From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from EUR01-VE1-obe.outbound.protection.outlook.com (EUR01-VE1-obe.outbound.protection.outlook.com [40.107.14.45]) by mx.groups.io with SMTP id smtpd.web11.10446.1580401221640516252 for ; Thu, 30 Jan 2020 08:20:22 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@armh.onmicrosoft.com header.s=selector2-armh-onmicrosoft-com header.b=6eg0KdOo; spf=pass (domain: arm.com, ip: 40.107.14.45, mailfrom: krzysztof.koch@arm.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Cx3w4VEP0IAnkUp4AlgvOR2xQVqxdqlcTDWLeDGQfyc=; b=6eg0KdOoy5L4pc+tdlXzaGsxGQtGodkUWKUHArCJaUohZhWUwJBry91elhyjdzDKNFACFpfsZ3AEcmiaBtvyzRfiX6wJFizL/635GiWfBVYttbpjcZBeFky6Z2tY3MkCHA6IjtrzNcKoa1wbq11PSM7NfacGUAZRZNzq6eXENQo= Received: from AM6PR08CA0020.eurprd08.prod.outlook.com (2603:10a6:20b:b2::32) by AM0PR08MB2977.eurprd08.prod.outlook.com (2603:10a6:208:63::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2686.27; Thu, 30 Jan 2020 16:20:19 +0000 Received: from AM5EUR03FT046.eop-EUR03.prod.protection.outlook.com (2a01:111:f400:7e08::204) by AM6PR08CA0020.outlook.office365.com (2603:10a6:20b:b2::32) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2665.21 via Frontend Transport; Thu, 30 Jan 2020 16:20:19 +0000 Authentication-Results: spf=pass (sender IP is 63.35.35.123) smtp.mailfrom=arm.com; edk2.groups.io; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com;edk2.groups.io; dmarc=bestguesspass action=none header.from=arm.com; Received-SPF: Pass (protection.outlook.com: domain of arm.com designates 63.35.35.123 as permitted sender) receiver=protection.outlook.com; client-ip=63.35.35.123; helo=64aa7808-outbound-1.mta.getcheckrecipient.com; Received: from 64aa7808-outbound-1.mta.getcheckrecipient.com (63.35.35.123) by AM5EUR03FT046.mail.protection.outlook.com (10.152.16.164) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2665.18 via Frontend Transport; Thu, 30 Jan 2020 16:20:18 +0000 Received: ("Tessian outbound 62d9cfe08e54:v42"); Thu, 30 Jan 2020 16:20:18 +0000 X-CheckRecipientChecked: true X-CR-MTA-CID: bf25727747c57ee4 X-CR-MTA-TID: 64aa7808 Received: from dd11779c447b.1 by 64aa7808-outbound-1.mta.getcheckrecipient.com id B55DA409-2F65-4EBB-8241-6522CFCCAB49.1; Thu, 30 Jan 2020 16:20:13 +0000 Received: from EUR04-HE1-obe.outbound.protection.outlook.com by 64aa7808-outbound-1.mta.getcheckrecipient.com with ESMTPS id dd11779c447b.1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384); Thu, 30 Jan 2020 16:20:12 +0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ZxzsMOqEcHkENs2D/yHvn4osH6MEv96KhnAfCT5MVDVw1CrdmEDX0g0N6xgUIy+e5BqemsZnsSGmsHWmILY8xZzMuKAJQmQLpM1e9eSwjIQipWCSXiUH4XFNoLPyoJ5uVd0gDWE15uLIMZjd7bRi46to9qgXf4tbMdFBWWl9gjkI4veqFZEBkOvhecehWy7R9DtiVQ/Q2EGOkqwsDoPiJ8dS4uGaUBIp3OlFvyU9K4dT93ys+tMOT+F6eNVaoiB6VV7bt1TzEMGLrE6arE2NNPKB8ShDhIju2xVknl4OwTMvgcnlT9001gpM2MNHhy8ysgj9hT9RAnVl1F19lU6QHA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Cx3w4VEP0IAnkUp4AlgvOR2xQVqxdqlcTDWLeDGQfyc=; b=JItiouJ5g4Zg2exoQNF0TdfWhuJjmHPrELDL9Wj49wFyzDL3v9lLe4Rgwmnv/0J9rNQvEONL8zgV8vChIq9hSHh7KX2IYzebA53hr7n/ehwLnQFO80Ui94uDa3BPo/yr+NSfrwbfMsM0Ps9LhKLkMAmxzbefvQ4atXlwC6SKNxzvuPna0C3JG3qazr8N1DpjPBZ5TVDezWddhXrCxPwSOM3oFzhVoGi+4ehlcUvpboBqvfp0KOmoBEp2BWt4SGImVoRohxLTEC55RA33KI4kp9miee7M19QzyAJxfuth2zZTr9B0eavxSnwtXUDl52havVpgOEWvSt4lrK2rXRiPfw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 40.67.248.234) smtp.rcpttodomain=edk2.groups.io smtp.mailfrom=arm.com; dmarc=bestguesspass action=none header.from=arm.com; dkim=none (message not signed); arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Cx3w4VEP0IAnkUp4AlgvOR2xQVqxdqlcTDWLeDGQfyc=; b=6eg0KdOoy5L4pc+tdlXzaGsxGQtGodkUWKUHArCJaUohZhWUwJBry91elhyjdzDKNFACFpfsZ3AEcmiaBtvyzRfiX6wJFizL/635GiWfBVYttbpjcZBeFky6Z2tY3MkCHA6IjtrzNcKoa1wbq11PSM7NfacGUAZRZNzq6eXENQo= Received: from VI1PR0802CA0040.eurprd08.prod.outlook.com (2603:10a6:800:a9::26) by DB8PR08MB5241.eurprd08.prod.outlook.com (2603:10a6:10:e2::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2665.22; Thu, 30 Jan 2020 16:20:11 +0000 Received: from VE1EUR03FT053.eop-EUR03.prod.protection.outlook.com (2a01:111:f400:7e09::203) by VI1PR0802CA0040.outlook.office365.com (2603:10a6:800:a9::26) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2665.20 via Frontend Transport; Thu, 30 Jan 2020 16:20:10 +0000 Authentication-Results-Original: spf=pass (sender IP is 40.67.248.234) smtp.mailfrom=arm.com; edk2.groups.io; dkim=none (message not signed) header.d=none;edk2.groups.io; dmarc=bestguesspass action=none header.from=arm.com; Received-SPF: Pass (protection.outlook.com: domain of arm.com designates 40.67.248.234 as permitted sender) receiver=protection.outlook.com; client-ip=40.67.248.234; helo=nebula.arm.com; Received: from nebula.arm.com (40.67.248.234) by VE1EUR03FT053.mail.protection.outlook.com (10.152.19.198) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.2665.18 via Frontend Transport; Thu, 30 Jan 2020 16:20:10 +0000 Received: from AZ-NEU-EX01.Emea.Arm.com (10.251.26.4) by AZ-NEU-EX03.Arm.com (10.251.24.31) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256) id 15.1.1415.2; Thu, 30 Jan 2020 16:20:04 +0000 Received: from AZ-NEU-EX03.Arm.com (10.251.24.31) by AZ-NEU-EX01.Emea.Arm.com (10.251.26.4) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1779.2; Thu, 30 Jan 2020 16:20:03 +0000 Received: from E119924.Arm.com (10.1.199.55) by mail.arm.com (10.251.24.31) with Microsoft SMTP Server id 15.1.1415.2 via Frontend Transport; Thu, 30 Jan 2020 16:20:03 +0000 From: "Krzysztof Koch" To: CC: , , , , Subject: [PATCH v1 1/1] ShellPkg: acpiview: Validate ACPI table 'Length' field Date: Thu, 30 Jan 2020 16:19:58 +0000 Message-ID: <20200130161958.40212-1-krzysztof.koch@arm.com> X-Mailer: git-send-email 2.16.2.windows.1 MIME-Version: 1.0 