NetworkPkg/ArpDxe: Recycle invalid ARP packets (CVE-2019-14559)
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=2031 This patch triggers the RecycleEvent for invalid ARP packets. Prior to this, we would just ignore invalid ARP packets, and never free them. Cc: Jiaxin Wu <firstname.lastname@example.org> Cc: Maciej Rabeda <email@example.com> Cc: Siyuan Fu <firstname.lastname@example.org> Signed-off-by: Nicholas Armour <email@example.com> Reviewed-by: Siyuan Fu <firstname.lastname@example.org>
|1 day ago|
|.azurepipelines||2 weeks ago|
|.mergify||3 months ago|
|.pytool||2 weeks ago|
|ArmPkg||1 month ago|
|ArmPlatformPkg||2 weeks ago|
|ArmVirtPkg||1 month ago|
|BaseTools||1 week ago|
|Conf||9 months ago|
|CryptoPkg||2 days ago|
|DynamicTablesPkg||4 months ago|
|EmbeddedPkg||1 week ago|
|EmulatorPkg||1 week ago|
|FatPkg||1 week ago|
|FmpDevicePkg||1 week ago|
|IntelFsp2Pkg||1 week ago|
|IntelFsp2WrapperPkg||2 months ago|
|MdeModulePkg||3 days ago|
|MdePkg||1 week ago|
|NetworkPkg||1 day ago|
|OvmfPkg||1 week ago|
|PcAtChipsetPkg||1 week ago|
|SecurityPkg||3 days ago|
|ShellPkg||2 days ago|
|SignedCapsulePkg||1 week ago|
|SourceLevelDebugPkg||1 week ago|
|StandaloneMmPkg||1 week ago|
|UefiCpuPkg||3 days ago|
|UefiPayloadPkg||1 month ago|
|UnitTestFrameworkPkg||1 week ago|
|.gitignore||3 months ago|
|.gitmodules||2 weeks ago|
|.mailmap||1 month ago|
|License-History.txt||10 months ago|
|License.txt||10 months ago|
|Maintainers.txt||4 days ago|
|Readme.md||3 months ago|
|edksetup.bat||1 month ago|
|edksetup.sh||7 months ago|
|pip-requirements.txt||3 months ago|
A modern, feature-rich, cross-platform firmware development environment for the UEFI and PI specifications from www.uefi.org.
|Host Type||Toolchain||Branch||Build Status||Test Status||Code Coverage|
The majority of the content in the EDK II open source project uses a BSD-2-Clause Plus Patent License. The EDK II open source project contains the following components that are covered by additional licenses:
The EDK II Project is composed of packages. The maintainers for each package are listed in Maintainers.txt.
To make a contribution to a TianoCore project, follow these steps.
Create a change description in the format specified below to use in the source control commit log.
Your commit message must include your
Submit your code to the TianoCore project using the process that the project documents on its web page. If the process is not documented, then submit the code on development email list for the project.
It is preferred that contributions are submitted using the same copyright license as the base project. When that is not possible, then contributions using the following licenses can be accepted:
Contributions of code put into the public domain can also be accepted.
Contributions using other licenses might be accepted, but further review will be required.
Your change description should use the standard format for a
commit message, and must include your
In order to keep track of who did what, all patches contributed must include a statement that to the best of the contributor's knowledge they have the right to contribute it under the specified license.
The test for this is as specified in the Developer's Certificate of Origin (DCO) 1.1. The contributor certifies compliance by adding a line saying
Signed-off-by: Developer Name email@example.com
Developer Name is the contributor's real name, and the email
address is one the developer is reachable through at the time of
Developer's Certificate of Origin 1.1 By making a contribution to this project, I certify that: (a) The contribution was created in whole or in part by me and I have the right to submit it under the open source license indicated in the file; or (b) The contribution is based upon previous work that, to the best of my knowledge, is covered under an appropriate open source license and I have the right under that license to submit that work with modifications, whether created in whole or in part by me, under the same open source license (unless I am permitted to submit under a different license), as indicated in the file; or (c) The contribution was provided directly to me by some other person who certified (a), (b) or (c) and I have not modified it. (d) I understand and agree that this project and the contribution are public and that a record of the contribution (including all personal information I submit with it, including my sign-off) is maintained indefinitely and may be redistributed consistent with this project or the open source license(s) involved.
From: Contributor Name <firstname.lastname@example.org> Subject: [Repository/Branch PATCH] Pkg-Module: Brief-single-line-summary Full-commit-message Signed-off-by: Contributor Name <email@example.com>
[Repository/Branch PATCH]. The remaining portion of the commit message is the email's content.
git format-patchis one way to create this format
Repositoryis the identifier of the repository the patch applies. This identifier should only be provided for repositories other than
edk2. For example
Branchis the identifier of the branch the patch applies. This identifier should only be provided for branches other than
edk2/master. For example
Moduleis a short identifier for the affected code or documentation. For example
EDK II INF File Format.
Brief-single-line-summaryis a short summary of the change.
Full-commit-messagea verbose multiple line comment describing the change. Each line should be less than ~70 characters.
Signed-off-byis the contributor's signature identifying them by their real/legal name and their email address.
Submodule in EDK II is allowed but submodule chain should be avoided as possible as we can. Currently EDK II contains the following submodules
ArmSoftFloatLib is actually required by OpensslLib. It's inevitable in openssl-1.1.1 (since stable201905) for floating point parameter conversion, but should be dropped once there's no such need in future release of openssl.
To get a full, buildable EDK II repository, use following steps of git command
$ git clone https://github.com/tianocore/edk2.git $ cd edk2 $ git submodule update --init $ cd ..
If there's update for submodules, use following git commands to get the latest submodules code.
$ cd edk2 $ git pull $ git submodule update
Note: When cloning submodule repos, ‘--recursive’ option is not recommended. EDK II itself will not use any code/feature from submodules in above submodules. So using ‘--recursive’ adds a dependency on being able to reach servers we do not actually want any code from, as well as needlessly downloading code we will not use.