From: "wenyi,xie" <xiewenyi2@huawei.com>
To: "Ni, Ray" <ray.ni@intel.com>,
"devel@edk2.groups.io" <devel@edk2.groups.io>,
"Wang, Jian J" <jian.j.wang@intel.com>,
"Gao, Liming" <gaoliming@byosoft.com.cn>,
"Dong, Eric" <eric.dong@intel.com>
Cc: "songdongkuang@huawei.com" <songdongkuang@huawei.com>
Subject: Re: [edk2-devel] [PATCH EDK2 v2 1/1] MdeModulePkg/PiSmmCore:Avoid overflow risk
Date: Wed, 17 Aug 2022 15:37:29 +0800 [thread overview]
Message-ID: <8f349024-e4ad-f7bd-5c95-d49a55512547@huawei.com> (raw)
In-Reply-To: <MWHPR11MB1631F5AED6C610E52E67C3048C6B9@MWHPR11MB1631.namprd11.prod.outlook.com>
On 2022/8/16 9:49, Ni, Ray wrote:
>> --- a/MdeModulePkg/Core/PiSmmCore/PiSmmCore.c
>> +++ b/MdeModulePkg/Core/PiSmmCore/PiSmmCore.c
>> @@ -621,6 +621,9 @@ InternalIsBufferOverlapped (
>> IN UINTN Size2
>> )
>> {
>> + if (((UINTN)Buff1 > MAX_UINTN - Size1) || ((UINTN)Buff2 > MAX_UINTN -
>> Size2)) {
>> + return TRUE;
>> + }
> 1. The change looks good because it avoids integer overflow in below code that adds Size1 to Buff1 and
> adds Size2 to Buff2.
> Can you please add comments to explain the logic?
>
OK, I will add comments.
>
>>
>> + if (CommunicateHeader->MessageLength > MAX_UINTN - OFFSET_OF
>> (EFI_SMM_COMMUNICATE_HEADER, Data)) {
>> + return EFI_INVALID_PARAMETER;
>> + }
> 2. Above check avoids integer overflow in below code that adds CommunicateHeader->MessageLength
> to OFFSET_OF(EFI_SMM_COMMUNICATE_HEADER, Data).
> Can it be moved to inside the below if-clause?
>
>
>> +
>> if (CommSize == NULL) {
>> TempCommSize = OFFSET_OF (EFI_SMM_COMMUNICATE_HEADER, Data)
>> + CommunicateHeader->MessageLength;
>> } else {
> 3. I further reviewed the else-clause logic. When CommSize is not NULL, is that needed to make sure
> that *CommSize >= OFFSET_OF (EFI_SMM_COMMUNICATE_HEADER, Data) + CommunicateHeader->MessageLength?
> Or is the check already in the code somewhere?
> If we think the check is needed, I agree with the change #2 to have a common logic to check integer overflow.
> .When CommSize is not NULL, it seems only CommSize is been used, CommunicateHeader->MessageLength is been ignored, and value of CommSize will been verified before used by SmiHandler.
So I think it's no need make sure that *CommSize >= OFFSET_OF (EFI_SMM_COMMUNICATE_HEADER, Data) + CommunicateHeader->MessageLength.
I will move it to inside if-clause.
Thanks
Wenyi
>
prev parent reply other threads:[~2022-08-17 7:37 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-08-15 11:45 [PATCH EDK2 v2 0/1] MdeModulePkg/PiSmmCore:Avoid overflow risk wenyi,xie
2022-08-15 11:45 ` [PATCH EDK2 v2 1/1] " wenyi,xie
2022-08-16 1:49 ` [edk2-devel] " Ni, Ray
2022-08-17 7:37 ` wenyi,xie [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=8f349024-e4ad-f7bd-5c95-d49a55512547@huawei.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox