From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from linux.microsoft.com (linux.microsoft.com [13.77.154.182]) by mx.groups.io with SMTP id smtpd.web11.10560.1679697057424521658 for ; Fri, 24 Mar 2023 15:30:57 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="body hash did not verify" header.i=@linux.microsoft.com header.s=default header.b=rtLfdfGA; spf=pass (domain: linux.microsoft.com, ip: 13.77.154.182, mailfrom: mikuback@linux.microsoft.com) Received: from localhost.localdomain (unknown [47.201.8.94]) by linux.microsoft.com (Postfix) with ESMTPSA id DD5FE20FC45C; Fri, 24 Mar 2023 15:30:55 -0700 (PDT) DKIM-Filter: OpenDKIM Filter v2.11.0 linux.microsoft.com DD5FE20FC45C DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.microsoft.com; s=default; t=1679697057; bh=80zAgPb8Dkm2wZa4yFTU1uaHNYht/oajyA5z3AzinIM=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=rtLfdfGA5YdY9/nWc2gFXUMuGIkbelQaix39OwUsZj+fo2AygMwokLA54zO4QZK7k /qPAixwA/KoYezV5weK4fTinlAmFVEwb9mOtsy3YlMgK4HnKULgqi/cKdgN5M0LKYn 5lwm82d/ru9hSaELXuthK7Wgp0I4eWejAfkshnrs= From: "Michael Kubacki" To: devel@edk2.groups.io Cc: Dandan Bi , Erich McMillan , Jian J Wang , Liming Gao , Michael Kubacki , Star Zeng , Zhichao Gao , Zhiguang Liu , Michael Kubacki Subject: [PATCH v7 01/12] MdeModulePkg/SmbiosDxe: Fix pointer and buffer overflow CodeQL alerts Date: Fri, 24 Mar 2023 18:30:23 -0400 Message-Id: <20230324223034.1560-2-mikuback@linux.microsoft.com> X-Mailer: git-send-email 2.40.0.windows.1 In-Reply-To: <20230324223034.1560-1-mikuback@linux.microsoft.com> References: <20230324223034.1560-1-mikuback@linux.microsoft.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable From: Erich McMillan Details for these CodeQL alerts can be found here: - Pointer overflow check (cpp/pointer-overflow-check): - https://cwe.mitre.org/data/definitions/758.html - Potential buffer overflow check (cpp/potential-buffer-overflow): - https://cwe.mitre.org/data/definitions/676.html CodeQL alert: - Line 1612 in MdeModulePkg/Universal/SmbiosDxe/SmbiosDxe.c - Type: Pointer overflow check - Severity: Low - Problem: Range check relying on pointer overflow Cc: Dandan Bi Cc: Erich McMillan Cc: Jian J Wang Cc: Liming Gao Cc: Michael Kubacki Cc: Star Zeng Cc: Zhichao Gao Cc: Zhiguang Liu Co-authored-by: Michael Kubacki Signed-off-by: Erich McMillan Reviewed-by: Liming Gao --- MdeModulePkg/Universal/SmbiosDxe/SmbiosDxe.c | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/MdeModulePkg/Universal/SmbiosDxe/SmbiosDxe.c b/MdeModulePkg/= Universal/SmbiosDxe/SmbiosDxe.c index 1d43adc7662c..dd077bb0cf19 100644 --- a/MdeModulePkg/Universal/SmbiosDxe/SmbiosDxe.c +++ b/MdeModulePkg/Universal/SmbiosDxe/SmbiosDxe.c @@ -1608,9 +1608,7 @@ ParseAndAddExistingSmbiosTable ( // // Make sure not to access memory beyond SmbiosEnd // - if ((Smbios.Raw + sizeof (SMBIOS_STRUCTURE) > SmbiosEnd.Raw) || - (Smbios.Raw + sizeof (SMBIOS_STRUCTURE) < Smbios.Raw)) - { + if ((UINTN)(SmbiosEnd.Raw - Smbios.Raw) < sizeof (SMBIOS_STRUCTURE))= { return EFI_INVALID_PARAMETER; } =20 @@ -1625,9 +1623,7 @@ ParseAndAddExistingSmbiosTable ( // Make sure not to access memory beyond SmbiosEnd // Each structure shall be terminated by a double-null (0000h). // - if ((Smbios.Raw + Smbios.Hdr->Length + 2 * sizeof (UINT8) > SmbiosEn= d.Raw) || - (Smbios.Raw + Smbios.Hdr->Length + 2 * sizeof (UINT8) < Smbios.R= aw)) - { + if ((UINTN)(SmbiosEnd.Raw - Smbios.Raw) < (Smbios.Hdr->Length + 2U))= { return EFI_INVALID_PARAMETER; } =20 --=20 2.40.0.windows.1