From mboxrd@z Thu Jan 1 00:00:00 1970 Authentication-Results: mx.groups.io; dkim=pass header.i=@armh.onmicrosoft.com header.s=selector2-armh-onmicrosoft-com header.b=oTWtstKi; spf=pass (domain: arm.com, ip: 40.107.14.88, mailfrom: krzysztof.koch@arm.com) Received: from EUR01-VE1-obe.outbound.protection.outlook.com (EUR01-VE1-obe.outbound.protection.outlook.com [40.107.14.88]) by groups.io with SMTP; Thu, 15 Aug 2019 06:12:51 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=BNH4Z0Cf+o+D+yE5YmyZtij3Q/cOmjbsTOMGjUbUNdI=; b=oTWtstKidl4Xdd+OqTXr/s9Nha1yZNiLgSR2/lpIxFcghie8EOBoHHH3tM5izsTWPT3vQ9SE5/LXDWdfISbKORPWPTx4yg1HsF/7Qso2Ijpvkw+beG20UsJZWWCqieEbMNQBuIe+h1bz85kQO2EI3UbdDvIHvbvilrwEdQJYz0w= Received: from VI1PR08CA0169.eurprd08.prod.outlook.com (10.175.227.23) by VI1PR0801MB1853.eurprd08.prod.outlook.com (10.168.67.22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2157.13; Thu, 15 Aug 2019 13:12:47 +0000 Received: from VE1EUR03FT051.eop-EUR03.prod.protection.outlook.com (2a01:111:f400:7e09::201) by VI1PR08CA0169.outlook.office365.com (2603:10a6:800:d1::23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.2157.15 via Frontend Transport; Thu, 15 Aug 2019 13:12:47 +0000 Authentication-Results: spf=temperror (sender IP is 63.35.35.123) smtp.mailfrom=arm.com; edk2.groups.io; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com;edk2.groups.io; dmarc=temperror action=none header.from=arm.com; Received-SPF: TempError (protection.outlook.com: error in processing during lookup of arm.com: DNS Timeout) Received: from 64aa7808-outbound-1.mta.getcheckrecipient.com (63.35.35.123) by VE1EUR03FT051.mail.protection.outlook.com (10.152.19.75) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.2178.16 via Frontend Transport; Thu, 15 Aug 2019 13:12:45 +0000 Received: ("Tessian outbound 1e6e633a5b56:v26"); Thu, 15 Aug 2019 13:12:45 +0000 X-CheckRecipientChecked: true X-CR-MTA-CID: ef767dc2ac480e4c X-CR-MTA-TID: 64aa7808 Received: from 63101f608e55.1 (cr-mta-lb-1.cr-mta-net [104.47.13.59]) by 64aa7808-outbound-1.mta.getcheckrecipient.com id 7A3A7BD5-AE1B-45CB-86CF-8D3A1D57C750.1; Thu, 15 Aug 2019 13:12:40 +0000 Received: from EUR04-HE1-obe.outbound.protection.outlook.com (mail-he1eur04lp2059.outbound.protection.outlook.com [104.47.13.59]) by 64aa7808-outbound-1.mta.getcheckrecipient.com with ESMTPS id 63101f608e55.1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384); Thu, 15 Aug 2019 13:12:40 +0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=BgA2qV6oXa3nZhKGLjMFyMh+6ouU0tSJTfwmnrVQX2pu5QhXXeiO2s7GWnk80VAwIa4NBxLW3Yr6wWfP/EdKjJ1Ji6VP9d97j7KlgYd3uPUVqY1/1QAhyErj1RxgaMw06NPHrtdK6r7bv6LRXy9D4JgRLTMh/s51MnYoDmF/eL4SfCFQM58+ASWq9+mEpLYy6b31Tr7rItj50jZyX+D953COLDK3TvSrrsNa0D10dxHN1Vw24PRdYeWa4TCJOGvm4sllNH0vV+Q696oQX5rQvW8J5DovU2ZVfe//R9W25bQL+OFeJlktUmoUyQpWtniE4SeUZ7QRczG21GYzvlS76g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=BNH4Z0Cf+o+D+yE5YmyZtij3Q/cOmjbsTOMGjUbUNdI=; b=S9zBcdAJ2PZEnqIx357IhwA3Cj3rS0qLaFjZegN9DzatNfYkGxgTyWe0XKpSsTN2CR2x6OVcfanoz1pYp8NdLAlXziXn2eau9gluD6fJPHjJ6QyJ61KGyBXU/8rMjUjblL5J7MgSlWOcn0Pbbj8XAytnPxTt3mioY3DRDfrhW2mUqte2oHV6vIbv4cUmlOjLRODMiIeMVIOdS5V3sPt7HLNVs2tae2A0Ife6DwZB7WFtUuih3Eizpy3/K/+WgZoRMv3bPixtWQPR6bv84QYcFPSzc6B3aTChfQyW47bw3Pk8X33FvAH5K+DIPOu5kBM5yprOsfpsfHybsWgBAlZUEw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=temperror (sender ip is 40.67.248.234) smtp.rcpttodomain=edk2.groups.io smtp.mailfrom=arm.com; dmarc=temperror action=none header.from=arm.com; dkim=none (message not signed); arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=BNH4Z0Cf+o+D+yE5YmyZtij3Q/cOmjbsTOMGjUbUNdI=; b=oTWtstKidl4Xdd+OqTXr/s9Nha1yZNiLgSR2/lpIxFcghie8EOBoHHH3tM5izsTWPT3vQ9SE5/LXDWdfISbKORPWPTx4yg1HsF/7Qso2Ijpvkw+beG20UsJZWWCqieEbMNQBuIe+h1bz85kQO2EI3UbdDvIHvbvilrwEdQJYz0w= Received: from VI1PR0802CA0036.eurprd08.prod.outlook.com (2603:10a6:800:a9::22) by DB6PR0801MB1846.eurprd08.prod.outlook.com (2603:10a6:4:35::23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2157.20; Thu, 15 Aug 2019 13:12:36 +0000 Received: from DB5EUR03FT025.eop-EUR03.prod.protection.outlook.com (2a01:111:f400:7e0a::201) by VI1PR0802CA0036.outlook.office365.com (2603:10a6:800:a9::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.2178.16 via Frontend Transport; Thu, 15 Aug 2019 13:12:36 +0000 Authentication-Results-Original: spf=temperror (sender IP is 40.67.248.234) smtp.mailfrom=arm.com; edk2.groups.io; dkim=none (message not signed) header.d=none;edk2.groups.io; dmarc=temperror action=none header.from=arm.com; Received-SPF: TempError (protection.outlook.com: error in processing during lookup of arm.com: DNS Timeout) Received: from nebula.arm.com (40.67.248.234) by DB5EUR03FT025.mail.protection.outlook.com (10.152.20.104) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256) id 15.20.2178.16 via Frontend Transport; Thu, 15 Aug 2019 13:12:34 +0000 Received: from AZ-NEU-EX04.Arm.com (10.251.24.32) by AZ-NEU-EX03.Arm.com (10.251.24.31) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1415.2; Thu, 15 Aug 2019 13:11:36 +0000 Received: from E119924.Arm.com (10.1.199.124) by mail.arm.com (10.251.24.32) with Microsoft SMTP Server id 15.1.1415.2 via Frontend Transport; Thu, 15 Aug 2019 13:11:36 +0000 From: "Krzysztof Koch" To: CC: , , , , , Subject: [PATCH v1 09/11] ShellPkg: acpiview: IORT: Validate global pointers before use Date: Thu, 15 Aug 2019 14:11:19 +0100 Message-ID: <20190815131121.52644-10-krzysztof.koch@arm.com> X-Mailer: git-send-email 2.16.2.windows.1 In-Reply-To: <20190815131121.52644-1-krzysztof.koch@arm.com> References: <20190815131121.52644-1-krzysztof.koch@arm.com> MIME-Version: 1.0 X-EOPAttributedMessage: 1 X-MS-Office365-Filtering-HT: Tenant X-Forefront-Antispam-Report-Untrusted: CIP:40.67.248.234;IPV:NLI;CTRY:IE;EFV:NLI;SFV:NSPM;SFS:(10009020)(4636009)(396003)(376002)(346002)(136003)(39860400002)(2980300002)(189003)(199004)(486006)(70206006)(51416003)(2616005)(126002)(50466002)(476003)(426003)(50226002)(8936002)(336012)(446003)(186003)(48376002)(86362001)(7696005)(70586007)(26005)(2351001)(63350400001)(44832011)(76176011)(11346002)(47776003)(63370400001)(6916009)(2906002)(1076003)(81156014)(54906003)(356004)(81166006)(8676002)(19627235002)(6666004)(36756003)(478600001)(305945005)(53416004)(316002)(15650500001)(53936002)(16586007)(4326008)(5660300002);DIR:OUT;SFP:1101;SCL:1;SRVR:DB6PR0801MB1846;H:nebula.arm.com;FPR:;SPF:TempError;LANG:en;PTR:InfoDomainNonexistent;MX:1;A:1; X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 208b374e-d85e-4626-b0c1-08d721824390 X-Microsoft-Antispam-Untrusted: BCL:0;PCL:0;RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(711020)(4605104)(1401327)(2017052603328);SRVR:DB6PR0801MB1846; X-MS-TrafficTypeDiagnostic: DB6PR0801MB1846:|VI1PR0801MB1853: X-Microsoft-Antispam-PRVS: x-checkrecipientrouted: true X-MS-Oob-TLC-OOBClassifiers: OLM:6108;OLM:6108; X-Forefront-PRVS: 01304918F3 X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam-Message-Info-Original: tQ14S7HSexsERXElhPIq4kZdheaTX8/a4/RoHQ1cvPO5W/8B5NZf89UBUpyEQSzQmkFsnolkUOrqGfI7CJwJGzSbLfeVnjGn6BkaflhustJDOx4GrSkXYmhThHrFKQJbfCOAAQxvBYxYyaRWZpwsDq/1G7d7Ao9SzzZT87P90onQ5KCBaXA1Jr0HTARqC8Z2tBto9cO9Yl5EoD81KW/IG2OWXkkHXIntawlrHSuJ48QhZ5RGDVJMjp3Yq7yLMcIMZU2ac+dWKNDlpI0PBb6loohbBNm8c3wwPdEjno+mV3/PJ6SRksW9zeX0zG5RHRUfVBUAKdNY8RoVyW7bB9xoC6Tk1+Jy/svhGTmGWF+mw+vekRQw39j3VN9dZP9vluuyHK2z6gR/k2BIkxU7nfBa9Nsom2KNIFQn+MRGtihfIH8= X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB6PR0801MB1846 Original-Authentication-Results: spf=temperror (sender IP is 40.67.248.234) smtp.mailfrom=arm.com; edk2.groups.io; dkim=none (message not signed) header.d=none;edk2.groups.io; dmarc=temperror action=none header.from=arm.com; Return-Path: Krzysztof.Koch@arm.com X-MS-Exchange-Transport-CrossTenantHeadersStripped: VE1EUR03FT051.eop-EUR03.prod.protection.outlook.com X-Forefront-Antispam-Report: CIP:63.35.35.123;IPV:CAL;SCL:-1;CTRY:IE;EFV:NLI;SFV:NSPM;SFS:(10009020)(4636009)(396003)(136003)(376002)(346002)(39860400002)(2980300002)(199004)(189003)(48376002)(4326008)(70586007)(51416003)(16586007)(186003)(19627235002)(70206006)(47776003)(50226002)(316002)(22756006)(50466002)(305945005)(26005)(6666004)(36906005)(15650500001)(7696005)(54906003)(486006)(1076003)(63350400001)(63370400001)(81166006)(8936002)(2351001)(81156014)(86362001)(5660300002)(36756003)(6916009)(76176011)(44832011)(446003)(11346002)(478600001)(2616005)(76130400001)(53416004)(336012)(126002)(476003)(8676002)(26826003)(2906002)(426003);DIR:OUT;SFP:1101;SCL:1;SRVR:VI1PR0801MB1853;H:64aa7808-outbound-1.mta.getcheckrecipient.com;FPR:;SPF:TempError;LANG:en;PTR:ec2-63-35-35-123.eu-west-1.compute.amazonaws.com;A:1;MX:1; X-MS-Office365-Filtering-Correlation-Id-Prvs: 978b53bc-c408-4aae-97d3-08d721823d0b X-Microsoft-Antispam: BCL:0;PCL:0;RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(710020)(711020)(4605104)(1401327)(2017052603328);SRVR:VI1PR0801MB1853; NoDisclaimer: True X-Forefront-PRVS: 01304918F3 X-Microsoft-Antispam-Message-Info: l9HWgxcYxnWaMSdwbmd/HemxbOopkaTLUYhNpAUVQk2TUBwlR7adlPoDqwp4iLi2Qv4hbbJdFbrs4ixpS5oj1fMpnO2uctnKq10NfSykWsBohkkY3kyS7l21ez+qHCHDVcAZSoWD7pZilwXsYB9TFfWHRG8iAX+fof3JGPnDroMlGyD2zeeKCmpMWS8c1Umd8DIeJ5RC4WLo8YdnlAlGCJnj+YMw3mQIPs1rQSDFZzT+YfPc64Pn8VYnKiqviLvftW2BuuxAi8X8dPgo+cigL4WF+q8IYPav3xj3ME3YdUgmrj8ZYNRztYARCxiBSgVcyc5kXQtd5e7PZRmmvHm9iw6NWq6gxbjyK4XPIykoeg7Z30RT9y8MNI2SWBHKol9VSJNZjTgVFi/UqELkttc738if5sFWdgSj4j93UrD2Il8= X-OriginatorOrg: arm.