From mboxrd@z Thu Jan 1 00:00:00 1970 Authentication-Results: mx.groups.io; dkim=pass header.i=@armh.onmicrosoft.com header.s=selector2-armh-onmicrosoft-com header.b=JUk7/tKn; spf=pass (domain: arm.com, ip: 40.107.1.78, mailfrom: krzysztof.koch@arm.com) Received: from EUR02-HE1-obe.outbound.protection.outlook.com (EUR02-HE1-obe.outbound.protection.outlook.com [40.107.1.78]) by groups.io with SMTP; Thu, 01 Aug 2019 01:45:16 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=5fhjNRWqRoKEnQCdkvvTdG76+3BqrnApVZGPfcPa0fo=; b=JUk7/tKnRdvyNmf9+gJaZB4UTJMTlayslt/MgcPMr+VCFtKmIyLFvv08oWwK86+1OUUdjwJS7Sgr8aaj1/5EK/IhbBeEXIhO99MAdK5K7+S/mvUOsTtBPt9yH10YrGMygYoOCfoy3konJVq35/VMd2ZB082G6ynbiYZr7A8TYMI= Received: from AM6PR08CA0018.eurprd08.prod.outlook.com (2603:10a6:20b:b2::30) by VE1PR08MB4957.eurprd08.prod.outlook.com (2603:10a6:803:110::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2136.15; Thu, 1 Aug 2019 08:45:11 +0000 Received: from VE1EUR03FT060.eop-EUR03.prod.protection.outlook.com (2a01:111:f400:7e09::203) by AM6PR08CA0018.outlook.office365.com (2603:10a6:20b:b2::30) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.2136.15 via Frontend Transport; Thu, 1 Aug 2019 08:45:11 +0000 Authentication-Results: spf=temperror (sender IP is 63.35.35.123) smtp.mailfrom=arm.com; edk2.groups.io; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com;edk2.groups.io; dmarc=temperror action=none header.from=arm.com; Received-SPF: TempError (protection.outlook.com: error in processing during lookup of arm.com: DNS Timeout) Received: from 64aa7808-outbound-1.mta.getcheckrecipient.com (63.35.35.123) by VE1EUR03FT060.mail.protection.outlook.com (10.152.19.187) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.2052.18 via Frontend Transport; Thu, 1 Aug 2019 08:45:09 +0000 Received: ("Tessian outbound 578a71fe5eaa:v26"); Thu, 01 Aug 2019 08:45:09 +0000 X-CheckRecipientChecked: true X-CR-MTA-CID: 6e1e5ac9a2a4533d X-CR-MTA-TID: 64aa7808 Received: from 06993cb37739.1 (ip-172-16-0-2.eu-west-1.compute.internal [104.47.8.54]) by 64aa7808-outbound-1.mta.getcheckrecipient.com id 22BBF288-D876-4D9E-BE6F-00DB66235592.1; Thu, 01 Aug 2019 08:45:04 +0000 Received: from EUR03-AM5-obe.outbound.protection.outlook.com (mail-am5eur03lp2054.outbound.protection.outlook.com [104.47.8.54]) by 64aa7808-outbound-1.mta.getcheckrecipient.com with ESMTPS id 06993cb37739.1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384); Thu, 01 Aug 2019 08:45:04 +0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=frJoDAPtQSPCiuGEYd6XqVL1dwDB6sIxh59oREVpWQWItwy1jQBVgjj/ZYMqztHGwI1+OWL223ZDlxspJgJwAkY0ojOYw2TDiTZM3GhSEax++Lf0NhZeqkHzJOm9zA0M+xcBiaZ1h62xsVsEkc9zdrSt4xS6p5CxjUeQHezjoyuNXQ03YjEHmiPO3Q0mW/gsJw6skrBfQkBdwCLCrWU9Ny+gqOFv5Md/PNJTOaAA33FLQU6DDJM3BNHHTs3IDLr5Ts85YT9plqU04PWmfX2Hwfb6uMb2XbgAiyj3lCBBREwRK09pN8I7Vbsgr7hWeRqkm83mFgcglCMfhu8EugvS2g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=5fhjNRWqRoKEnQCdkvvTdG76+3BqrnApVZGPfcPa0fo=; b=QFjOo5B8AhMRpZLlChcOUKZhAMwRIYL0blVM43ZOPLPG/yONi4pz0zt977AXVyvIPCGGMynOxhQKFEleMftH7IahG1VkqseFC7W1KsNaSAIfKAahD94GHiQMOSlk86FQ1DNxH2i2PpmSMC9KD4tbOoGNo1rV05chPz2cvcMzCV1XJ5HTlYgvdG6sV/hkoz6vtw11BXpedsAa6lLa3gPihdu6mrr+yeXh/lWSHwR83DBWhMdLXBtKsBTWLF/ULWmtmylUTQSOS7u57rDQF98OF2iLkKrOtRt7fRG2Edah2HdlV6F1vKEL2jfU+F3qBejaB9n9plE0vChsl2ldEMUhiA== ARC-Authentication-Results: i=1; mx.microsoft.com 1;spf=temperror (sender ip is 40.67.248.234) smtp.rcpttodomain=edk2.groups.io smtp.mailfrom=arm.com;dmarc=temperror action=none header.from=arm.com;dkim=none (message not signed);arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=5fhjNRWqRoKEnQCdkvvTdG76+3BqrnApVZGPfcPa0fo=; b=JUk7/tKnRdvyNmf9+gJaZB4UTJMTlayslt/MgcPMr+VCFtKmIyLFvv08oWwK86+1OUUdjwJS7Sgr8aaj1/5EK/IhbBeEXIhO99MAdK5K7+S/mvUOsTtBPt9yH10YrGMygYoOCfoy3konJVq35/VMd2ZB082G6ynbiYZr7A8TYMI= Received: from AM6PR08CA0012.eurprd08.prod.outlook.com (2603:10a6:20b:b2::24) by HE1PR0801MB1849.eurprd08.prod.outlook.com (2603:10a6:3:89::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2115.11; Thu, 1 Aug 2019 08:45:01 +0000 Received: from AM5EUR03FT006.eop-EUR03.prod.protection.outlook.com (2a01:111:f400:7e08::205) by AM6PR08CA0012.outlook.office365.com (2603:10a6:20b:b2::24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2136.14 via Frontend Transport; Thu, 1 Aug 2019 08:45:01 +0000 Authentication-Results-Original: spf=temperror (sender IP is 40.67.248.234) smtp.mailfrom=arm.com; edk2.groups.io; dkim=none (message not signed) header.d=none;edk2.groups.io; dmarc=temperror action=none header.from=arm.com; Received-SPF: TempError (protection.outlook.com: error in processing during lookup of arm.com: DNS Timeout) Received: from nebula.arm.com (40.67.248.234) by AM5EUR03FT006.mail.protection.outlook.com (10.152.16.122) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.2052.18 via Frontend Transport; Thu, 1 Aug 2019 08:45:00 +0000 Received: from AZ-NEU-EX04.Arm.com (10.251.24.32) by AZ-NEU-EX04.Arm.com (10.251.24.32) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1415.2; Thu, 1 Aug 2019 08:44:16 +0000 Received: from E119924.Arm.com (10.1.199.124) by mail.arm.com (10.251.24.32) with Microsoft SMTP Server id 15.1.1415.2 via Frontend Transport; Thu, 1 Aug 2019 08:44:16 +0000 From: "Krzysztof Koch" To: CC: , , , , , Subject: [PATCH v1 4/6] ShellPkg: acpiview: MADT: Prevent buffer overruns Date: Thu, 1 Aug 2019 09:44:05 +0100 Message-ID: <20190801084407.48712-5-krzysztof.koch@arm.com> X-Mailer: git-send-email 2.16.2.windows.1 In-Reply-To: <20190801084407.48712-1-krzysztof.koch@arm.com> References: <20190801084407.48712-1-krzysztof.koch@arm.com> MIME-Version: 1.0 X-EOPAttributedMessage: 1 X-MS-Office365-Filtering-HT: Tenant X-Forefront-Antispam-Report-Untrusted: CIP:40.67.248.234;IPV:NLI;CTRY:IE;EFV:NLI;SFV:NSPM;SFS:(10009020)(4636009)(396003)(136003)(346002)(376002)(39860400002)(2980300002)(189003)(199004)(11346002)(316002)(76176011)(54906003)(26005)(5660300002)(86362001)(7696005)(1076003)(51416003)(50226002)(81166006)(186003)(68736007)(16586007)(81156014)(8936002)(8676002)(6916009)(63350400001)(2906002)(6666004)(48376002)(126002)(70586007)(70206006)(44832011)(36756003)(305945005)(4326008)(486006)(426003)(478600001)(336012)(63370400001)(50466002)(446003)(53416004)(47776003)(2616005)(476003)(14444005)(53936002)(356004)(2351001);DIR:OUT;SFP:1101;SCL:1;SRVR:HE1PR0801MB1849;H:nebula.arm.com;FPR:;SPF:TempError;LANG:en;PTR:InfoDomainNonexistent;MX:1;A:1; X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 97b5cccf-d906-46f2-cef5-08d7165c8fc4 X-Microsoft-Antispam-Untrusted: BCL:0;PCL:0;RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(711020)(4605104)(1401327)(2017052603328);SRVR:HE1PR0801MB1849; X-MS-TrafficTypeDiagnostic: HE1PR0801MB1849:|VE1PR08MB4957: X-Microsoft-Antispam-PRVS: x-checkrecipientrouted: true X-MS-Oob-TLC-OOBClassifiers: OLM:5236;OLM:5236; X-Forefront-PRVS: 01165471DB X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam-Message-Info-Original: 5RI7KmvIHbet9t/y5fPvzm+RjXWMWujrQiQtfXJ5VrO1waPvU0dJ0cGEJkRy/jF7BGpzP3AIkb6mQKTfnEvp2bX2UpHDdkEj6vOxj7XtOz7JVocCPmGMgq9fsfUuaPtS9+zaGk+SJKniqfw1fU0qkiWb7iVogJyI/DbeNxxc71e0O/E9fVFppoK40YOwvZ5Jc0P8n9T6EP4708WqjfhMUCsjm6HRREFtmZAbeYiiAUKv9hdKU2kfuRtDOY1R49lx7/nH2To9xBSV7GzhVJgb6d085N5ZqmSd9PzoALwUDI3FdMUCqBWXvhtCODOfVWM7Z7qLxlSoDqPcJ4Jqcoyoa5bI+QfG8RBzMxtRW+cGPXPS+EmFhJUa2vIIpU95N9QgQXVjStrxkzPBgCdIajBbbZ/foPle3IGSnaiX+0GYtws= X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR0801MB1849 Original-Authentication-Results: spf=temperror (sender IP is 40.67.248.234) smtp.mailfrom=arm.com; edk2.groups.io; dkim=none (message not signed) header.d=none;edk2.groups.io; dmarc=temperror action=none header.from=arm.com; Return-Path: Krzysztof.Koch@arm.com X-MS-Exchange-Transport-CrossTenantHeadersStripped: VE1EUR03FT060.eop-EUR03.prod.protection.outlook.com X-Forefront-Antispam-Report: