From nobody Sat May 4 17:07:48 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of groups.io designates 66.175.222.12 as permitted sender) client-ip=66.175.222.12; envelope-from=bounce+27952+43919+1787277+3901457@groups.io; helo=web01.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zoho.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+43919+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1563432541; cv=none; d=zoho.com; s=zohoarc; b=lQDBTCl52QONIjTXrqaJa7rtvo7CAXpB0CGHBIa6jCEzjQgwcNm8EZPPjv7R/8uKUqbe0opTSDME0FK2sKbhHu4v7b9c68Ve75rgMzpGIPjjPlFvkb1+25dOAL19cuvysc6GHlspmE3KKnHtvXlLMm9mOsAg6TSGs03D7WYkJPY= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com; s=zohoarc; t=1563432541; h=Cc:Date:From:List-Id:List-Unsubscribe:Message-ID:Reply-To:Sender:Subject:To:ARC-Authentication-Results; bh=6ssPZTscUmeafXdeL2YcsxLBt98OvHxt5R5wv6k3BSA=; b=n9FOtzAQveI53aOmuZr6zuKqzuS0DlYQLHXqJ68UhMaODAGGmdwIzrlkrsRhRmWg5ee8eOk8sAh42G7/uI6McIE6y2KKK8CBUVsoiJ5f0xBc8yZ1FPf99U+S6i+6IhNojW+O0Q+wB63IAReEvWXf67Wg599WFRD2/N7a/hzpFRA= ARC-Authentication-Results: i=1; mx.zoho.com; dkim=pass; spf=pass (zoho.com: domain of groups.io designates 66.175.222.12 as permitted sender) smtp.mailfrom=bounce+27952+43919+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) header.from= Received: from web01.groups.io (web01.groups.io [66.175.222.12]) by mx.zohomail.com with SMTPS id 1563432541189709.7614951065054; Wed, 17 Jul 2019 23:49:01 -0700 (PDT) Return-Path: X-Received: from mga07.intel.com (mga07.intel.com [134.134.136.100]) by groups.io with SMTP; Wed, 17 Jul 2019 23:49:00 -0700 X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False X-Received: from orsmga008.jf.intel.com ([10.7.209.65]) by orsmga105.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 17 Jul 2019 23:48:59 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.64,276,1559545200"; d="scan'208";a="161985959" X-Received: from nldesimo-desk1.amr.corp.intel.com ([10.7.159.63]) by orsmga008.jf.intel.com with ESMTP; 17 Jul 2019 23:48:59 -0700 From: "Nate DeSimone" To: devel@edk2.groups.io Cc: Chasel Chiu , Michael A Kubacki , Sai Chaganty Subject: [edk2-devel] [edk2-platforms] [PATCH v2] KabylakeSiliconPkg: Possible out-of-bounds memory writes Date: Wed, 17 Jul 2019 23:48:34 -0700 Message-Id: <20190718064834.18100-1-nathaniel.l.desimone@intel.com> Precedence: Bulk List-Unsubscribe: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,nathaniel.l.desimone@intel.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1563432540; bh=+5jox+CaXmA6/RotBMXQ0nVyPuLRdj1X1l/3tD26zOI=; h=Cc:Date:From:Reply-To:Subject:To; b=NKUGKAeljJaYrQLXUQi3ofrL6+O1hg5qVZdnfC4XeePzDa9ONdY6Iao6EzStu4UKnHq Dt9wqKZaK7uQ50u64bSVNWCY5t+vhfp2KxuNfFzZY0llA4jTvAa26eJw0/tjxYHMdCi7X nKhQlzfRmLRoUZQHh75pKDmEP7iw3S+f0Vo= X-ZohoMail-DKIM: pass (identity @groups.io) Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" - Add check for the DSDT not existing. - Fixed logic errors in loop boundary check. Cc: Chasel Chiu Cc: Michael A Kubacki Cc: Sai Chaganty Co-authored-by: John Mathews Signed-off-by: Nate DeSimone Reviewed-by: Chasel Chiu Reviewed-by: Sai Chaganty =20 --- .../Library/DxeAslUpdateLib/DxeAslUpdateLib.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/Silicon/Intel/KabylakeSiliconPkg/Library/DxeAslUpdateLib/DxeAs= lUpdateLib.c b/Silicon/Intel/KabylakeSiliconPkg/Library/DxeAslUpdateLib/Dxe= AslUpdateLib.c index e6ab43db6d..87c6b15ed2 100644 --- a/Silicon/Intel/KabylakeSiliconPkg/Library/DxeAslUpdateLib/DxeAslUpdate= Lib.c +++ b/Silicon/Intel/KabylakeSiliconPkg/Library/DxeAslUpdateLib/DxeAslUpdate= Lib.c @@ -6,7 +6,7 @@ =20 This library uses the ACPI Support protocol. =20 -Copyright (c) 2017, Intel Corporation. All rights reserved.
+Copyright (c) 2017 - 2019, Intel Corporation. All rights reserved.
SPDX-License-Identifier: BSD-2-Clause-Patent =20 **/ @@ -59,6 +59,7 @@ InitializeAslUpdateLib ( @param[in] Length - length of data to be overwritten =20 @retval EFI_SUCCESS - The function completed successfully. + @retval EFI_NOT_FOUND - Failed to locate AcpiTable. **/ EFI_STATUS UpdateNameAslCode ( @@ -72,6 +73,7 @@ UpdateNameAslCode ( UINT8 *CurrPtr; UINT32 *Signature; UINT8 *DsdtPointer; + UINT8 *EndPointer; UINTN Handle; UINT8 DataSize; =20 @@ -99,11 +101,15 @@ UpdateNameAslCode ( /// Point to the beginning of the DSDT table /// CurrPtr =3D (UINT8 *) Table; + if (CurrPtr =3D=3D NULL) { + return EFI_NOT_FOUND; + } =20 /// /// Loop through the ASL looking for values that we must fix up. /// - for (DsdtPointer =3D CurrPtr; DsdtPointer <=3D (CurrPtr + ((EFI_ACPI_COM= MON_HEADER *) CurrPtr)->Length); DsdtPointer++) { + EndPointer =3D CurrPtr + ((EFI_ACPI_COMMON_HEADER *) CurrPtr)->Length; + for (DsdtPointer =3D CurrPtr; DsdtPointer < EndPointer; DsdtPointer++) { /// /// Get a pointer to compare for signature /// --=20 2.17.1.windows.2 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#43919): https://edk2.groups.io/g/devel/message/43919 Mute This Topic: https://groups.io/mt/32512569/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-