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 15 Aug 2019 13:12:45.7974 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 208b374e-d85e-4626-b0c1-08d721824390 X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=f34e5979-57d9-4aaa-ad4d-b122a662184d;Ip=[63.35.35.123];Helo=[64aa7808-outbound-1.mta.getcheckrecipient.com] X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR0801MB1853 Content-Type: text/plain Check if global (in the scope of the IORT parser) pointers have been successfully updated before they are used for further table parsing. Signed-off-by: Krzysztof Koch --- Notes: v1: - Test against NULL pointers [Krzysztof] ShellPkg/Library/UefiShellAcpiViewCommandLib/Parsers/Iort/IortParser.c | 52 ++++++++++++++++++++ 1 file changed, 52 insertions(+) diff --git a/ShellPkg/Library/UefiShellAcpiViewCommandLib/Parsers/Iort/IortParser.c b/ShellPkg/Library/UefiShellAcpiViewCommandLib/Parsers/Iort/IortParser.c index f1cdb9ac01d848f22ab588d8f824886387c5983d..c43ed4ee5fdd8de409052d57c13a27811c75c7d0 100644 --- a/ShellPkg/Library/UefiShellAcpiViewCommandLib/Parsers/Iort/IortParser.c +++ b/ShellPkg/Library/UefiShellAcpiViewCommandLib/Parsers/Iort/IortParser.c @@ -317,6 +317,20 @@ DumpIortNodeSmmuV1V2 ( PARSER_PARAMS (IortNodeSmmuV1V2Parser) ); + // Check if the values used to control the parsing logic have been + // successfully read. + if ((InterruptContextCount == NULL) || + (InterruptContextOffset == NULL) || + (PmuInterruptCount == NULL) || + (PmuInterruptOffset == NULL)) { + IncrementErrorCount (); + Print ( + L"ERROR: Insufficient SMMUv1/2 node length. Length = %d\n", + Length + ); + return; + } + Offset = *InterruptContextOffset; Index = 0; @@ -428,6 +442,17 @@ DumpIortNodeIts ( PARSER_PARAMS (IortNodeItsParser) ); + // Check if the values used to control the parsing logic have been + // successfully read. + if (ItsCount == NULL) { + IncrementErrorCount (); + Print ( + L"ERROR: Insufficient ITS group length. Length = %d.\n", + Length + ); + return; + } + Index = 0; while ((Index < *ItsCount) && @@ -612,6 +637,18 @@ ParseAcpiIort ( PARSER_PARAMS (IortParser) ); + // Check if the values used to control the parsing logic have been + // successfully read. + if ((IortNodeCount == NULL) || + (IortNodeOffset == NULL)) { + IncrementErrorCount (); + Print ( + L"ERROR: Insufficient table length. AcpiTableLength = %d.\n", + AcpiTableLength + ); + return; + } + Offset = *IortNodeOffset; NodePtr = Ptr + Offset; Index = 0; @@ -630,6 +667,21 @@ ParseAcpiIort ( PARSER_PARAMS (IortNodeHeaderParser) ); + // Check if the values used to control the parsing logic have been + // successfully read. + if ((IortNodeType == NULL) || + (IortNodeLength == NULL) || + (IortIdMappingCount == NULL) || + (IortIdMappingOffset == NULL)) { + IncrementErrorCount (); + Print ( + L"ERROR: Insufficient remaining table buffer length to read the " \ + L"IORT node header. Length = %d.\n", + AcpiTableLength - Offset + ); + return; + } + // Make sure the IORT Node is inside the table if ((Offset + (*IortNodeLength)) > AcpiTableLength) { IncrementErrorCount (); -- 'Guid(CE165669-3EF3-493F-B85D-6190EE5B9759)'