CIP:63.35.35.123;IPV:CAL;SCL:-1;CTRY:IE;EFV:NLI;SFV:NSPM;SFS:(10009020)(4636009)(346002)(396003)(376002)(136003)(39860400002)(2980300002)(189003)(199004)(50226002)(53416004)(2351001)(7696005)(51416003)(76176011)(4326008)(26826003)(476003)(478600001)(1076003)(5660300002)(50466002)(6666004)(48376002)(54906003)(36756003)(16586007)(8676002)(305945005)(11346002)(63350400001)(2616005)(2906002)(81156014)(81166006)(47776003)(86362001)(14444005)(8936002)(6916009)(63370400001)(446003)(36906005)(26005)(426003)(76130400001)(126002)(336012)(186003)(22756006)(44832011)(70586007)(486006)(316002)(70206006);DIR:OUT;SFP:1101;SCL:1;SRVR:VE1PR08MB4957;H:64aa7808-outbound-1.mta.getcheckrecipient.com;FPR:;SPF:TempError;LANG:en;PTR:ec2-63-35-35-123.eu-west-1.compute.amazonaws.com;MX:1;A:1; X-MS-Office365-Filtering-Correlation-Id-Prvs: 724131ff-51f7-4591-05e9-08d7165c8a04 X-Microsoft-Antispam: BCL:0;PCL:0;RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(710020)(711020)(4605104)(1401327)(2017052603328);SRVR:VE1PR08MB4957; NoDisclaimer: True X-Forefront-PRVS: 01165471DB X-Microsoft-Antispam-Message-Info: ef//KijIphUZ8W1/f7FxZcESo2aXRwE4N9RvaVBjbcMSm/PyIa/yE5AfvAwJb+fxXQgqOJii1XC8Prn4yN2RcTXB+aH1T1ZETjR1j555dPnpo2rqU8ysZHeJUkqG9Lc1jpziKlGWEw8+YrJ2HZ6kvkDmyxeDQhFv73myQqGTYk/5aWZ0mZ5L15Hfz2r9ZoaBBewanK62YDAuryuwC0FKaR3hhRkwi2f1p4uX+5dGWQZY9NxgX/QF2lGm4foh2T/SU7n8wk8AWPUprWzy4XsndubVvjODda4LTNHB9AsDpE0h3SKygIGKiP6VHGa9cHwBB3J0OwHwq2MI7OdEnWK1jmEpdDLp77mJwbtGW/YhguWDhEgKYouSGBqxBwYEOebsrFjmV2vKZisELUUyavm1FavvuGVqjZ0gHF4MwPjQ590= X-OriginatorOrg: arm.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 01 Aug 2019 08:45:09.9365 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 97b5cccf-d906-46f2-cef5-08d7165c8fc4 X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=f34e5979-57d9-4aaa-ad4d-b122a662184d;Ip=[63.35.35.123];Helo=[64aa7808-outbound-1.mta.getcheckrecipient.com] X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: VE1PR08MB4957 Content-Type: text/plain Modify the parsing logic to prevent reading past the MADT table buffer length provided when parsing the Interrupt Controller Structure header. Signed-off-by: Krzysztof Koch --- Notes: v1: - Prevent buffer overruns in MADT acpiview parser [Krzysztof] ShellPkg/Library/UefiShellAcpiViewCommandLib/Parsers/Madt/MadtParser.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ShellPkg/Library/UefiShellAcpiViewCommandLib/Parsers/Madt/MadtParser.c b/ShellPkg/Library/UefiShellAcpiViewCommandLib/Parsers/Madt/MadtParser.c index d80ebd1a2bae7a4acffe687ca5ee7b4090f0e223..90bdafea1970db522e8ed96de7c6e986cdaca5ba 100644 --- a/ShellPkg/Library/UefiShellAcpiViewCommandLib/Parsers/Madt/MadtParser.c +++ b/ShellPkg/Library/UefiShellAcpiViewCommandLib/Parsers/Madt/MadtParser.c @@ -256,7 +256,7 @@ ParseAcpiMadt ( 0, NULL, InterruptContollerPtr, - 2, // Length is 1 byte at offset 1 + AcpiTableLength - Offset, PARSER_PARAMS (MadtInterruptControllerHeaderParser) ); -- 'Guid(CE165669-3EF3-493F-B85D-6190EE5B9759)'