From mboxrd@z Thu Jan 1 00:00:00 1970 Authentication-Results: mx.groups.io; dkim=pass header.i=@armh.onmicrosoft.com header.s=selector2-armh-onmicrosoft-com header.b=YF1MPyUY; spf=pass (domain: arm.com, ip: 40.107.14.82, mailfrom: krzysztof.koch@arm.com) Received: from EUR01-VE1-obe.outbound.protection.outlook.com (EUR01-VE1-obe.outbound.protection.outlook.com [40.107.14.82]) by groups.io with SMTP; Thu, 11 Jul 2019 23:53:23 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=n2oDnsUw0XPfMlqZRd6uwatkAT0FA+JGYtH6GhSNeMY=; b=YF1MPyUYjQgNwn12PHhxcCMXQmrQEsH2kNkizUa4YS/VoYji082eE6HERKNvoUYhGHkbp/2YnoFzyep4cbYUxJ2PH6UOwhk1LhBNa4+ryV/f2Q20fuAsKLqugJfvLrzeLBWhcgdNARjUZxgX10nV/rGQi4Pjj1XvX/TgvWtj13U= Received: from VI1PR08CA0147.eurprd08.prod.outlook.com (2603:10a6:800:d5::25) by DB6PR0801MB1846.eurprd08.prod.outlook.com (2603:10a6:4:35::23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2052.19; Fri, 12 Jul 2019 06:53:19 +0000 Received: from DB5EUR03FT040.eop-EUR03.prod.protection.outlook.com (2a01:111:f400:7e0a::201) by VI1PR08CA0147.outlook.office365.com (2603:10a6:800:d5::25) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.2073.11 via Frontend Transport; Fri, 12 Jul 2019 06:53:19 +0000 Authentication-Results: spf=temperror (sender IP is 40.67.248.234) smtp.mailfrom=arm.com; edk2.groups.io; dkim=none (message not signed) header.d=none;edk2.groups.io; dmarc=temperror action=none header.from=arm.com; Received-SPF: TempError (protection.outlook.com: error in processing during lookup of arm.com: DNS Timeout) Received: from nebula.arm.com (40.67.248.234) by DB5EUR03FT040.mail.protection.outlook.com (10.152.20.243) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256) id 15.20.2052.18 via Frontend Transport; Fri, 12 Jul 2019 06:53:17 +0000 Received: from AZ-NEU-EX01.Emea.Arm.com (10.251.26.4) by AZ-NEU-EX04.Arm.com (10.251.24.32) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256) id 15.1.1415.2; Fri, 12 Jul 2019 06:53:15 +0000 Received: from AZ-NEU-EX03.Arm.com (10.251.24.31) by AZ-NEU-EX01.Emea.Arm.com (10.251.26.4) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1415.2; Fri, 12 Jul 2019 06:53:14 +0000 Received: from E119924.Arm.com (10.37.8.167) by mail.arm.com (10.251.24.31) with Microsoft SMTP Server id 15.1.1415.2 via Frontend Transport; Fri, 12 Jul 2019 06:53:13 +0000 From: "Krzysztof Koch" To: CC: , , , , , Subject: [PATCH v1 00/11] Add security checks in the Acpiview table parsers Date: Fri, 12 Jul 2019 07:52:32 +0100 Message-ID: <20190712065243.3812-1-krzysztof.koch@arm.com> X-Mailer: git-send-email 2.16.2.windows.1 Return-Path: Krzysztof.Koch@arm.com MIME-Version: 1.0 X-EOPAttributedMessage: 0 X-MS-Office365-Filtering-HT: Tenant X-Forefront-Antispam-Report: CIP:40.67.248.234;IPV:NLI;CTRY:IE;EFV:NLI;SFV:NSPM;SFS:(10009020)(4636009)(39860400002)(376002)(396003)(136003)(346002)(2980300002)(199004)(189003)(68736007)(63370400001)(476003)(486006)(44832011)(2616005)(2351001)(81156014)(50226002)(8676002)(426003)(81166006)(63350400001)(126002)(8936002)(478600001)(47776003)(53416004)(356004)(36756003)(70206006)(6666004)(14444005)(16586007)(316002)(4326008)(6306002)(5660300002)(2906002)(54906003)(1076003)(53936002)(6916009)(15650500001)(26005)(336012)(186003)(305945005)(51416003)(86362001)(7696005)(50466002)(966005)(70586007)(48376002);DIR:OUT;SFP:1101;SCL:1;SRVR:DB6PR0801MB1846;H:nebula.arm.com;FPR:;SPF:TempError;LANG:en;PTR:InfoDomainNonexistent;A:1;MX:1; X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: ff6e96a9-7cc9-4504-711c-08d706959ea2 X-Microsoft-Antispam: BCL:0;PCL:0;RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(711020)(4605104)(1401327)(2017052603328);SRVR:DB6PR0801MB1846; X-MS-TrafficTypeDiagnostic: DB6PR0801MB1846: X-MS-Exchange-PUrlCount: 1 X-Microsoft-Antispam-PRVS: NoDisclaimer: True X-MS-Oob-TLC-OOBClassifiers: OLM:9508; X-Forefront-PRVS: 00963989E5 X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam-Message-Info: mjVIxJs7XbblcUAT19Evs0smvdAze7fsbeCK1gPcZvS14Q1jinXX1sdSozO8sDvKfVqh4Ay43TqraUg/R/4t4pdhlY7LAE7M6k/ciXEj66PYoPBitm8/AKd8yFpA3nwhRrqgPz5cPxbCB+LAg5z1DAJYtnaHlFa1LCUfJTe8nYLXejU+Di7gff+Ly6htAocEZAXuAjiLXz/a9vducakW5mg8paoIuwhAEnYdaOCCgUG0+IhLvJBp+pDWKC7BQEE8bEZmRCk4tRhuMPVEYF5xThOwFJVKeoKkveFZWGmujpDsANneiaZ4oD2/JvQOL2QirAjVh8hzpipC86RvEX4ckg3u+aUlMaVUirbwGnGuPPBstyROqu20Hfff8zQZgcGVn66VsRbF/XviyvvZei+oh1WDFJHDTkUKxIBOG3bxVo0= X-OriginatorOrg: arm.