURITY PATCH CVE-2023-45232 PatchDoug Flick3-11/+171
REF:https://bugzilla.tianocore.org/show_bug.cgi?id=4537 REF:https://bugzilla.tianocore.org/show_bug.cgi?id=4538 Bug Details: PixieFail Bug #4 CVE-2023-45232 CVSS 7.5 : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop') Infinite loop when parsing unknown options in the Destination Options header PixieFail Bug #5 CVE-2023-45233 CVSS 7.5 : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop') Infinite loop when parsing a PadN option in the Destination Options header Change Overview: Most importantly this change corrects the following incorrect math and cleans up the code. > // It is a PadN option > // > - Offset = (UINT8)(Offset + *(Option + Offset + 1) + 2); > + OptDataLen = ((EFI_IP6_OPTION *)(Option + Offset))->Length; > + Offset = IP6_NEXT_OPTION_OFFSET (Offset, OptDataLen); > case Ip6OptionSkip: > - Offset = (UINT8)(Offset + *(Option + Offset + 1)); > OptDataLen = ((EFI_IP6_OPTION *)(Option + Offset))->Length; > Offset = IP6_NEXT_OPTION_OFFSET (Offset, OptDataLen); Additionally, this change also corrects incorrect math where the calling function was calculating the HDR EXT optionLen as a uint8 instead of a uint16 > - OptionLen = (UINT8)((*Option + 1) * 8 - 2); > + OptionLen = IP6_HDR_EXT_LEN (*Option) - IP6_COMBINED_SIZE_OF_NEXT_HDR_AND_LEN; Additionally this check adds additional logic to santize the incoming data Cc: Saloni Kasbekar <saloni.kasbekar@intel.com> Cc: Zachary Clark-williams <zachary.clark-williams@intel.com> Signed-off-by: Doug Flick [MSFT] <doug.edk2@gmail.com> Reviewed-by: Saloni Kasbekar <saloni.kasbekar@intel.com>
2024-02-06NetworkPkg: Ip6Dxe: SECURITY PATCH CVE-2023-45231 Unit TestsDoug Flick4-0/+192
REF:https://bugzilla.tianocore.org/show_bug.cgi?id=4536 Validates that the patch for... Out-of-bounds read when handling a ND Redirect message with truncated options .. has been fixed Tests the following function to ensure that an out of bounds read does not occur Ip6OptionValidation Cc: Saloni Kasbekar <saloni.kasbekar@intel.com> Cc: Zachary Clark-williams <zachary.clark-williams@intel.com> Signed-off-by: Doug Flick [MSFT] <doug.edk2@gmail.com> Reviewed-by: Saloni Kasbekar <saloni.kasbekar@intel.com>
2024-02-06NetworkPkg: Ip6Dxe: SECURITY PATCH CVE-2023-45231 PatchDoug Flick1-0/+8
REF:https://bugzilla.tianocore.org/show_bug.cgi?id=4536 Bug Overview: PixieFail Bug #3 CVE-2023-45231 CVSS 6.5 : CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CWE-125 Out-of-bounds Read Out-of-bounds read when handling a ND Redirect message with truncated options Change Overview: Adds a check to prevent truncated options from being parsed + // + // Cannot process truncated options. + // Cannot process options with a length of 0 as there is no Type field. + // + if (OptionLen < sizeof (IP6_OPTION_HEADER)) { + return FALSE; + } Cc: Saloni Kasbekar <saloni.kasbekar@intel.com> Cc: Zachary Clark-williams <zachary.clark-williams@intel.com> Signed-off-by: Doug Flick [MSFT] <doug.edk2@gmail.com> Reviewed-by: Saloni Kasbekar <saloni.kasbekar@intel.com>
2024-02-06NetworkPkg: Dhcp6Dxe: SECURITY PATCH CVE-2023-45229 Unit TestsDoug Flick via groups.io5-3/+424
