From mboxrd@z Thu Jan 1 00:00:00 1970 Authentication-Results: mx.groups.io; dkim=missing; spf=pass (domain: intel.com, ip: 192.55.52.93, mailfrom: liming.gao@intel.com) Received: from mga11.intel.com (mga11.intel.com [192.55.52.93]) by groups.io with SMTP; Thu, 15 Aug 2019 21:03:21 -0700 X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga005.jf.intel.com ([10.7.209.41]) by fmsmga102.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 15 Aug 2019 21:03:22 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.64,391,1559545200"; d="scan'208";a="352433335" Received: from fmsmsx107.amr.corp.intel.com ([10.18.124.205]) by orsmga005.jf.intel.com with ESMTP; 15 Aug 2019 21:03:20 -0700 Received: from shsmsx153.ccr.corp.intel.com (10.239.6.53) by fmsmsx107.amr.corp.intel.com (10.18.124.205) with Microsoft SMTP Server (TLS) id 14.3.439.0; Thu, 15 Aug 2019 21:03:01 -0700 Received: from shsmsx104.ccr.corp.intel.com ([169.254.5.112]) by SHSMSX153.ccr.corp.intel.com ([169.254.12.215]) with mapi id 14.03.0439.000; Fri, 16 Aug 2019 12:02:58 +0800 From: "Liming Gao" To: "devel@edk2.groups.io" , "krzysztof.koch@arm.com" CC: "Carsey, Jaben" , "Ni, Ray" , "Gao, Zhichao" , "Sami.Mujawar@arm.com" , "Matteo.Carlini@arm.com" , "nd@arm.com" Subject: Re: [edk2-devel] [PATCH v1 00/11] Test against invalid pointers in acpiview Thread-Topic: [edk2-devel] [PATCH v1 00/11] Test against invalid pointers in acpiview Thread-Index: AQHVU2sKXwmCUo0Ig0e7ndOUPYqpjqb9J+Bw Date: Fri, 16 Aug 2019 04:02:57 +0000 Message-ID: <4A89E2EF3DFEDB4C8BFDE51014F606A14E4D233E@SHSMSX104.ccr.corp.intel.com> References: <20190815131121.52644-1-krzysztof.koch@arm.com> In-Reply-To: <20190815131121.52644-1-krzysztof.koch@arm.com> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.239.127.40] MIME-Version: 1.0 Return-Path: liming.gao@intel.com Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Krzysztof: Can you submit BZ in https://bugzilla.tianocore.org/ for this change?= =20 Thanks Liming >-----Original Message----- >From: devel@edk2.groups.io [mailto:devel@edk2.groups.io] On Behalf Of >Krzysztof Koch >Sent: Thursday, August 15, 2019 9:11 PM >To: devel@edk2.groups.io >Cc: Carsey, Jaben ; Ni, Ray ; G= ao, >Zhichao ; Sami.Mujawar@arm.com; >Matteo.Carlini@arm.com; nd@arm.com >Subject: [edk2-devel] [PATCH v1 00/11] Test against invalid pointers in >acpiview > >Prevent the use of invalid pointers when parsing ACPI tables in the UEFI >shell acpiview tool. > >The parsing of ACPI tables is often controlled with the values read >earlier from the same table. For example, the 'Offset' or 'Count' fields >found in a structure are later used to parse the substructures. If such >fields lie outside the structure's buffer length provided, then there >is a possibility for a wild or dangling pointer. > >Currently, if the ParseAcpi() function terminates early because the end >of the input table data buffer has been reached, then the pointers >which were supposed to be updated by this function are left untouched. >This is a security issue as the values pointed to by these pointers are >later used for flow control. > >This patch series aims to solve this security issue by explicitly >initializing any pointers lying outside the input ACPI data buffer to >NULL and testing for NULL whenever these pointers are dereferenced. > >Changes can be seet at: >https://github.com/KrzysztofKoch1/edk2/tree/612_add_pointer_validation_ >v1 > >Krzysztof Koch (11): > ShellPkg: acpiview: Set ItemPtr to NULL for unprocessed table fields > ShellPkg: acpiview: RSDP: Validate global pointer before use > ShellPkg: acpiview: FADT: Validate global pointer before use > ShellPkg: acpiview: SLIT: Validate global pointer before use > ShellPkg: acpiview: SLIT: Validate System Locality count > ShellPkg: acpiview: SRAT: Validate global pointers before use > ShellPkg: acpiview: MADT: Validate global pointers before use > ShellPkg: acpiview: PPTT: Validate global pointers before use > ShellPkg: acpiview: IORT: Validate global pointers before use > ShellPkg: acpiview: GTDT: Validate global pointers before use > ShellPkg: acpiview: DBG2: Validate global pointers before use > > ShellPkg/Library/UefiShellAcpiViewCommandLib/AcpiParser.c |= 9 ++- > ShellPkg/Library/UefiShellAcpiViewCommandLib/Parsers/Dbg2/Dbg2Parser.c >| 43 ++++++++++++++ > ShellPkg/Library/UefiShellAcpiViewCommandLib/Parsers/Fadt/FadtParser.c | >14 +++++ > ShellPkg/Library/UefiShellAcpiViewCommandLib/Parsers/Gtdt/GtdtParser.c >| 37 ++++++++++++ > ShellPkg/Library/UefiShellAcpiViewCommandLib/Parsers/Iort/IortParser.c | >52 +++++++++++++++++ > >ShellPkg/Library/UefiShellAcpiViewCommandLib/Parsers/Madt/MadtParser.c >| 13 +++++ > ShellPkg/Library/UefiShellAcpiViewCommandLib/Parsers/Pptt/PpttParser.c | >25 ++++++++ > ShellPkg/Library/UefiShellAcpiViewCommandLib/Parsers/Rsdp/RsdpParser.c >| 12 ++++ > ShellPkg/Library/UefiShellAcpiViewCommandLib/Parsers/Slit/SlitParser.c |= 61 >++++++++++++++++++-- > ShellPkg/Library/UefiShellAcpiViewCommandLib/Parsers/Srat/SratParser.c | >13 +++++ > 10 files changed, 272 insertions(+), 7 deletions(-) > >-- >'Guid(CE165669-3EF3-493F-B85D-6190EE5B9759)' > > > >