From 24a4a1d62ae749c197f36d72f645c7142f368e6a Mon Sep 17 00:00:00 2001 From: Laszlo Ersek Date: Mon, 2 Dec 2019 12:32:00 +0100 Subject: [PATCH 7/9] NetworkPkg/TlsDxe: Add the support of host validation to TlsDxe driver (CVE-2019-14553) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit RH-Author: Laszlo Ersek Message-id: <20191117220052.15700-8-lersek@redhat.com> Patchwork-id: 92456 O-Subject: [RHEL-8.2.0 edk2 PATCH 7/9] NetworkPkg/TlsDxe: Add the support of host validation to TlsDxe driver (CVE-2019-14553) Bugzilla: 1536624 RH-Acked-by: Philippe Mathieu-Daudé RH-Acked-by: Vitaly Kuznetsov From: "Wu, Jiaxin" REF: https://bugzilla.tianocore.org/show_bug.cgi?id=960 CVE: CVE-2019-14553 The new data type named "EfiTlsVerifyHost" and the EFI_TLS_VERIFY_HOST_FLAG are supported in TLS protocol. Signed-off-by: Wu Jiaxin Reviewed-by: Ye Ting Reviewed-by: Long Qin Reviewed-by: Fu Siyuan Acked-by: Laszlo Ersek Message-Id: <20190927034441.3096-4-Jiaxin.wu@intel.com> Cc: David Woodhouse Cc: Jian J Wang Cc: Jiaxin Wu Cc: Sivaraman Nainar Cc: Xiaoyu Lu Signed-off-by: Laszlo Ersek (cherry picked from commit 703e7ab21ff8fda9ababf7751d59bd28ad5da947) --- NetworkPkg/TlsDxe/TlsProtocol.c | 44 ++++++++++++++++++++++++++++++++++++++--- 1 file changed, 41 insertions(+), 3 deletions(-) diff --git a/NetworkPkg/TlsDxe/TlsProtocol.c b/NetworkPkg/TlsDxe/TlsProtocol.c index a7a993f..001e540 100644 --- a/NetworkPkg/TlsDxe/TlsProtocol.c +++ b/NetworkPkg/TlsDxe/TlsProtocol.c @@ -1,7 +1,7 @@ /** @file Implementation of EFI TLS Protocol Interfaces. - Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.
+ Copyright (c) 2016 - 2018, Intel Corporation. All rights reserved.
SPDX-License-Identifier: BSD-2-Clause-Patent @@ -56,12 +56,16 @@ TlsSetSessionData ( UINT16 *CipherId; CONST EFI_TLS_CIPHER *TlsCipherList; UINTN CipherCount; + CONST EFI_TLS_VERIFY_HOST *TlsVerifyHost; + EFI_TLS_VERIFY VerifyMethod; + UINTN VerifyMethodSize; UINTN Index; EFI_TPL OldTpl; - Status = EFI_SUCCESS; - CipherId = NULL; + Status = EFI_SUCCESS; + CipherId = NULL; + VerifyMethodSize = sizeof (EFI_TLS_VERIFY); if (This == NULL || Data == NULL || DataSize == 0) { return EFI_INVALID_PARAMETER; @@ -149,6 +153,40 @@ TlsSetSessionData ( TlsSetVerify (Instance->TlsConn, *((UINT32 *) Data)); break; + case EfiTlsVerifyHost: + if (DataSize != sizeof (EFI_TLS_VERIFY_HOST)) { + Status = EFI_INVALID_PARAMETER; + goto ON_EXIT; + } + + TlsVerifyHost = (CONST EFI_TLS_VERIFY_HOST *) Data; + + if ((TlsVerifyHost->Flags & EFI_TLS_VERIFY_FLAG_ALWAYS_CHECK_SUBJECT) != 0 && + (TlsVerifyHost->Flags & EFI_TLS_VERIFY_FLAG_NEVER_CHECK_SUBJECT) != 0) { + Status = EFI_INVALID_PARAMETER; + goto ON_EXIT; + } + + if ((TlsVerifyHost->Flags & EFI_TLS_VERIFY_FLAG_NO_WILDCARDS) != 0 && + ((TlsVerifyHost->Flags & EFI_TLS_VERIFY_FLAG_NO_PARTIAL_WILDCARDS) != 0 || + (TlsVerifyHost->Flags & EFI_TLS_VERIFY_FLAG_MULTI_LABEL_WILDCARDS) != 0)) { + Status = EFI_INVALID_PARAMETER; + goto ON_EXIT; + } + + Status = This->GetSessionData (This, EfiTlsVerifyMethod, &VerifyMethod, &VerifyMethodSize); + if (EFI_ERROR (Status)) { + goto ON_EXIT; + } + + if ((VerifyMethod & EFI_TLS_VERIFY_PEER) == 0) { + Status = EFI_INVALID_PARAMETER; + goto ON_EXIT; + } + + Status = TlsSetVerifyHost (Instance->TlsConn, TlsVerifyHost->Flags, TlsVerifyHost->HostName); + + break; case EfiTlsSessionID: if (DataSize != sizeof (EFI_TLS_SESSION_ID)) { Status = EFI_INVALID_PARAMETER; -- 1.8.3.1