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4534 These tests confirm that the report bug... "Out-of-bounds read when processing IA_NA/IA_TA options in a DHCPv6 Advertise message" ..has been patched. The following functions are tested to confirm an out of bounds read is patched and that the correct statuses are returned: Dhcp6SeekInnerOptionSafe Dhcp6SeekStsOption TCBZ4534 CVE-2023-45229 CVSS 6.5 : CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CWE-125 Out-of-bounds Read Cc: Saloni Kasbekar <saloni.kasbekar@intel.com> Cc: Zachary Clark-williams <zachary.clark-williams@intel.com> Signed-off-by: Doug Flick [MSFT] <doug.edk2@gmail.com> Reviewed-by: Saloni Kasbekar <saloni.kasbekar@intel.com>
2024-02-06NetworkPkg: Dhcp6Dxe: SECURITY PATCH CVE-2023-45229 PatchDoug Flick via groups.io2-85/+256
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4534 Bug Details: PixieFail Bug #1 CVE-2023-45229 CVSS 6.5 : CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CWE-125 Out-of-bounds Read Change Overview: Introduce Dhcp6SeekInnerOptionSafe which performs checks before seeking the Inner Option from a DHCP6 Option. > > EFI_STATUS > Dhcp6SeekInnerOptionSafe ( > IN UINT16 IaType, > IN UINT8 *Option, > IN UINT32 OptionLen, > OUT UINT8 **IaInnerOpt, > OUT UINT16 *IaInnerLen > ); > Lots of code cleanup to improve code readability. Cc: Saloni Kasbekar <saloni.kasbekar@intel.com> Cc: Zachary Clark-williams <zachary.clark-williams@intel.com> Signed-off-by: Doug Flick [MSFT] <doug.edk2@gmail.com> Reviewed-by: Saloni Kasbekar <saloni.kasbekar@intel.com>
2024-02-06NetworkPkg: Dhcp6Dxe: SECURITY PATCH CVE-2023-45230 Unit TestsDoug Flick via groups.io4-0/+542
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4535 Confirms that reported issue... "Buffer overflow in the DHCPv6 client via a long Server ID option" ..has been corrected by the provided patch. Tests the following functions to ensure they appropriately handle untrusted data (either too long or too small) to prevent a buffer overflow: Dhcp6AppendOption Dhcp6AppendETOption Dhcp6AppendIaOption Cc: Saloni Kasbekar <saloni.kasbekar@intel.com> Cc: Zachary Clark-williams <zachary.clark-williams@intel.com> Signed-off-by: Doug Flick [MSFT] <doug.edk2@gmail.com> Reviewed-by: Saloni Kasbekar <saloni.kasbekar@intel.com>
2024-02-06NetworkPkg: : Add Unit tests to CI and create Host Test DSCDoug Flick via groups.io2-1/+104
Adds Host Based testing to the NetworkPkg Cc: Saloni Kasbekar <saloni.kasbekar@intel.com> Cc: Zachary Clark-williams <zachary.clark-williams@intel.com> Signed-off-by: Doug Flick [MSFT] <doug.edk2@gmail.com> Reviewed-by: Saloni Kasbekar <saloni.kasbekar@intel.com>
2024-02-06NetworkPkg: Dhcp6Dxe: SECURITY PATCH CVE-2023-45230 PatchDoug Flick via groups.io4-239/+668
REF:https://bugzilla.tianocore.org/show_bug.cgi?id=4535 Bug Details: PixieFail Bug #2 CVE-2023-45230 CVSS 8.3 : CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer Changes Overview: > -UINT8 * > +EFI_STATUS > Dhcp6AppendOption ( > - IN OUT UINT8 *Buf, > - IN UINT16 OptType, > - IN UINT16 OptLen, > - IN UINT8 *Data > + IN OUT EFI_DHCP6_PACKET *Packet, > + IN OUT UINT8 **PacketCursor, > + IN UINT16 OptType, > + IN UINT16 OptLen, > + IN UINT8 *Data > ); Dhcp6AppendOption() and variants can return errors now. All callsites are adapted accordingly. It gets passed in EFI_DHCP6_PACKET as additional parameter ... > + // > + // Verify the PacketCursor is within the packet > + // > + if ( (*PacketCursor < Packet->Dhcp6.Option) > + || (*PacketCursor >= Packet->Dhcp6.Option + (Packet->Size - sizeof (EFI_DHCP6_HEADER)))) > + { > + return EFI_INVALID_PARAMETER; > + } ... so it can look at Packet->Size when checking buffer space. Also to allow Packet->Length updates. Lots of checks added. Cc: Saloni Kasbekar <saloni.kasbekar@intel.com> Cc: Zachary Clark-williams <zachary.clark-williams@intel.com> Signed-off-by: Doug Flick [MSFT] <doug.edk2@gmail.com> Reviewed-by: Saloni Kasbekar <saloni.kasbekar@intel.com>
