From: "Krzysztof Koch" <krzysztof.koch@arm.com>
To: <devel@edk2.groups.io>
Cc: <ray.ni@intel.com>, <zhichao.gao@intel.com>,
<Sami.Mujawar@arm.com>, <Matteo.Carlini@arm.com>, <nd@arm.com>
Subject: [PATCH v3 00/11] Test against invalid pointers in acpiview
Date: Mon, 20 Jan 2020 11:13:40 +0000 [thread overview]
Message-ID: <20200120111351.29184-1-krzysztof.koch@arm.com> (raw)
Prevent the use of invalid pointers when parsing ACPI tables in the UEFI
shell acpiview tool.
The parsing of ACPI tables is often controlled with the values read
earlier from the same table. For example, the 'Offset' or 'Count' fields
found in a structure are later used to parse the substructures. If such
fields lie outside the structure's buffer length provided, then there
is a possibility for a wild or dangling pointer.
Currently, if the ParseAcpi() function terminates early because the end
of the input table data buffer has been reached, then the pointers
which were supposed to be updated by this function are left untouched.
This is a security issue as the values pointed to by these pointers are
later used for flow control.
This patch series aims to solve this security issue by explicitly
initializing any pointers lying outside the input ACPI data buffer to
NULL and testing for NULL whenever these pointers are dereferenced.
Changes can be seet at: https://github.com/KrzysztofKoch1/edk2/tree/612_add_pointer_validation_v3
Notes:
v3:
- Rebase on latest master [Krzysztof]
v2:
- Do not require FadtMinorRevision and X_DsdtAddress pointers to be
valid in FADT table parser [Zhichao]
v1:
- Validate static pointers in acpiview parsers before use [Krzysztof]
Krzysztof Koch (11):
ShellPkg: acpiview: Set ItemPtr to NULL for unprocessed table fields
ShellPkg: acpiview: RSDP: Validate global pointer before use
ShellPkg: acpiview: FADT: Validate global pointer before use
ShellPkg: acpiview: SLIT: Validate global pointer before use
ShellPkg: acpiview: SLIT: Validate System Locality count
ShellPkg: acpiview: SRAT: Validate global pointers before use
ShellPkg: acpiview: MADT: Validate global pointers before use
ShellPkg: acpiview: PPTT: Validate global pointers before use
ShellPkg: acpiview: IORT: Validate global pointers before use
ShellPkg: acpiview: GTDT: Validate global pointers before use
ShellPkg: acpiview: DBG2: Validate global pointers before use
ShellPkg/Library/UefiShellAcpiViewCommandLib/AcpiParser.c | 9 ++-
ShellPkg/Library/UefiShellAcpiViewCommandLib/Parsers/Dbg2/Dbg2Parser.c | 43 ++++++++++++++
ShellPkg/Library/UefiShellAcpiViewCommandLib/Parsers/Fadt/FadtParser.c | 21 +++----
ShellPkg/Library/UefiShellAcpiViewCommandLib/Parsers/Gtdt/GtdtParser.c | 37 ++++++++++++
ShellPkg/Library/UefiShellAcpiViewCommandLib/Parsers/Iort/IortParser.c | 52 +++++++++++++++++
ShellPkg/Library/UefiShellAcpiViewCommandLib/Parsers/Madt/MadtParser.c | 13 +++++
ShellPkg/Library/UefiShellAcpiViewCommandLib/Parsers/Pptt/PpttParser.c | 25 ++++++++
ShellPkg/Library/UefiShellAcpiViewCommandLib/Parsers/Rsdp/RsdpParser.c | 12 ++++
ShellPkg/Library/UefiShellAcpiViewCommandLib/Parsers/Slit/SlitParser.c | 61 ++++++++++++++++++--
ShellPkg/Library/UefiShellAcpiViewCommandLib/Parsers/Srat/SratParser.c | 13 +++++
10 files changed, 269 insertions(+), 17 deletions(-)
--
'Guid(CE165669-3EF3-493F-B85D-6190EE5B9759)'
next reply other threads:[~2020-01-20 11:14 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-01-20 11:13 Krzysztof Koch [this message]
2020-01-20 11:13 ` [PATCH v3 01/11] ShellPkg: acpiview: Set ItemPtr to NULL for unprocessed table fields Krzysztof Koch
2020-01-20 11:13 ` [PATCH v3 02/11] ShellPkg: acpiview: RSDP: Validate global pointer before use Krzysztof Koch
2020-01-20 11:13 ` [PATCH v3 03/11] ShellPkg: acpiview: FADT: " Krzysztof Koch
2020-01-20 11:13 ` [PATCH v3 04/11] ShellPkg: acpiview: SLIT: " Krzysztof Koch
2020-01-20 11:13 ` [PATCH v3 05/11] ShellPkg: acpiview: SLIT: Validate System Locality count Krzysztof Koch
2020-01-20 11:13 ` [PATCH v3 06/11] ShellPkg: acpiview: SRAT: Validate global pointers before use Krzysztof Koch
2020-01-20 11:13 ` [PATCH v3 07/11] ShellPkg: acpiview: MADT: " Krzysztof Koch
2020-01-20 11:13 ` [PATCH v3 08/11] ShellPkg: acpiview: PPTT: " Krzysztof Koch
2020-01-20 11:13 ` [PATCH v3 09/11] ShellPkg: acpiview: IORT: " Krzysztof Koch
2020-01-20 11:13 ` [PATCH v3 10/11] ShellPkg: acpiview: GTDT: " Krzysztof Koch
2020-01-20 11:13 ` [PATCH v3 11/11] ShellPkg: acpiview: DBG2: " Krzysztof Koch
2020-02-03 15:36 ` [PATCH v3 00/11] Test against invalid pointers in acpiview Gao, Zhichao
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200120111351.29184-1-krzysztof.koch@arm.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox