From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from linux.microsoft.com (linux.microsoft.com [13.77.154.182]) by mx.groups.io with SMTP id smtpd.web08.85.1668015186209452397 for ; Wed, 09 Nov 2022 09:33:06 -0800 Authentication-Results: mx.groups.io; dkim=fail reason="body hash did not verify" header.i=@linux.microsoft.com header.s=default header.b=Lpkzap55; spf=pass (domain: linux.microsoft.com, ip: 13.77.154.182, mailfrom: mikuback@linux.microsoft.com) Received: from localhost.localdomain (unknown [47.201.8.94]) by linux.microsoft.com (Postfix) with ESMTPSA id 977E620B9F82; Wed, 9 Nov 2022 09:33:04 -0800 (PST) DKIM-Filter: OpenDKIM Filter v2.11.0 linux.microsoft.com 977E620B9F82 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.microsoft.com; s=default; t=1668015185; bh=E48bcTYep4JQR/rfq6jO7CTR47xkPL03A9QOA2F/a5o=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=Lpkzap55zxr61P+azRupMpxJUNyMjyMbnKt20KvV8sEGT7TXtxgq+TxSIV3UGRYih h29Yf72SMruJjzxJhv8jJTSBUl6AAi10qC48Ezt3KUa+58GTkESDVgdtF6HDwwYjpI lcvpKZJtlNqgV8UiaoM5/oOlcu32tIc5RMGbd9cU= From: "Michael Kubacki" To: devel@edk2.groups.io Cc: Dandan Bi , Erich McMillan , Jian J Wang , Liming Gao , Michael Kubacki , Star Zeng , Zhichao Gao , Zhiguang Liu , Michael Kubacki Subject: [PATCH v1 01/12] MdeModulePkg/SmbiosDxe: Fix pointer and buffer overflow CodeQL alerts Date: Wed, 9 Nov 2022 12:32:35 -0500 Message-Id: <20221109173246.174-2-mikuback@linux.microsoft.com> X-Mailer: git-send-email 2.28.0.windows.1 In-Reply-To: <20221109173246.174-1-mikuback@linux.microsoft.com> References: <20221109173246.174-1-mikuback@linux.microsoft.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable From: Erich McMillan Details for these CodeQL alerts can be found here: - Pointer overflow check (cpp/pointer-overflow-check): - https://cwe.mitre.org/data/definitions/758.html - Potential buffer overflow check (cpp/potential-buffer-overflow): - https://cwe.mitre.org/data/definitions/676.html CodeQL alert: - Line 1612 in MdeModulePkg/Universal/SmbiosDxe/SmbiosDxe.c - Type: Pointer overflow check - Severity: Low - Problem: Range check relying on pointer overflow Cc: Dandan Bi Cc: Erich McMillan Cc: Jian J Wang Cc: Liming Gao Cc: Michael Kubacki Cc: Star Zeng Cc: Zhichao Gao Cc: Zhiguang Liu Co-authored-by: Michael Kubacki Signed-off-by: Erich McMillan --- MdeModulePkg/Universal/SmbiosDxe/SmbiosDxe.c | 4 +++- MdeModulePkg/Universal/SmbiosDxe/SmbiosDxe.inf | 1 + 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/MdeModulePkg/Universal/SmbiosDxe/SmbiosDxe.c b/MdeModulePkg/= Universal/SmbiosDxe/SmbiosDxe.c index 1d43adc7662c..03eca4e6b103 100644 --- a/MdeModulePkg/Universal/SmbiosDxe/SmbiosDxe.c +++ b/MdeModulePkg/Universal/SmbiosDxe/SmbiosDxe.c @@ -8,6 +8,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent **/ =20 #include "SmbiosDxe.h" +#include =20 // // Module Global: @@ -1594,6 +1595,7 @@ ParseAndAddExistingSmbiosTable ( CHAR8 *String; EFI_SMBIOS_HANDLE SmbiosHandle; SMBIOS_STRUCTURE_POINTER SmbiosEnd; + UINTN SafeIntResult; =20 mPrivateData.Smbios.MajorVersion =3D MajorVersion; mPrivateData.Smbios.MinorVersion =3D MinorVersion; @@ -1609,7 +1611,7 @@ ParseAndAddExistingSmbiosTable ( // Make sure not to access memory beyond SmbiosEnd // if ((Smbios.Raw + sizeof (SMBIOS_STRUCTURE) > SmbiosEnd.Raw) || - (Smbios.Raw + sizeof (SMBIOS_STRUCTURE) < Smbios.Raw)) + EFI_ERROR (SafeUintnAdd ((UINTN)Smbios.Raw, sizeof (SMBIOS_STRUC= TURE), &SafeIntResult))) { return EFI_INVALID_PARAMETER; } diff --git a/MdeModulePkg/Universal/SmbiosDxe/SmbiosDxe.inf b/MdeModulePk= g/Universal/SmbiosDxe/SmbiosDxe.inf index c03915a6921f..8b7c74694775 100644 --- a/MdeModulePkg/Universal/SmbiosDxe/SmbiosDxe.inf +++ b/MdeModulePkg/Universal/SmbiosDxe/SmbiosDxe.inf @@ -42,6 +42,7 @@ [LibraryClasses] DebugLib PcdLib HobLib + SafeIntLib =20 [Protocols] gEfiSmbiosProtocolGuid ## PRODUCES --=20 2.28.0.windows.1