2024-01-19NetworkPkg/Ip4Dxe: Fix Reset To DefaultAshish Singhal1-0/+25
Exercising reset to default does not reset the settings. Add handler code for the case where configuration is disabled. Signed-off-by: Ashish Singhal <ashishsingha@nvidia.com> Reviewed-by: Saloni Kasbekar <saloni.kasbekar@intel.com> Acked-by: Michael D Kinney <michael.d.kinney@intel.com>
2024-01-16NetworkPkg: RFC1323 definition changed to RFC7323Suqiang Ren2-2/+2
According to UEFI spec 2.10, the definition of RFC1323 has changed to RFC7323 on EFI_TCP6_OPTION. So align this change on NetworkPkg. REF: UEFI spec 2.10 section 28.2.5 Signed-off-by: Suqiang Ren <suqiangx.ren@intel.com> Cc: Saloni Kasbekar <saloni.kasbekar@intel.com> Cc: Zachary Clark-williams <zachary.clark-williams@intel.com> Reviewed-by: Saloni Kasbekar <saloni.kasbekar@intel.com>
2024-01-15NetworkPkg: Triger regularly scan only if not connect to APHeng Luo1-2/+2
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4605 When UEFI Wi-Fi is in BSS connected state, the platform is considered as a static and Wi-Fi roaming support is not needed. Wifi connection manager should not initiate Scan requests in this state affect BSS client connectivity and must be avoided. Triger regularly scan only if not connect to AP. Signed-off-by: Heng Luo <heng.luo@intel.com> Cc: Saloni Kasbekar <saloni.kasbekar@intel.com> Cc: Zachary Clark-williams <zachary.clark-williams@intel.com> Reviewed-by: Saloni Kasbekar <saloni.kasbekar@intel.com>
2024-01-10NetworkPkg/HttpDxe: Add HttpEventTlsConfigured HTTP callback eventAbner Chang3-3/+16
Add HttpEventTlsConfigured HTTP callback event and notify callback functions when TlsConfigureSession () returns. Signed-off-by: Abner Chang <abner.chang@amd.com> Cc: Saloni Kasbekar <saloni.kasbekar@intel.com> Cc: Zachary Clark-williams <zachary.clark-williams@intel.com> Cc: Michael Brown <mcb30@ipxe.org> Cc: Nickle Wang <nicklew@nvidia.com> Cc: Igor Kulchytskyy <igork@ami.com> Reviewed-by: Michael Brown <mcb30@ipxe.org> Reviewed-by: Saloni Kasbekar <saloni.kasbekar@intel.com>
2024-01-10NetworkPkg/HttpDxe: Consider TLS certificate not found as a success caseAbner Chang1-2/+15
We still return EFI_SUCCESS to the caller when TlsConfigCertificate returns error, for the use case the platform doesn't require certificate for the specific HTTP session. This ensures HttpInitSession function still initiated and returns EFI_SUCCESS to the caller. The failure is pushed back to TLS DXE driver if the HTTP communication actually requires certificate. Signed-off-by: Abner Chang <abner.chang@amd.com> Cc: Saloni Kasbekar <saloni.kasbekar@intel.com> Cc: Zachary Clark-williams <zachary.clark-williams@intel.com> Cc: Michael Brown <mcb30@ipxe.org> Cc: Nickle Wang <nicklew@nvidia.com> Cc: Igor Kulchytskyy <igork@ami.com> Reviewed-by: Michael Brown <mcb30@ipxe.org> Reviewed-by: Saloni Kasbekar <saloni.kasbekar@intel.com>
2024-01-10NetworkPkg/HttpDxe: Refactor TlsCreateChildAbner Chang5-65/+64
- Use HTTP instance as the parameter for TlsCreateChild function. - Install TLS protocol on the HTTP instance thats create TLS child. Signed-off-by: Abner Chang <abner.chang@amd.com> Cc: Saloni Kasbekar <saloni.kasbekar@intel.com> Cc: Zachary Clark-williams <zachary.clark-williams@intel.com> Cc: Michael Brown <mcb30@ipxe.org> Cc: Nickle Wang <nicklew@nvidia.com> Cc: Igor Kulchytskyy <igork@ami.com> Reviewed-by: Michael Brown <mcb30@ipxe.org> Reviewed-by: Saloni Kasbekar <saloni.kasbekar@intel.com>
2023-09-08NetworkPkg: Increase HTTP buffer size and enable TCP window scalingAndrei Otcheretianski3-25/+27
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4505 This gives something like ~3 fold throughput boost. Cc: Saloni Kasbekar <saloni.kasbekar@intel.com> Cc: Zachary Clark-williams <zachary.clark-williams@intel.com> Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com> Reviewed-by: Saloni Kasbekar <saloni.kasbekar@intel.com> Acked-by: Michael D Kinney <michael.d.kinney@intel.com>
2023-09-08MdeModulePkg: Duplicate BaseRngLibTimerLib to MdeModulePkgPierre Gondois1-2/+2
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4504 The BaseRngLibTimerLib allows to generate number based on a timer. This mechanism allows to have a basic non-secure implementation for non-production platforms. To bind and identify Random Number Generators implementations with a GUID, an unsafe GUID should be added. This GUID cannot be added to the MdePkg unless it is also added to a specification. To keep the MdePkg self-contained, copy the BaseRngLibTimerLib to the MdeModulePkg. This will allow to define an unsafe Rng GUID in a later patch in the MdeModulePkg. The MdePkg implementation will be removed later. This allows to give some time to platform owners to switch to the MdeModulePkg implementation. Signed-off-by: Pierre Gondois <pierre.gondois@arm.com> Reviewed-by: Sami Mujawar <sami.mujawar@arm.com> Acked-by: Ard Biesheuvel <ardb@kernel.org> Tested-by: Kun Qin <kun.qin@microsoft.com>
2023-07-20NetworkPkg/HttpDxe: fix driver binding start issue.devel@edk2.groups.io1-2/+11
When failure happens in HttpDxeStart, the error handling code release the memory buffer but it does not uninstall HTTP service binding protocol. As the result, application can still locate this protocol and invoke service binding functions in released memory pool. Cc: Maciej Rabeda <maciej.rabeda@linux.intel.com> Cc: Siyuan Fu <siyuan.fu@intel.com> Cc: Abner Chang <abner.chang@amd.com> Cc: Igor Kulchytskyy <igork@ami.com> Cc: Nick Ramirez <nramirez@nvidia.com> Signed-off-by: Nickle Wang <nicklew@nvidia.com> Reviewed-by: Saloni Kasbekar <saloni.kasbekar@intel.com> Acked-by: Michael D Kinney <michael.d.kinney@intel.com>
2023-06-28NetworkPkg: Correct the length of EAP Identity when in ASCII formatdevel@edk2.groups.io1-4/+17
FIX: https://bugzilla.tianocore.org/show_bug.cgi?id=4477 Tls connection fail over WiFi in AMT OCR flow due to invalid identity. This was due to missing conversion between unicode and ascii string which resulted in invalid strlen. Cc: Maciej Rabeda <maciej.rabeda@linux.intel.com> Cc: Zachary Clark-Williams <zachary.clark-williams@intel.com> Signed-off-by: Yi Li <yi1.li@intel.com> Reviewed-by: Zachary Clark-Williams <zachary.clark-williams@intel.com>
2023-04-10NetworkPkg: Update code to be more C11 compliant by using __func__Rebecca Cran2-10/+10
