From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from EUR05-DB8-obe.outbound.protection.outlook.com (EUR05-DB8-obe.outbound.protection.outlook.com [40.107.20.40]) by mx.groups.io with SMTP id smtpd.web11.8103.1581415290563112639 for ; Tue, 11 Feb 2020 02:01:31 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@armh.onmicrosoft.com header.s=selector2-armh-onmicrosoft-com header.b=FrZIN5Ga; spf=pass (domain: arm.com, ip: 40.107.20.40, mailfrom: krzysztof.koch@arm.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=XIwvIMEX6N0ZHaZeln7yNhPiMxq/dGAEXLuKpi2qn+w=; b=FrZIN5Ga0UPNBh9iEarmVmfNDl8iz4olo27/x4dStvaj7MUD62EFePjlgGC7BGpPjDxwzJGBWoRKuZl3fWEH8j3h2G9CmSv9zEXV2uKaEjjIzHEqEPwdJ9TLUFhk/KxNHF1EBCdvO5IfYucmM5v+/0ce58gtZQJ07apMZ8j/IV0= Received: from VI1PR0802CA0011.eurprd08.prod.outlook.com (2603:10a6:800:aa::21) by VI1PR0801MB1760.eurprd08.prod.outlook.com (2603:10a6:800:51::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2707.23; Tue, 11 Feb 2020 10:01:28 +0000 Received: from AM5EUR03FT022.eop-EUR03.prod.protection.outlook.com (2a01:111:f400:7e08::207) by VI1PR0802CA0011.outlook.office365.com (2603:10a6:800:aa::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2707.21 via Frontend Transport; Tue, 11 Feb 2020 10:01:28 +0000 Authentication-Results: spf=pass (sender IP is 63.35.35.123) smtp.mailfrom=arm.com; edk2.groups.io; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com;edk2.groups.io; dmarc=bestguesspass action=none header.from=arm.com; Received-SPF: Pass (protection.outlook.com: domain of arm.com designates 63.35.35.123 as permitted sender) receiver=protection.outlook.com; client-ip=63.35.35.123; helo=64aa7808-outbound-1.mta.getcheckrecipient.com; Received: from 64aa7808-outbound-1.mta.getcheckrecipient.com (63.35.35.123) by AM5EUR03FT022.mail.protection.outlook.com (10.152.16.79) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2665.18 via Frontend Transport; Tue, 11 Feb 2020 10:01:27 +0000 Received: ("Tessian outbound d1ceabc7047e:v42"); Tue, 11 Feb 2020 10:01:27 +0000 X-CheckRecipientChecked: true X-CR-MTA-CID: 92ca5dbf71e9adee X-CR-MTA-TID: 64aa7808 Received: from a36db324c16e.1 by 64aa7808-outbound-1.mta.getcheckrecipient.com id 98ECE5D7-EC78-4233-B967-90B0F50957BD.1; Tue, 11 Feb 2020 10:01:20 +0000 Received: from EUR04-VI1-obe.outbound.protection.outlook.com by 64aa7808-outbound-1.mta.getcheckrecipient.com with ESMTPS id a36db324c16e.1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384); Tue, 11 Feb 2020 10:01:20 +0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=HrQmNVVw3xVF4I1lmhEtK9jga53MyGWWy2tVATxuyMA5425RwXogV0YEfzMffbEBQlkOLUTYC2z/FxI1ZUy0UfJCWfyGQf6mCOK7VmMNlRVRbhP0S4is1O9lAUxBzYfiLmsmLhSkoOrz/yFTiK/gkCZtUPhJDSQx8Ctx3tofidTyCLVWBwkjEtMpW9smxxO9e+6XWvyJkV2Jt4mr7cgi1rppuAuKH23zOWYgBPtue0hfPmjcgrcbrp8ME5oTZnEn0ZEqUEpU32f1dnVCoP426UjIhG2Jt1F+ZW+ZA247538xNdTpOr9dEVDIAijtKD4/AKOl/lRg3RYqKfbAfQqGfg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=XIwvIMEX6N0ZHaZeln7yNhPiMxq/dGAEXLuKpi2qn+w=; b=VfrN7drpc9BQrJEUkJmLguFX5aj6oXqVlQpvOnSuROSEJB2OJsVdptMv2uXiH/c6GtsfhxaWpjD/zC8R5c54459d6nK0j04OO8vwL3LbTBV1I9IRHPrY3Zz8Jc1QnZB3qj3wjETNujlPMVTczMXRTkxdniguwov41eUsUYF6ekiQnvp4isxxib3USLFLOJe1p8siush17RN0CtkkS5bcTyU6MlU5kGa/q6LG/vR2/4QpH9h1qUIwNg896BorbpY8Ua7r+QkIBVPoYED3tQlrum9HgZpWM2TyZ8zajjInY4M9eFGasvHWGIl66JpJfd62nhRzi207NVq2kARQiw/L/g== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 40.67.248.234) smtp.rcpttodomain=edk2.groups.io smtp.mailfrom=arm.com; dmarc=bestguesspass action=none header.from=arm.com; dkim=none (message not signed); arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=XIwvIMEX6N0ZHaZeln7yNhPiMxq/dGAEXLuKpi2qn+w=; b=FrZIN5Ga0UPNBh9iEarmVmfNDl8iz4olo27/x4dStvaj7MUD62EFePjlgGC7BGpPjDxwzJGBWoRKuZl3fWEH8j3h2G9CmSv9zEXV2uKaEjjIzHEqEPwdJ9TLUFhk/KxNHF1EBCdvO5IfYucmM5v+/0ce58gtZQJ07apMZ8j/IV0= Received: from VI1PR08CA0174.eurprd08.prod.outlook.com (2603:10a6:800:d1::28) by AM6PR08MB3141.eurprd08.prod.outlook.com (2603:10a6:209:4a::31) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2707.29; Tue, 11 Feb 2020 10:01:19 +0000 Received: from VE1EUR03FT021.eop-EUR03.prod.protection.outlook.com (2a01:111:f400:7e09::206) by VI1PR08CA0174.outlook.office365.com (2603:10a6:800:d1::28) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2707.21 via Frontend Transport; Tue, 11 Feb 2020 10:01:19 +0000 Authentication-Results-Original: spf=pass (sender IP is 40.67.248.234) smtp.mailfrom=arm.com; edk2.groups.io; dkim=none (message not signed) header.d=none;edk2.groups.io; dmarc=bestguesspass action=none header.from=arm.com; Received-SPF: Pass (protection.outlook.com: domain of arm.com designates 40.67.248.234 as permitted sender) receiver=protection.outlook.com; client-ip=40.67.248.234; helo=nebula.arm.com; Received: from nebula.arm.com (40.67.248.234) by VE1EUR03FT021.mail.protection.outlook.com (10.152.18.117) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.2665.18 via Frontend Transport; Tue, 11 Feb 2020 10:01:18 +0000 Received: from AZ-NEU-EX03.Arm.com (10.251.24.31) by AZ-NEU-EX03.Arm.com (10.251.24.31) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1415.2; Tue, 11 Feb 2020 10:01:17 +0000 Received: from E119924.Arm.com (10.1.199.55) by mail.arm.com (10.251.24.31) with Microsoft SMTP Server id 15.1.1415.2 via Frontend Transport; Tue, 11 Feb 2020 10:01:17 +0000 From: "Krzysztof Koch" To: CC: , , , , Subject: [PATCH v2 1/1] ShellPkg: acpiview: Validate ACPI table 'Length' field Date: Tue, 11 Feb 2020 10:01:17 +0000 Message-ID: <20200211100117.45860-1-krzysztof.koch@arm.com> X-Mailer: git-send-email 2.16.2.windows.1 MIME-Version: 1.0 X-EOPAttributedMessage: 1 X-MS-Office365-Filtering-HT: Tenant X-Forefront-Antispam-Report-Untrusted: CIP:40.67.248.234;IPV:;CTRY:IE;EFV:NLI;SFV:NSPM;SFS:(10009020)(4636009)(136003)(346002)(396003)(39860400002)(376002)(199004)(189003)(44832011)(8936002)(356004)(5660300002)(26005)(86362001)(7696005)(6916009)(2616005)(1076003)(70586007)(70206006)(478600001)(15650500001)(8676002)(81166006)(81156014)(316002)(336012)(36756003)(426003)(2906002)(966005)(186003)(4326008)(54906003);DIR:OUT;SFP:1101;SCL:1;SRVR:AM6PR08MB3141;H:nebula.arm.com;FPR:;SPF:Pass;LANG:en;PTR:InfoDomainNonexistent;A:1;MX:1; X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: be831123-300a-4376-bb00-08d7aed95c92 X-MS-TrafficTypeDiagnostic: AM6PR08MB3141:|VI1PR0801MB1760: X-Microsoft-Antispam-PRVS: x-checkrecipientrouted: true NoDisclaimer: true X-MS-Oob-TLC-OOBClassifiers: OLM:8273;OLM:8273; X-Forefront-PRVS: 0310C78181 X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam-Untrusted: BCL:0; X-Microsoft-Antispam-Message-Info-Original: AzlKH0oRY5Bh67FcRdLB3RVqDFw12SLpHBaHbo2IUAkEQIO6PUOSEr7urb8UCY4vyaGkjBrMIYh2JJ7YDhYZRv9g1qT3HP1dBI1NUEm3CQNL3fOa5H2yblltA8ILaTMvAJo4gYJO75r0sM3y3xeN2Rthkta0IeCt99MQ7Extxh5ngBxl7rpAmCAw8mdQbEN3YkWrJSuIk0KfJ/MF8vzk08IcPadGjjrfJo/yQyKYiEefK7Np8/yKNMDt+sN9IOwJK+PGJxlN/lOjmGqsxCFdfbBgj2kV52NdnZieKuL1GKTVKM6SCEnFlj64TvpxcYufRWtYTXfrrV+Gg/zj/0KVPUzJYH00HuOSVdalbERiUkUQTRhh/SYFADyp5wDjL2hI54am2qe3Gy7zaAfK3uPH5l/ubzQrKv9BtQH4CWbVNFySoUZ6P7FW5QnLTYk+JXcpUkv8h2V1ZFm1LodEuNXnK9LMZcM2/tBQ73tkR/oJr59NyQM/SXzamPcOWplUv6oeNchQzXRjWC5qOwc0aY5z1A== X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM6PR08MB3141 Original-Authentication-Results: spf=pass (sender IP is 40.67.248.234) smtp.mailfrom=arm.com; edk2.groups.io; dkim=none (message not signed) header.d=none;edk2.groups.io; dmarc=bestguesspass action=none header.from=arm.com; Return-Path: Krzysztof.Koch@arm.com X-MS-Exchange-Transport-CrossTenantHeadersStripped: AM5EUR03FT022.eop-EUR03.prod.protection.outlook.com X-Forefront-Antispam-Report: CIP:63.35.35.123;IPV:CAL;SCL:-1;CTRY:IE;EFV:NLI;SFV:NSPM;SFS:(10009020)(4636009)(136003)(376002)(346002)(396003)(39860400002)(189003)(199004)(2616005)(86362001)(36906005)(8936002)(6916009)(5660300002)(316002)(70586007)(426003)(70206006)(1076003)(8676002)(7696005)(478600001)(2906002)(26826003)(15650500001)(4326008)(26005)(966005)(81166006)(81156014)(54906003)(44832011)(36756003)(186003)(336012);DIR:OUT;SFP:1101;SCL:1;SRVR:VI1PR0801MB1760;H:64aa7808-outbound-1.mta.getcheckrecipient.com;FPR:;SPF:Pass;LANG:en;PTR:ec2-63-35-35-123.eu-west-1.compute.amazonaws.com;MX:1;A:1; X-MS-Office365-Filtering-Correlation-Id-Prvs: 3a9f1522-6883-42ca-ee28-08d7aed9571e X-Forefront-PRVS: 0310C78181 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: AyfpL5vdUGmk82KXu3bYTe4lGgLu9mqr8FvhnqmG8lfDXs7tNM1F4bQ4REfVQ3ODrD8/K/V3jx3VYLRiKRySc+BT38NbTnHE32D1QG7yzVjs0BqPGPuYR5BQ8psFVOykzcqKfVhkXm+EcuFlEdpLRp4LANWZe24BMPm+YPV0ymTY7cyxwKUF4HOtWgh2L1V4AQhGG1fS02+jYVxFzvnRsKYjgwaBl8v72e+GNs+VQqAoIXV5mHJe052VtYbtKugbwSRQVSv22G1P0DdQw/0C97OomSQtA7snIqobSlsvTXrttKovDZeNwonzwqehZdUZm2kwDaUiMoPJjLggUVRPLX8qfz++z20KOPCXMurKmdnzLsUh172lmOGjSHOPJew++o7L/8bPo8XEbG4L7sLdzwQlPrSUGdbglh3AEQlfaD/rUQDIWdkcAd71lT/FL/jxG8Zb8rBMz8fmZjY2z2T2S3n3UmkRsoQtttA5nBY3APNWXKoqFt8WbRx5sPhyjrxMOGj4LMQhcG29k3nuQKQz2Q== X-OriginatorOrg: arm.