[PATCH v2 1/2] hw/smbios: Fix OEM strings table option validation

Akihiko Odaki posted 2 patches 10 months ago
Maintainers: "Michael S. Tsirkin" <mst@redhat.com>, Igor Mammedov <imammedo@redhat.com>, Ani Sinha <anisinha@redhat.com>
[PATCH v2 1/2] hw/smbios: Fix OEM strings table option validation
Posted by Akihiko Odaki 10 months ago
qemu_smbios_type11_opts did not have the list terminator and that
resulted in out-of-bound memory access. It also needs to have an element
for the type option.

Cc: qemu-stable@nongnu.org
Fixes: 2d6dcbf93fb0 ("smbios: support setting OEM strings table")
Signed-off-by: Akihiko Odaki <akihiko.odaki@daynix.com>
Reviewed-by: Michael Tokarev <mjt@tls.msk.ru>
---
 hw/smbios/smbios.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/hw/smbios/smbios.c b/hw/smbios/smbios.c
index 2a90601ac5d9..522ed1ed9fe3 100644
--- a/hw/smbios/smbios.c
+++ b/hw/smbios/smbios.c
@@ -369,6 +369,11 @@ static const QemuOptDesc qemu_smbios_type8_opts[] = {
 };
 
 static const QemuOptDesc qemu_smbios_type11_opts[] = {
+    {
+        .name = "type",
+        .type = QEMU_OPT_NUMBER,
+        .help = "SMBIOS element type",
+    },
     {
         .name = "value",
         .type = QEMU_OPT_STRING,
@@ -379,6 +384,7 @@ static const QemuOptDesc qemu_smbios_type11_opts[] = {
         .type = QEMU_OPT_STRING,
         .help = "OEM string data from file",
     },
+    { /* end of list */ }
 };
 
 static const QemuOptDesc qemu_smbios_type17_opts[] = {

-- 
2.43.0
Re: [PATCH v2 1/2] hw/smbios: Fix OEM strings table option validation
Posted by Ani Sinha 10 months ago

> On 29-Jan-2024, at 13:33, Akihiko Odaki <akihiko.odaki@daynix.com> wrote:
> 
> qemu_smbios_type11_opts did not have the list terminator and that
> resulted in out-of-bound memory access. It also needs to have an element
> for the type option.
> 
> Cc: qemu-stable@nongnu.org
> Fixes: 2d6dcbf93fb0 ("smbios: support setting OEM strings table")
> Signed-off-by: Akihiko Odaki <akihiko.odaki@daynix.com>
> Reviewed-by: Michael Tokarev <mjt@tls.msk.ru>

Reviewed-by: Ani Sinha <anisinha@redhat.com>
> ---
> hw/smbios/smbios.c | 6 ++++++
> 1 file changed, 6 insertions(+)
> 
> diff --git a/hw/smbios/smbios.c b/hw/smbios/smbios.c
> index 2a90601ac5d9..522ed1ed9fe3 100644
> --- a/hw/smbios/smbios.c
> +++ b/hw/smbios/smbios.c
> @@ -369,6 +369,11 @@ static const QemuOptDesc qemu_smbios_type8_opts[] = {
> };
> 
> static const QemuOptDesc qemu_smbios_type11_opts[] = {
> +    {
> +        .name = "type",
> +        .type = QEMU_OPT_NUMBER,
> +        .help = "SMBIOS element type",
> +    },
>     {
>         .name = "value",
>         .type = QEMU_OPT_STRING,
> @@ -379,6 +384,7 @@ static const QemuOptDesc qemu_smbios_type11_opts[] = {
>         .type = QEMU_OPT_STRING,
>         .help = "OEM string data from file",
>     },
> +    { /* end of list */ }
> };
> 
> static const QemuOptDesc qemu_smbios_type17_opts[] = {
> 
> -- 
> 2.43.0
>