__FUNCTION__ is a pre-standard extension that gcc and Visual C++ among others support, while __func__ was standardized in C99. Since it's more standard, replace __FUNCTION__ with __func__ throughout NetworkPkg. Signed-off-by: Rebecca Cran <rebecca@bsdio.com> Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com> Reviewed-by: Ard Biesheuvel <ardb@kernel.org>
2023-04-03NetworkPkg: Fix conditionally uninitialized variablesMichael Kubacki2-1/+4
Fixes CodeQL alerts for CWE-457: https://cwe.mitre.org/data/definitions/457.html Cc: Erich McMillan <emcmillan@microsoft.com> Cc: Jiaxin Wu <jiaxin.wu@intel.com> Cc: Maciej Rabeda <maciej.rabeda@linux.intel.com> Cc: Michael D Kinney <michael.d.kinney@intel.com> Cc: Michael Kubacki <mikuback@linux.microsoft.com> Cc: Siyuan Fu <siyuan.fu@intel.com> Co-authored-by: Erich McMillan <emcmillan@microsoft.com> Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com> Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com> Reviewed-by: Oliver Smith-Denny <osd@smith-denny.com>
2023-01-10NetworkPkg: Add WiFi profile sync protocol supportZachary Clark-Williams8-73/+390
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3845 Enables KVM and One Click Recovery WLAN capability with WiFi Profile Sync feature and protocol. Adding WiFiProfileSyncProtocol, which supports the profilesync driver operations for transferring WiFi profiles from AMT to the Supplicant. WiFiConnectionManager will check for the WifiProfileSyncProtocol and if found will operate on the premise of a One Click Recovery, or KVM flow with a Wifi profile provided by AMT. Cc: Maciej Rabeda <maciej.rabeda@linux.intel.com> Cc: Wu Jiaxin <jiaxin.wu@intel.com> Cc: Andrei Otcheretianski <andrei.otcheretianski@intel.com> Signed-off-by: Zachary Clark-Williams <zachary.clark-williams@intel.com> Acked-by: Michael D Kinney <michael.d.kinney@intel.com> Reviewed-by: Jiaxin Wu <jiaxin.wu@intel.com>
2022-10-14NetworkPkg: Add LoongArch64 architecture.Chao Li1-1/+2
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4053 Add LoongArch64 architecture in to NetworkPkg. Cc: Maciej Rabeda <maciej.rabeda@linux.intel.com> Cc: Jiaxin Wu <jiaxin.wu@intel.com> Cc: Siyuan Fu <siyuan.fu@intel.com> Signed-off-by: Chao Li <lichao@loongson.cn> Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com>
2022-10-14NetworkPkg/HttpBootDxe: Add LOONGARCH64 architecture for EDK2 CI.Chao Li1-0/+3
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4053 Add LOONGARCH architecture for EDK2 CI testing. Cc: Maciej Rabeda <maciej.rabeda@linux.intel.com> Cc: Jiaxin Wu <jiaxin.wu@intel.com> Cc: Siyuan Fu <siyuan.fu@intel.com> Signed-off-by: Chao Li <lichao@loongson.cn> Reviewed-by: Jiaxin Wu <jiaxin.wu@intel.com>
2022-10-14NetworkPkg: Add LOONGARCH64 architecture for EDK2 CI.Chao Li1-1/+2
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4053 Add LOONGARCH64 architecture for EDK2 CI testing. Cc: Maciej Rabeda <maciej.rabeda@linux.intel.com> Cc: Jiaxin Wu <jiaxin.wu@intel.com> Cc: Siyuan Fu <siyuan.fu@intel.com> Signed-off-by: Chao Li <lichao@loongson.cn> Reviewed-by: Jiaxin Wu <jiaxin.wu@intel.com>
2022-09-09NetworkPkg/TcpDxe: Fix debug macro argumentsMichael Kubacki1-10/+2
Removes Status argument that is not needed from DEBUG macros. Cc: Maciej Rabeda <maciej.rabeda@linux.intel.com> Cc: Jiaxin Wu <jiaxin.wu@intel.com> Cc: Siyuan Fu <siyuan.fu@intel.com> Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com> Reviewed-by: Maciej Rabeda <maciej.rabeda@linux.intel.com>