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 12 Jul 2019 06:53:17.7434 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: ff6e96a9-7cc9-4504-711c-08d706959ea2 X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=f34e5979-57d9-4aaa-ad4d-b122a662184d;Ip=[40.67.248.234];Helo=[nebula.arm.com] X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB6PR0801MB1846 Content-Type: text/plain The following patches modify existing ACPI table parsers to add checks which prevent many potential security issues. These include: 1. Entering infinite loops when ACPI structure lengths are zero. 2. Use of pointers which failed to be initialized because of invalid ACPI table/structure lengths. 3. Buffer overruns caused by structures which have a too large value of the 'Length' field given the size of the buffer in which they are located. Other changes added in this patchset include: 1. Removal of redundant forward STATIC function declarations for reducing the code size. 2. Extension of the use of the -q flag to make ACPI table content validation optional. ACPI table content consistency checks which do not affect the flow control in the parsing logic can now be disabled. The remaining validation checks are enforced as they also prevent the security issues listed above. Changes can be seen at: https://github.com/KrzysztofKoch1/edk2/tree/612_enhance_parser_logic_v1 Krzysztof Koch (11): ShellPkg: acpiview: FADT: Validate global pointers before use ShellPkg: acpiview: SPCR: Remove redundant forward declaration ShellPkg: acpiview: RSDP: Make printing table checksum optional ShellPkg: acpiview: XSDT: Remove redundant ParseAcpi() call ShellPkg: acpiview: SLIT: Add error-checking in the parsing logic ShellPkg: acpiview: SRAT: Add error-checking in the parsing logic ShellPkg: acpiview: MADT: Add error-checking in the parsing logic ShellPkg: acpiview: PPTT: Add error-checking in the parsing logic ShellPkg: acpiview: IORT: Add error-checking in the parsing logic ShellPkg: acpiview: GTDT: Add error-checking in the parsing logic ShellPkg: acpiview: DBG2: Add error-checking in the parsing logic ShellPkg/Library/UefiShellAcpiViewCommandLib/AcpiParser.c | 26 +- ShellPkg/Library/UefiShellAcpiViewCommandLib/AcpiParser.h | 8 +- ShellPkg/Library/UefiShellAcpiViewCommandLib/Parsers/Dbg2/Dbg2Parser.c | 298 +++++++++----- ShellPkg/Library/UefiShellAcpiViewCommandLib/Parsers/Fadt/FadtParser.c | 131 +++--- ShellPkg/Library/UefiShellAcpiViewCommandLib/Parsers/Gtdt/GtdtParser.c | 294 ++++++++------ ShellPkg/Library/UefiShellAcpiViewCommandLib/Parsers/Iort/IortParser.c | 419 +++++++++++++------- ShellPkg/Library/UefiShellAcpiViewCommandLib/Parsers/Madt/MadtParser.c | 187 ++++----- ShellPkg/Library/UefiShellAcpiViewCommandLib/Parsers/Pptt/PpttParser.c | 95 ++++- ShellPkg/Library/UefiShellAcpiViewCommandLib/Parsers/Rsdp/RsdpParser.c | 144 ++++--- ShellPkg/Library/UefiShellAcpiViewCommandLib/Parsers/Slit/SlitParser.c | 115 ++++-- ShellPkg/Library/UefiShellAcpiViewCommandLib/Parsers/Spcr/SpcrParser.c | 98 ++--- ShellPkg/Library/UefiShellAcpiViewCommandLib/Parsers/Srat/SratParser.c | 113 +++--- ShellPkg/Library/UefiShellAcpiViewCommandLib/Parsers/Xsdt/XsdtParser.c | 22 +- 13 files changed, 1150 insertions(+), 800 deletions(-) -- 'Guid(CE165669-3EF3-493F-B85D-6190EE5B9759)'