From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from linux.microsoft.com (linux.microsoft.com [13.77.154.182]) by mx.groups.io with SMTP id smtpd.web11.17962.1676303382236707384 for ; Mon, 13 Feb 2023 07:49:42 -0800 Authentication-Results: mx.groups.io; dkim=fail reason="body hash did not verify" header.i=@linux.microsoft.com header.s=default header.b=nC8sdRdi; spf=pass (domain: linux.microsoft.com, ip: 13.77.154.182, mailfrom: mikuback@linux.microsoft.com) Received: from localhost.localdomain (unknown [47.201.8.94]) by linux.microsoft.com (Postfix) with ESMTPSA id 5332720C8B73; Mon, 13 Feb 2023 07:49:40 -0800 (PST) DKIM-Filter: OpenDKIM Filter v2.11.0 linux.microsoft.com 5332720C8B73 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.microsoft.com; s=default; t=1676303381; bh=yFB7jszTcJpEtHndWstcW9yuewZZ9yyzQNErn1MTJ5g=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=nC8sdRdiSix8W7/gCm0fH9AtLN9de3ikqqST7YgRPe0p0laMwZnpIUtb/zA4G9HHM boOhBlv1SAMiU2Z2lp0LP1TV/3+ayo/bxJJppcai+7V6Ug0nodhqhsMSggCKECoxFq ed0HBiTIG1GI3ZEXNsx3ROte2ia9VcrsfeSRJnm0= From: "Michael Kubacki" To: devel@edk2.groups.io Cc: Dandan Bi , Erich McMillan , Jian J Wang , Liming Gao , Michael Kubacki , Star Zeng , Zhichao Gao , Zhiguang Liu , Michael Kubacki Subject: [PATCH v3 01/12] MdeModulePkg/SmbiosDxe: Fix pointer and buffer overflow CodeQL alerts Date: Mon, 13 Feb 2023 10:48:57 -0500 Message-Id: <20230213154908.1993-2-mikuback@linux.microsoft.com> X-Mailer: git-send-email 2.28.0.windows.1 In-Reply-To: <20230213154908.1993-1-mikuback@linux.microsoft.com> References: <20230213154908.1993-1-mikuback@linux.microsoft.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable From: Erich McMillan Details for these CodeQL alerts can be found here: - Pointer overflow check (cpp/pointer-overflow-check): - https://cwe.mitre.org/data/definitions/758.html - Potential buffer overflow check (cpp/potential-buffer-overflow): - https://cwe.mitre.org/data/definitions/676.html CodeQL alert: - Line 1612 in MdeModulePkg/Universal/SmbiosDxe/SmbiosDxe.c - Type: Pointer overflow check - Severity: Low - Problem: Range check relying on pointer overflow Cc: Dandan Bi Cc: Erich McMillan Cc: Jian J Wang Cc: Liming Gao Cc: Michael Kubacki Cc: Star Zeng Cc: Zhichao Gao Cc: Zhiguang Liu Co-authored-by: Michael Kubacki Signed-off-by: Erich McMillan Reviewed-by: Liming Gao --- MdeModulePkg/Universal/SmbiosDxe/SmbiosDxe.c | 11 ++++++++--- MdeModulePkg/Universal/SmbiosDxe/SmbiosDxe.inf | 1 + 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/MdeModulePkg/Universal/SmbiosDxe/SmbiosDxe.c b/MdeModulePkg/= Universal/SmbiosDxe/SmbiosDxe.c index 1d43adc7662c..c1da2adc296b 100644 --- a/MdeModulePkg/Universal/SmbiosDxe/SmbiosDxe.c +++ b/MdeModulePkg/Universal/SmbiosDxe/SmbiosDxe.c @@ -8,6 +8,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent **/ =20 #include "SmbiosDxe.h" +#include =20 // // Module Global: @@ -1594,6 +1595,7 @@ ParseAndAddExistingSmbiosTable ( CHAR8 *String; EFI_SMBIOS_HANDLE SmbiosHandle; SMBIOS_STRUCTURE_POINTER SmbiosEnd; + UINTN SafeIntResult; =20 mPrivateData.Smbios.MajorVersion =3D MajorVersion; mPrivateData.Smbios.MinorVersion =3D MinorVersion; @@ -1608,9 +1610,12 @@ ParseAndAddExistingSmbiosTable ( // // Make sure not to access memory beyond SmbiosEnd // - if ((Smbios.Raw + sizeof (SMBIOS_STRUCTURE) > SmbiosEnd.Raw) || - (Smbios.Raw + sizeof (SMBIOS_STRUCTURE) < Smbios.Raw)) - { + Status =3D SafeUintnAdd ((UINTN)Smbios.Raw, sizeof (SMBIOS_STRUCTURE= ), &SafeIntResult); + if (EFI_ERROR (Status)) { + return EFI_INVALID_PARAMETER; + } + + if ((SafeIntResult > (UINTN)SmbiosEnd.Raw) || (SafeIntResult < (UINT= N)Smbios.Raw)) { return EFI_INVALID_PARAMETER; } =20 diff --git a/MdeModulePkg/Universal/SmbiosDxe/SmbiosDxe.inf b/MdeModulePk= g/Universal/SmbiosDxe/SmbiosDxe.inf index c03915a6921f..8b7c74694775 100644 --- a/MdeModulePkg/Universal/SmbiosDxe/SmbiosDxe.inf +++ b/MdeModulePkg/Universal/SmbiosDxe/SmbiosDxe.inf @@ -42,6 +42,7 @@ [LibraryClasses] DebugLib PcdLib HobLib + SafeIntLib =20 [Protocols] gEfiSmbiosProtocolGuid ## PRODUCES --=20 2.28.0.windows.1