2022-07-19NetworkPkg/HttpBootDxe: Add Support for HTTP Boot Basic AuthenticationSaloni Kasbekar4-4/+130
REF:https://bugzilla.tianocore.org/show_bug.cgi?id=2504 Add support for TLS Client Authentication using Basic Authentication for HTTP Boot Cc: Maciej Rabeda <maciej.rabeda@linux.intel.com> Cc: Wu Jiaxin <jiaxin.wu@intel.com> Cc: Siyuan Fu <siyuan.fu@intel.com> Signed-off-by: Saloni Kasbekar <saloni.kasbekar@intel.com> Reviewed-by: Maciej Rabeda <maciej.rabeda@linux.intel.com>
2022-07-01NetworkPkg: Add Wi-Fi Wpa3 support in WifiConnectManagerHeng Luo6-33/+119
https://bugzilla.tianocore.org/show_bug.cgi?id=3961 Add below Wpa3 support: WPA3-Personal: Ieee80211AkmSuiteSAE = 8 WPA3-Enterprise: Ieee80211AkmSuite8021XSuiteB = 11 Ieee80211AkmSuite8021XSuiteB192 = 12 Wi-Fi CERTIFIED Enhanced Open: Ieee80211AkmSuiteOWE = 18 Cc: Maciej Rabeda <maciej.rabeda@linux.intel.com> Cc: Fu Siyuan <siyuan.fu@intel.com> Cc: Wu Jiaxin <jiaxin.wu@intel.com> Signed-off-by: Heng Luo <heng.luo@intel.com>
2022-05-13NetworkPkg: Remove RVCT supportRebecca Cran1-2/+1
RVCT is obsolete and no longer used. Remove support for it. Signed-off-by: Rebecca Cran <quic_rcran@quicinc.com> Reviewed-by: Ard Biesheuvel <ardb@kernel.org>
2022-04-11NetworkPkg/HttpDxe: Detect HTTP/1.0 serversOliver Steffen1-0/+8
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2720 Force connection close before the next request if the server identifies as version 1.0. Signed-off-by: Oliver Steffen <osteffen@redhat.com> Reviewed-by: Maciej Rabeda <maciej.rabeda@linux.intel.com> Reviewed-by: Gerd Hoffmann <kraxel@redhat.com>
2022-04-11NetworkPkg/HttpDxe: Detect 'Connection: close' headerOliver Steffen1-0/+11
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2720 Force connection close before the next request if the server sends the 'Connection: close' header. Signed-off-by: Oliver Steffen <osteffen@redhat.com> Reviewed-by: Maciej Rabeda <maciej.rabeda@linux.intel.com> Reviewed-by: Gerd Hoffmann <kraxel@redhat.com>
2022-04-11NetworkPkg/HttpDxe: Add ConnectionClose flag fo HTTP_PROTOCOLOliver Steffen2-1/+7
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2720 Add ConnectionClose flag to HTTP_PROTOCOL. This boolean is FALSE by default. If set to TRUE, a reconfigure of the Http instance is forced on the next request. The flag is then reset. Signed-off-by: Oliver Steffen <osteffen@redhat.com> Reviewed-by: Maciej Rabeda <maciej.rabeda@linux.intel.com> Reviewed-by: Gerd Hoffmann <kraxel@redhat.com>
2022-04-11NetworkPkg/HttpDxe: Decofigure Tcp6 before reconfiguringOliver Steffen1-0/+12
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2720 Check if the state of the HTTP instance is HTTP_STATE_TCP_CONNECTED, or HTTP_STATE_TCP_CLOSED and de-configure the Tcp6 instance before configuring it again. Signed-off-by: Oliver Steffen <osteffen@redhat.com> Reviewed-by: Maciej Rabeda <maciej.rabeda@linux.intel.com> Reviewed-by: Gerd Hoffmann <kraxel@redhat.com>
2022-04-11NetworkPkg/HttpDxe: Decofigure Tcp4 before reconfiguringOliver Steffen1-0/+12
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2720 Check if the state of the HTTP instance is HTTP_STATE_TCP_CONNECTED, or HTTP_STATE_TCP_CLOSED and de-configure the Tcp4 instance before configuring it again. Signed-off-by: Oliver Steffen <osteffen@redhat.com> Reviewed-by: Maciej Rabeda <maciej.rabeda@linux.intel.com> Reviewed-by: Gerd Hoffmann <kraxel@redhat.com>
2022-04-11NetworkPkg: Add PCDs for HTTP DNS RetryCount and RetryIntervalHeng Luo4-0/+26
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3889 Currently the HTTP DNS Retry Interval is 2 second and no retry attempt. If DNS response can't arrive in 2 second, the DNS request is failed, and then HTTP boot is failed. In order to resolve this issue, Add PCDs to support RetryCount and RetryInterval configured in Platform. Cc: Maciej Rabeda <maciej.rabeda@linux.intel.com> Cc: Fu Siyuan <siyuan.fu@intel.com> Cc: Wu Jiaxin <jiaxin.wu@intel.com> Signed-off-by: Heng Luo <heng.luo@intel.com> Reviewed-by: Maciej Rabeda <maciej.rabeda@linux.intel.com>
2022-02-21NetworkPkg: Fix incorrect unicode string of the AKM/Cipher Suiteedk2-stable202202Heng Luo1-4/+12
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3813 The size of buffer should be 3 CHAR16 for Null-terminated Unicode string. The first char is the AKM/Cipher Suite number, the second char is ' ', the third char is '\0'. Cc: Maciej Rabeda <maciej.rabeda@linux.intel.com> Cc: Fu Siyuan <siyuan.fu@intel.com> Cc: Wu Jiaxin <jiaxin.wu@intel.com> Signed-off-by: Heng Luo <heng.luo@intel.com> Reviewed-by: Maciej Rabeda <maciej.rabeda@linux.intel.com>
2022-01-29NetworkPkg: Add the missing VariablePolicyHelperLib in NetworkPkg.dscLiming Gao1-0/+1
This change is required by f4b7b473b4afd0093768905529bfae09a2061d41. Signed-off-by: Liming Gao <gaoliming@byosoft.com.cn> Cc: Maciej Rabeda <maciej.rabeda@linux.intel.com> Cc: Jiaxin Wu <jiaxin.wu@intel.com> Cc: Siyuan Fu <siyuan.fu@intel.com>
2021-12-07NetworkPkg: Apply uncrustify changesMichael Kubacki294-30386/+29834
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3737 Apply uncrustify changes to .c/.h files in the NetworkPkg package Cc: Andrew Fish <afish@apple.com> Cc: Leif Lindholm <leif@nuviainc.com> Cc: Michael D Kinney <michael.d.kinney@intel.com> Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com> Reviewed-by: Maciej Rabeda <maciej.rabeda@linux.intel.com>
2021-12-07NetworkPkg: Change complex DEBUG_CODE() to DEBUG_CODE_BEGIN/END()Michael D Kinney3-8/+8
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3767 Update use of DEBUG_CODE(Expression) if Expression is a complex code block with if/while/for/case statements that use {}. Cc: Andrew Fish <afish@apple.com> Cc: Leif Lindholm <leif@nuviainc.com> Cc: Michael Kubacki <michael.kubacki@microsoft.com> Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com> Reviewed-by: Maciej Rabeda <maciej.rabeda@linux.intel.com>
2021-12-07NetworkPkg: Change OPTIONAL keyword usage styleMichael D Kinney26-50/+45
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3760 Update all use of ', OPTIONAL' to ' OPTIONAL,' for function params. Cc: Andrew Fish <afish@apple.com> Cc: Leif Lindholm <leif@nuviainc.com> Cc: Michael Kubacki <michael.kubacki@microsoft.com> Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com> Reviewed-by: Maciej Rabeda <maciej.rabeda@linux.intel.com>
2021-12-07NetworkPkg: Change use of EFI_D_* to DEBUG_*Michael D Kinney42-286/+274
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3739 Update all use of EFI_D_* defines in DEBUG() macros to DEBUG_* defines. Cc: Andrew Fish <afish@apple.com> Cc: Leif Lindholm <leif@nuviainc.com> Cc: Michael Kubacki <michael.kubacki@microsoft.com> Signed-off-by: Michael D Kinney <michael.d.kinney@intel.com> Reviewed-by: Maciej Rabeda <maciej.rabeda@linux.intel.com>