From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by spool.mail.gandi.net (Postfix) with ESMTPS id C16F9740039 for ; Tue, 26 Sep 2023 15:28:56 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=Yup4NQPlJ4JlvzCIsbufvJq0UCS1O8VzP5HCgssbLLw=; c=relaxed/simple; d=groups.io; h=From:To:Cc:Subject:Date:Message-Id:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Type:Content-Transfer-Encoding; s=20140610; t=1695742135; v=1; b=cSd3erFGbxkwOAFGwmsndvF/46LR7KPeTV8MOcm9kxaQ9Atp8Hi1tLqufYVzZ5gY1+zLbJv+ Ohy7y8f5UY9W7lledJwamRU3UJcLmdz3yUthXvNq5Jk3zTmXWgtCO9cRMaWDefbn5vPiR3DtV3i xYfILvmkzjSbxZf6PDKid8Xc= X-Received: by 127.0.0.2 with SMTP id YgLmYY7687511xiY0WdVB4i2; Tue, 26 Sep 2023 08:28:55 -0700 X-Received: from mgamail.intel.com (mgamail.intel.com [192.55.52.151]) by mx.groups.io with SMTP id smtpd.web11.21994.1695742134559549934 for ; Tue, 26 Sep 2023 08:28:54 -0700 X-IronPort-AV: E=McAfee;i="6600,9927,10845"; a="361843587" X-IronPort-AV: E=Sophos;i="6.03,178,1694761200"; d="scan'208";a="361843587" X-Received: from fmsmga004.fm.intel.com ([10.253.24.48]) by fmsmga107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 26 Sep 2023 08:28:53 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10845"; a="819062628" X-IronPort-AV: E=Sophos;i="6.03,178,1694761200"; d="scan'208";a="819062628" X-Received: from malbecki-mobl2.igk.intel.com ([10.217.182.137]) by fmsmga004-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 26 Sep 2023 08:28:51 -0700 From: "Albecki, Mateusz" To: devel@edk2.groups.io Cc: Mateusz Albecki , Michael D Kinney , Liming Gao , Zhiguang Liu Subject: [edk2-devel] [PATCH 0/1] MdePkg/UefiDevicePathLib: Fix buffer overflows in DevPathToTextAcpiEx Date: Tue, 26 Sep 2023 17:28:29 +0200 Message-Id: <20230926152830.1394883-1-mateusz.albecki@intel.com> MIME-Version: 1.0 Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,mateusz.albecki@intel.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: X-Gm-Message-State: ZpcVKCITnHtB8fEVKdxpYpT0x7686176AA= Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20140610 header.b=cSd3erFG; dmarc=fail reason="SPF not aligned (relaxed), DKIM not aligned (relaxed)" header.from=intel.com (policy=none); spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce@groups.io BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D4555 Github PR: https://github.com/tianocore/edk2/pull/4865 Fix for buffer overlows that arise in DevPathToTextAcpiEx when device path = node producer doesn't specify all of the optional strings. Tests: - Booted the platform and confirmed that platform doesn't hang when special= pool is enabled (special pool detects accesses outside of allocated pool) - Examined the output of the DevPathToTextAcpiEx, here are some example str= ings: AcpiEx(@@@0000,@@@0000,0x0,INTC10E7,,) - this device path doesn't specify= UIDSTR and CIDSTR PciRoot(0x0)/AcpiEx(UAR0002,@@@0000,0x0,UART2,,) - this device path speci= fies empty UIDSTR and CIDSTR Cc: Michael D Kinney Cc: Liming Gao Cc: Zhiguang Liu Mateusz Albecki (1): MdePkg/UefiDevicePathLib: Fix AcpiEx print logic .../UefiDevicePathLib/DevicePathToText.c | 64 +++++++++++-------- 1 file changed, 37 insertions(+), 27 deletions(-) --=20 2.39.2 --------------------------------------------------------------------- Intel Technology Poland sp. z o.o. ul. Slowackiego 173 | 80-298 Gdansk | Sad Rejonowy Gdansk Polnoc | VII Wydz= ial Gospodarczy Krajowego Rejestru Sadowego - KRS 101882 | NIP 957-07-52-31= 6 | Kapital zakladowy 200.000 PLN. Spolka oswiadcza, ze posiada status duzego przedsiebiorcy w rozumieniu usta= wy z dnia 8 marca 2013 r. o przeciwdzialaniu nadmiernym opoznieniom w trans= akcjach handlowych. Ta wiadomosc wraz z zalacznikami jest przeznaczona dla okreslonego adresata= i moze zawierac informacje poufne. W razie przypadkowego otrzymania tej wi= adomosci, prosimy o powiadomienie nadawcy oraz trwale jej usuniecie; jakiek= olwiek przegladanie lub rozpowszechnianie jest zabronione. This e-mail and any attachments may contain confidential material for the s= ole use of the intended recipient(s). If you are not the intended recipient= , please contact the sender and delete all copies; any review or distributi= on by others is strictly prohibited. -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#109070): https://edk2.groups.io/g/devel/message/109070 Mute This Topic: https://groups.io/mt/101598226/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-