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 11 Feb 2020 10:01:27.9730 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: be831123-300a-4376-bb00-08d7aed95c92 X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=f34e5979-57d9-4aaa-ad4d-b122a662184d;Ip=[63.35.35.123];Helo=[64aa7808-outbound-1.mta.getcheckrecipient.com] X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR0801MB1760 Content-Type: text/plain Check if the ACPI table length, as reported in the ACPI table header, is big enough to fit at least the header itself. If not, report an error to the user and stop parsing the table in order to prevent buffer overruns. Signed-off-by: Krzysztof Koch --- Changes can be seet at: https://github.com/KrzysztofKoch1/edk2/pull/new/650_add_checks_process_acpi_table_v2 Notes: v2: - Change code comment style [Zhichao] v1: - Validate ACPI table length [Krzysztof] ShellPkg/Library/UefiShellAcpiViewCommandLib/AcpiTableParser.c | 20 +++++++++++++++++++- 1 file changed, 19 insertions(+), 1 deletion(-) diff --git a/ShellPkg/Library/UefiShellAcpiViewCommandLib/AcpiTableParser.c b/ShellPkg/Library/UefiShellAcpiViewCommandLib/AcpiTableParser.c index d5500bcb2b4a55c7a69f45444aa49d36d2c1694f..501967c4dde680809c56e5d79ed744a1013a69e1 100644 --- a/ShellPkg/Library/UefiShellAcpiViewCommandLib/AcpiTableParser.c +++ b/ShellPkg/Library/UefiShellAcpiViewCommandLib/AcpiTableParser.c @@ -1,7 +1,7 @@ /** @file ACPI table parser - Copyright (c) 2016 - 2019, ARM Limited. All rights reserved. + Copyright (c) 2016 - 2020, ARM Limited. All rights reserved. SPDX-License-Identifier: BSD-2-Clause-Patent **/ @@ -176,6 +176,7 @@ ProcessAcpiTable ( CONST UINT32* AcpiTableSignature; CONST UINT32* AcpiTableLength; CONST UINT8* AcpiTableRevision; + CONST UINT8* SignaturePtr; PARSE_ACPI_TABLE_PROC ParserProc; ParseAcpiHeader ( @@ -193,6 +194,23 @@ ProcessAcpiTable ( if (Trace) { DumpRaw (Ptr, *AcpiTableLength); + + // Do not process the ACPI table any further if the table length read + // is invalid. The ACPI table should at least contain the table header. + if (*AcpiTableLength < sizeof (EFI_ACPI_DESCRIPTION_HEADER)) { + SignaturePtr = (CONST UINT8*)AcpiTableSignature; + IncrementErrorCount (); + Print ( + L"ERROR: Invalid %c%c%c%c table length. Length = %d\n", + SignaturePtr[0], + SignaturePtr[1], + SignaturePtr[2], + SignaturePtr[3], + *AcpiTableLength + ); + return; + } + if (GetConsistencyChecking ()) { VerifyChecksum (TRUE, Ptr, *AcpiTableLength); } -- 'Guid(CE165669-3EF3-493F-B85D-6190EE5B9759)'