From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from EUR04-HE1-obe.outbound.protection.outlook.com (EUR04-HE1-obe.outbound.protection.outlook.com [40.107.7.79]) by mx.groups.io with SMTP id smtpd.web09.9176.1579518873521359343 for ; Mon, 20 Jan 2020 03:14:34 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@armh.onmicrosoft.com header.s=selector2-armh-onmicrosoft-com header.b=it6CJyKZ; spf=pass (domain: arm.com, ip: 40.107.7.79, mailfrom: krzysztof.koch@arm.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=GkCTLbze6b09g15z91J55w0GvF2YPLs1pU1bdDWDKWA=; b=it6CJyKZEHVz2wCq8wlhvQq3w+O4Xg+DpMz3jtc2KAR9YW+9UYXw+n6iVMZUrjiQPJbw/0Sb0RuM/cVFtsQSt7V6c1aae89Weda1APl262EV2aTIU27wP6Xb+Ncdtvv6hYp4lVaKgQNl1jDQIP5L+4Uq7clyEcqDx7T6D/PFD7U= Received: from HE1PR08CA0057.eurprd08.prod.outlook.com (2603:10a6:7:2a::28) by VI1PR0802MB2302.eurprd08.prod.outlook.com (2603:10a6:800:9e::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2644.24; Mon, 20 Jan 2020 11:14:29 +0000 Received: from AM5EUR03FT009.eop-EUR03.prod.protection.outlook.com (2a01:111:f400:7e08::204) by HE1PR08CA0057.outlook.office365.com (2603:10a6:7:2a::28) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2644.20 via Frontend Transport; Mon, 20 Jan 2020 11:14:29 +0000 Authentication-Results: spf=pass (sender IP is 63.35.35.123) smtp.mailfrom=arm.com; edk2.groups.io; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com;edk2.groups.io; dmarc=bestguesspass action=none header.from=arm.com; Received-SPF: Pass (protection.outlook.com: domain of arm.com designates 63.35.35.123 as permitted sender) receiver=protection.outlook.com; client-ip=63.35.35.123; helo=64aa7808-outbound-1.mta.getcheckrecipient.com; Received: from 64aa7808-outbound-1.mta.getcheckrecipient.com (63.35.35.123) by AM5EUR03FT009.mail.protection.outlook.com (10.152.16.110) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2644.23 via Frontend Transport; Mon, 20 Jan 2020 11:14:29 +0000 Received: ("Tessian outbound 28955e0c1ca8:v40"); Mon, 20 Jan 2020 11:14:29 +0000 X-CheckRecipientChecked: true X-CR-MTA-CID: d073088bfb04a028 X-CR-MTA-TID: 64aa7808 Received: from af1b8095a747.1 by 64aa7808-outbound-1.mta.getcheckrecipient.com id CA6FD949-0278-4F7B-9351-4077D3D2C431.1; Mon, 20 Jan 2020 11:14:24 +0000 Received: from EUR05-AM6-obe.outbound.protection.outlook.com by 64aa7808-outbound-1.mta.getcheckrecipient.com with ESMTPS id af1b8095a747.1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384); Mon, 20 Jan 2020 11:14:24 +0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=efh1zY4JEiFbppS57woH746cRTnzV6HYSCugs8XIP5IYenr2t2Uegn/8VPKtV0hRprfkZWFz7MW9cH4DVjtpF36TRF3bCtEHVxzsSTRvi21oH0qx+U1ab/ugbIm1gLndNGxTmPjVir93Ajx8ZX82bXDqW/rIikTJLZt49nvQ2FOw/bPXKys1azTg6or+bI1LFL4W2s+o6FVNuzZljZg4AmXVMWd3h/K6jAa1/hwpy6uITcGVTstdebLL3qnB9JCGLvA6GFjIbIMvabW7kAIB2SgKGLqrhZ8RfJlmTeWTxopPzs6s8U6wov+U3i+OH8I7taFBt8srFVeDWVKpd7aw4g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=GkCTLbze6b09g15z91J55w0GvF2YPLs1pU1bdDWDKWA=; b=oG7o8oSeIECKYWV7ZCke/Bg93XdKcZLNm39ecG/UFit78lH3iTRvElyRyvIqhWq8uM84I2s/cnlF1d+H2/E3tL8QQu84vuKLB17zYVc1cXevu/2E768G2G/yJ2SZs6BxTwNRxeI1bJ/0YEYJ6F0JShSIljui6/tErGLYrmozGXVE99arg9Ntz2JC82ZzAIHgCmbQsABzXptg1A/bWnKkXX2Q4xEZcsgUwThp//4m3iDbdoZ+K3HfXPp7rPJw6oyXi+YAKQlvUZvnp/1RtstCQTs6A5EDJ6OIRG4plPZy+TLGalqYZJV3dl/aId/oRYVL+pdf/UjeQ7n9KoXkv1UVtQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 40.67.248.234) smtp.rcpttodomain=edk2.groups.io smtp.mailfrom=arm.com; dmarc=bestguesspass action=none header.from=arm.com; dkim=none (message not signed); arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=GkCTLbze6b09g15z91J55w0GvF2YPLs1pU1bdDWDKWA=; b=it6CJyKZEHVz2wCq8wlhvQq3w+O4Xg+DpMz3jtc2KAR9YW+9UYXw+n6iVMZUrjiQPJbw/0Sb0RuM/cVFtsQSt7V6c1aae89Weda1APl262EV2aTIU27wP6Xb+Ncdtvv6hYp4lVaKgQNl1jDQIP5L+4Uq7clyEcqDx7T6D/PFD7U= Received: from AM4PR08CA0053.eurprd08.prod.outlook.com (2603:10a6:205:2::24) by DBBPR08MB4331.eurprd08.prod.outlook.com (2603:10a6:10:c4::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2644.23; Mon, 20 Jan 2020 11:14:22 +0000 Received: from VE1EUR03FT045.eop-EUR03.prod.protection.outlook.com (2a01:111:f400:7e09::208) by AM4PR08CA0053.outlook.office365.com (2603:10a6:205:2::24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2644.19 via Frontend Transport; Mon, 20 Jan 2020 11:14:22 +0000 Authentication-Results-Original: spf=pass (sender IP is 40.67.248.234) smtp.mailfrom=arm.com; edk2.groups.io; dkim=none (message not signed) header.d=none;edk2.groups.io; dmarc=bestguesspass action=none header.from=arm.com; Received-SPF: Pass (protection.outlook.com: domain of arm.com designates 40.67.248.234 as permitted sender) receiver=protection.outlook.com; client-ip=40.67.248.234; helo=nebula.arm.com; Received: from nebula.arm.com (40.67.248.234) by VE1EUR03FT045.mail.protection.outlook.com (10.152.19.51) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.2644.23 via Frontend Transport; Mon, 20 Jan 2020 11:14:22 +0000 Received: from AZ-NEU-EX04.Arm.com (10.251.24.32) by AZ-NEU-EX04.Arm.com (10.251.24.32) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1415.2; Mon, 20 Jan 2020 11:14:08 +0000 Received: from E119924.Arm.com (10.37.9.56) by mail.arm.com (10.251.24.32) with Microsoft SMTP Server id 15.1.1415.2 via Frontend Transport; Mon, 20 Jan 2020 11:14:08 +0000 From: "Krzysztof Koch" To: CC: , , , , Subject: [PATCH v3 09/11] ShellPkg: acpiview: IORT: Validate global pointers before use Date: Mon, 20 Jan 2020 11:13:49 +0000 Message-ID: <20200120111351.29184-10-krzysztof.koch@arm.com> X-Mailer: git-send-email 2.16.2.windows.1 In-Reply-To: <20200120111351.29184-1-krzysztof.koch@arm.com> References: <20200120111351.29184-1-krzysztof.koch@arm.com> MIME-Version: 1.0 X-EOPAttributedMessage: 1 X-MS-Office365-Filtering-HT: Tenant X-Forefront-Antispam-Report-Untrusted: CIP:40.67.248.234;IPV:;CTRY:IE;EFV:NLI;SFV:NSPM;SFS:(10009020)(4636009)(376002)(136003)(39860400002)(346002)(396003)(189003)(199004)(2906002)(186003)(336012)(36756003)(478600001)(426003)(70206006)(44832011)(15650500001)(70586007)(4326008)(26005)(8936002)(2616005)(6916009)(81166006)(81156014)(1076003)(6666004)(7696005)(86362001)(5660300002)(19627235002)(316002)(356004)(8676002)(54906003);DIR:OUT;SFP:1101;SCL:1;SRVR:DBBPR08MB4331;H:nebula.arm.com;FPR:;SPF:Pass;LANG:en;PTR:InfoDomainNonexistent;MX:1;A:1; X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: a0a7853b-c677-4c9a-76a4-08d79d99eb01 X-MS-TrafficTypeDiagnostic: DBBPR08MB4331:|VI1PR0802MB2302: X-Microsoft-Antispam-PRVS: x-checkrecipientrouted: true NoDisclaimer: True X-MS-Oob-TLC-OOBClassifiers: OLM:6430;OLM:6430; X-Forefront-PRVS: 0288CD37D9 X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam-Untrusted: BCL:0; X-Microsoft-Antispam-Message-Info-Original: vCKmamIF7bINm+Uh1Fwc1JR9dY61IJN0YSlt6Y+NrUa20rAZCBn8sdOn0FrP/CmGO4yHn0FNcdt0Ut3hG4CIZHzeCqz2bpPb7CQ03l4eLqPRFISqQJVKcBSx2H/nKnNb/X5EWyUtn76Otkq9Vnbws+lUaSPfsCJCZaNcsMcrehm/SoL3epZwGZNzYrF4kafEIHvnA99p8ecqbUUe76+flpDmiTl+yckKYFOvjGrQPhhpli5jqPtSKFts3PfJ4L4BAwFYHQUWIvyHN9/ZxBgRiQj6FVBiKKtCYkWUYW6iEhK9XaXjRhgQIxcF8iUpZ/v5kV3WanAWhHONh9Zzl8I4KWgy9kF3j/H7kX0bwGRI+fWuj30a68STJEEyGRp6fZrO+dLGF5fHDmmTAoMA0dXflrvnj+iYfe38uhZLrYIcxuViv749OjEPz4Zk43l9UJkK X-MS-Exchange-Transport-CrossTenantHeadersStamped: DBBPR08MB4331 Original-Authentication-Results: spf=pass (sender IP is 40.67.248.234) smtp.mailfrom=arm.com; edk2.groups.io; dkim=none (message not signed) header.d=none;edk2.groups.io; dmarc=bestguesspass action=none header.from=arm.com; Return-Path: Krzysztof.Koch@arm.com X-MS-Exchange-Transport-CrossTenantHeadersStripped: AM5EUR03FT009.eop-EUR03.prod.protection.outlook.com X-Forefront-Antispam-Report: CIP:63.35.35.123;IPV:CAL;SCL:-1;CTRY:IE;EFV:NLI;SFV:NSPM;SFS:(10009020)(4636009)(136003)(376002)(39860400002)(346002)(396003)(189003)(199004)(2906002)(8936002)(19627235002)(478600001)(36756003)(426003)(6666004)(26005)(2616005)(54906003)(44832011)(36906005)(26826003)(336012)(4326008)(1076003)(15650500001)(5660300002)(316002)(86362001)(186003)(6916009)(70586007)(81156014)(8676002)(7696005)(70206006)(81166006);DIR:OUT;SFP:1101;SCL:1;SRVR:VI1PR0802MB2302;H:64aa7808-outbound-1.mta.getcheckrecipient.com;FPR:;SPF:Pass;LANG:en;PTR:ec2-63-35-35-123.eu-west-1.compute.amazonaws.com;MX:1;A:1; X-MS-Office365-Filtering-Correlation-Id-Prvs: 1dcaf466-6f26-4e32-5ca2-08d79d99e6d0 X-Forefront-PRVS: 0288CD37D9 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: mKoRDe/IC8JHHlXdnbVle25B0ElydnBRs6rTCeGEMozTC+n74LsqcYFU/9gbLzAFq4h5FSeZTSzfWeKDO+oUbMETCtIyf0IpIgQS7DX73KOlB+bRUHRSk1Lqlc+iZCXoempuRXIeIJed3/C5SjP+iETjHUSC1K5ZZCXtN62ZgHgOmUx6cF69JdOHHU/1K2wjxAkgpbpJ7QpcOlEFJiC5dFxXF/ZO9M/nKzfyV4LvfUccVYIiL+yl7tYHHoHExZOlMsKg3b8of7iZE+8qncQAJg+f5D3YRzxUUuEXk6veNZntb0YRSavJJWnDtVJlYUhMHfZEhrOu6jbpX/dg4FyOJpAcgtmWrags8MtMjekbz/Xxq0ExKCHInGQ5NAf2Yn0X5A5Eh0yhG9pEUbJ3Xn4VEtWUSerHze/1bk9JxBjZqUS122XyLXcMJ4PvY9U9qO/h X-OriginatorOrg: arm.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 20 Jan 2020 11:14:29.3912 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: a0a7853b-c677-4c9a-76a4-08d79d99eb01 X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=f34e5979-57d9-4aaa-ad4d-b122a662184d;Ip=[63.35.35.123];Helo=[64aa7808-outbound-1.mta.getcheckrecipient.com] X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR0802MB2302 Content-Type: text/plain Check if global (in the scope of the IORT parser) pointers have been successfully updated before they are used for further table parsing. Signed-off-by: Krzysztof Koch --- Notes: v3: - Rebase on latest master [Krzysztof] v1: - Test against NULL pointers [Krzysztof] ShellPkg/Library/UefiShellAcpiViewCommandLib/Parsers/Iort/IortParser.c | 52 ++++++++++++++++++++ 1 file changed, 52 insertions(+) diff --git a/ShellPkg/Library/UefiShellAcpiViewCommandLib/Parsers/Iort/IortParser.c b/ShellPkg/Library/UefiShellAcpiViewCommandLib/Parsers/Iort/IortParser.c index 72289c7680bc3cd5c444481e8d6a719803202a9b..9d5d937c7b2c19945ca2ad3eba644bdfc09cc3f6 100644 --- a/ShellPkg/Library/UefiShellAcpiViewCommandLib/Parsers/Iort/IortParser.c +++ b/ShellPkg/Library/UefiShellAcpiViewCommandLib/Parsers/Iort/IortParser.c @@ -322,6 +322,20 @@ DumpIortNodeSmmuV1V2 ( PARSER_PARAMS (IortNodeSmmuV1V2Parser) ); + // Check if the values used to control the parsing logic have been + // successfully read. + if ((InterruptContextCount == NULL) || + (InterruptContextOffset == NULL) || + (PmuInterruptCount == NULL) || + (PmuInterruptOffset == NULL)) { + IncrementErrorCount (); + Print ( + L"ERROR: Insufficient SMMUv1/2 node length. Length = %d\n", + Length + ); + return; + } + Offset = *InterruptContextOffset; Index = 0; @@ -433,6 +447,17 @@ DumpIortNodeIts ( PARSER_PARAMS (IortNodeItsParser) ); + // Check if the values used to control the parsing logic have been + // successfully read. + if (ItsCount == NULL) { + IncrementErrorCount (); + Print ( + L"ERROR: Insufficient ITS group length. Length = %d.\n", + Length + ); + return; + } + Index = 0; while ((Index < *ItsCount) && @@ -617,6 +642,18 @@ ParseAcpiIort ( PARSER_PARAMS (IortParser) ); + // Check if the values used to control the parsing logic have been + // successfully read. + if ((IortNodeCount == NULL) || + (IortNodeOffset == NULL)) { + IncrementErrorCount (); + Print ( + L"ERROR: Insufficient table length. AcpiTableLength = %d.\n", + AcpiTableLength + ); + return; + } + Offset = *IortNodeOffset; NodePtr = Ptr + Offset; Index = 0; @@ -635,6 +672,21 @@ ParseAcpiIort ( PARSER_PARAMS (IortNodeHeaderParser) ); + // Check if the values used to control the parsing logic have been + // successfully read. + if ((IortNodeType == NULL) || + (IortNodeLength == NULL) || + (IortIdMappingCount == NULL) || + (IortIdMappingOffset == NULL)) { + IncrementErrorCount (); + Print ( + L"ERROR: Insufficient remaining table buffer length to read the " \ + L"IORT node header. Length = %d.\n", + AcpiTableLength - Offset + ); + return; + } + // Make sure the IORT Node is inside the table if ((Offset + (*IortNodeLength)) > AcpiTableLength) { IncrementErrorCount (); -- 'Guid(CE165669-3EF3-493F-B85D-6190EE5B9759)'