X-EOPAttributedMessage: 1 X-MS-Office365-Filtering-HT: Tenant X-Forefront-Antispam-Report-Untrusted: CIP:40.67.248.234;IPV:;CTRY:IE;EFV:NLI;SFV:NSPM;SFS:(10009020)(4636009)(136003)(346002)(376002)(39860400002)(396003)(189003)(199004)(70586007)(70206006)(186003)(2906002)(26005)(8936002)(316002)(8676002)(81166006)(81156014)(5660300002)(7696005)(44832011)(966005)(15650500001)(356004)(6666004)(1076003)(336012)(36756003)(86362001)(6916009)(426003)(2616005)(478600001)(54906003)(4326008);DIR:OUT;SFP:1101;SCL:1;SRVR:DB8PR08MB5241;H:nebula.arm.com;FPR:;SPF:Pass;LANG:en;PTR:InfoDomainNonexistent;MX:1;A:1; X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 39d7ccd9-0ea9-466d-b45f-08d7a5a04c38 X-MS-TrafficTypeDiagnostic: DB8PR08MB5241:|AM0PR08MB2977: X-Microsoft-Antispam-PRVS: x-checkrecipientrouted: true NoDisclaimer: true X-MS-Oob-TLC-OOBClassifiers: OLM:8273;OLM:8273; X-Forefront-PRVS: 02981BE340 X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam-Untrusted: BCL:0; X-Microsoft-Antispam-Message-Info-Original: ATYPVngGr7PEjzXg2K9XDE+U447t6QmvttBGrUoAEGJmkdr8Ns52qvPkdvpw0jUHmJMaKC/YHvgAdaIVsVlv+a+sUb1eNnOBKgLi6/0Exw7GdzyQMMFb9SnFFCuWGROjh2ocG56n/vsgYPqdRRJgQOKaAQcaN0p9ALmFXPreTDVdIoOIMlKant6TAWrJb11QhcK62ysgzHhzchHW6m0xDG7yCtx83K0g8rm7mrR8ZcA8dHL2QsQ/h0pA34aM8c/Q/rlkWV6pDC3UxYyrMg7Ooo6JXskN8dwOwerUhYfRFeGDRtxd07IhElPCYxnK0T2528jK6gOGFEvXGU+zIwDOQNhjKD7psdSNQ9D1bnqsW8z5olQz6wmujY6hyku9YUy1n7lEm6r6lnv8Yy/d19cgx1WszZil2DR3PjvcKZ/YkUUsJCvE6JF428NZq95AZcnka3TAJ+GQVOdFCO8HSZLFBaK2DWUydpdfj1NhOHzDUia7D0nCIIC6dtpl6pk+XYfSTN4WYQbFZucHHXL9Y4pfew== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB8PR08MB5241 Original-Authentication-Results: spf=pass (sender IP is 40.67.248.234) smtp.mailfrom=arm.com; edk2.groups.io; dkim=none (message not signed) header.d=none;edk2.groups.io; dmarc=bestguesspass action=none header.from=arm.com; Return-Path: Krzysztof.Koch@arm.com X-MS-Exchange-Transport-CrossTenantHeadersStripped: AM5EUR03FT046.eop-EUR03.prod.protection.outlook.com X-Forefront-Antispam-Report: CIP:63.35.35.123;IPV:CAL;SCL:-1;CTRY:IE;EFV:NLI;SFV:NSPM;SFS:(10009020)(4636009)(136003)(39860400002)(376002)(346002)(396003)(189003)(199004)(316002)(54906003)(2616005)(26005)(4326008)(1076003)(336012)(966005)(7696005)(5660300002)(26826003)(426003)(36756003)(478600001)(6666004)(44832011)(15650500001)(186003)(81156014)(36906005)(81166006)(86362001)(70206006)(6916009)(70586007)(8936002)(8676002)(2906002);DIR:OUT;SFP:1101;SCL:1;SRVR:AM0PR08MB2977;H:64aa7808-outbound-1.mta.getcheckrecipient.com;FPR:;SPF:Pass;LANG:en;PTR:ec2-63-35-35-123.eu-west-1.compute.amazonaws.com;MX:1;A:1; X-MS-Office365-Filtering-Correlation-Id-Prvs: 1555a3b7-ebaf-4829-43f7-08d7a5a04767 X-Forefront-PRVS: 02981BE340 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: 9w86ErqYWLjF7MU5PizVS0wxH0BJnPIZcEgFnjw1Sv9ApceVB9snzqrlfE8XSeNy98MJ76Fl0cAyvTG94UH0ZQt2k94p3zhyT5W6+BZDfFBuBYtl4t+/dAaOY+PEv/eIEBUhLNIey96slJN0wjfi8PWq7nIHfZUuJmJO8djhvjmoSMcCH7XU4KikJLQNbrmYKkLPXD3iHlQ8WdPjllHg+/1uVPyn0ITeUCP5w9nBjELX8pVtbAdwgDrZMiInvcK0DhztHW1kytxEr5zILUegx7GdsEPptSaMoHxNdwg37mlSHU4agG/ioM6O4czlHKymf1T+xBBjysjhMG07j+KiHP/DHKl4wKuJm8TJGNwpMrA++N6UFxJe5Qy+eOSV2LUITNitsoZy1s01TY2bOciWoQch7zhSeG+VL5jfdhsZfEsPyVyITiaW/o1t4GCzGiYbRzx5JiaoSQPQNp7r+TPKd0G1svxVoYlrM+5IEIirOFv55H6LPBCpLq3kHbm/zOH2hfUeJLTKvOFNPDwXpVe4xg== X-OriginatorOrg: arm.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 30 Jan 2020 16:20:18.7759 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 39d7ccd9-0ea9-466d-b45f-08d7a5a04c38 X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=f34e5979-57d9-4aaa-ad4d-b122a662184d;Ip=[63.35.35.123];Helo=[64aa7808-outbound-1.mta.getcheckrecipient.com] X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0PR08MB2977 Content-Type: text/plain Check if the ACPI table length, as reported in the ACPI table header, is big enough to fit at least the header itself. If not, report an error to the user and stop parsing the table in order to prevent buffer overruns. Signed-off-by: Krzysztof Koch --- Changes can be seet at: https://github.com/KrzysztofKoch1/edk2/pull/new/650_add_checks_process_acpi_table_v1 Notes: v1: - Validate ACPI table length [Krzysztof] ShellPkg/Library/UefiShellAcpiViewCommandLib/AcpiTableParser.c | 22 +++++++++++++++++++- 1 file changed, 21 insertions(+), 1 deletion(-) diff --git a/ShellPkg/Library/UefiShellAcpiViewCommandLib/AcpiTableParser.c b/ShellPkg/Library/UefiShellAcpiViewCommandLib/AcpiTableParser.c index d5500bcb2b4a55c7a69f45444aa49d36d2c1694f..0c93bca4fc0f7d2f105a7654258e00f714fc1519 100644 --- a/ShellPkg/Library/UefiShellAcpiViewCommandLib/AcpiTableParser.c +++ b/ShellPkg/Library/UefiShellAcpiViewCommandLib/AcpiTableParser.c @@ -1,7 +1,7 @@ /** @file ACPI table parser - Copyright (c) 2016 - 2019, ARM Limited. All rights reserved. + Copyright (c) 2016 - 2020, ARM Limited. All rights reserved. SPDX-License-Identifier: BSD-2-Clause-Patent **/ @@ -176,6 +176,7 @@ ProcessAcpiTable ( CONST UINT32* AcpiTableSignature; CONST UINT32* AcpiTableLength; CONST UINT8* AcpiTableRevision; + CONST UINT8* SignaturePtr; PARSE_ACPI_TABLE_PROC ParserProc; ParseAcpiHeader ( @@ -193,6 +194,25 @@ ProcessAcpiTable ( if (Trace) { DumpRaw (Ptr, *AcpiTableLength); + + /* + Do not process the ACPI table any further if the table length read + is invalid. The ACPI table should at least contain the table header. + */ + if (*AcpiTableLength < sizeof (EFI_ACPI_DESCRIPTION_HEADER)) { + SignaturePtr = (CONST UINT8*)AcpiTableSignature; + IncrementErrorCount (); + Print ( + L"ERROR: Invalid %c%c%c%c table length. Length = %d\n", + SignaturePtr[0], + SignaturePtr[1], + SignaturePtr[2], + SignaturePtr[3], + *AcpiTableLength + ); + return; + } + if (GetConsistencyChecking ()) { VerifyChecksum (TRUE, Ptr, *AcpiTableLength); } -- 'Guid(CE165669-3EF3-493F-B85D-6190EE5B9759)'