From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from EUR01-HE1-obe.outbound.protection.outlook.com (EUR01-HE1-obe.outbound.protection.outlook.com [40.107.13.59]) by mx.groups.io with SMTP id smtpd.web11.3024.1580720859319413794 for ; Mon, 03 Feb 2020 01:07:40 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@armh.onmicrosoft.com header.s=selector2-armh-onmicrosoft-com header.b=zTL2J5/7; spf=pass (domain: arm.com, ip: 40.107.13.59, mailfrom: krzysztof.koch@arm.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=T1U1W+Ql24uwghNpc7WtX0SFG55eTgyZvuRxJ6BypIQ=; b=zTL2J5/7CX7tdbiZFAriPRUYE7lXg+Rvcy1Nwfeo1/7FeiI58IXRxU1ESk9Woc+wxN0bOcQL+GJxJMCg3njVUa5X5KeJjUyNBtKApa0QSHrJRRenMSIyf7Bi77OWarq2JhMh3vSj27Boft/iDMxSeQJbC9vPfCRh+ZVKmoAXMhA= Received: from HE1PR0802CA0019.eurprd08.prod.outlook.com (2603:10a6:3:bd::29) by AM6PR08MB5218.eurprd08.prod.outlook.com (2603:10a6:20b:ca::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2686.32; Mon, 3 Feb 2020 09:07:29 +0000 Received: from DB5EUR03FT053.eop-EUR03.prod.protection.outlook.com (2a01:111:f400:7e0a::201) by HE1PR0802CA0019.outlook.office365.com (2603:10a6:3:bd::29) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2686.30 via Frontend Transport; Mon, 3 Feb 2020 09:07:29 +0000 Authentication-Results: spf=pass (sender IP is 63.35.35.123) smtp.mailfrom=arm.com; edk2.groups.io; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com;edk2.groups.io; dmarc=bestguesspass action=none header.from=arm.com; Received-SPF: Pass (protection.outlook.com: domain of arm.com designates 63.35.35.123 as permitted sender) receiver=protection.outlook.com; client-ip=63.35.35.123; helo=64aa7808-outbound-1.mta.getcheckrecipient.com; Received: from 64aa7808-outbound-1.mta.getcheckrecipient.com (63.35.35.123) by DB5EUR03FT053.mail.protection.outlook.com (10.152.21.119) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2665.18 via Frontend Transport; Mon, 3 Feb 2020 09:07:29 +0000 Received: ("Tessian outbound da94dc68d1bb:v42"); Mon, 03 Feb 2020 09:07:28 +0000 X-CR-MTA-TID: 64aa7808 Received: from 6beb0ac558dc.2 by 64aa7808-outbound-1.mta.getcheckrecipient.com id 2145FFE9-DA1C-49BA-8592-C68F290BAAA9.1; Mon, 03 Feb 2020 09:07:23 +0000 Received: from EUR03-AM5-obe.outbound.protection.outlook.com by 64aa7808-outbound-1.mta.getcheckrecipient.com with ESMTPS id 6beb0ac558dc.2 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384); Mon, 03 Feb 2020 09:07:23 +0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=kh0yyz+5dw13vt2F7W32vN6zttojIaoNsU0vzEB+mErWOmDs0Hsv9v7CaSPkxdu2ST3TZzTSlViCh1nKydBZDKyfCViMCryp3uUg8zmQZ9333hOrHs+TxAPyaQNdturUnhdwTuuwb4vMmcuV22Ajt08ghizjE+9TWhaF6EzIyWVZhop9KcUB3nlU1/9qCaNLxhuOFftk1fbSbuUURugPSenDADn9elSW332uMm7dDy5w8BXZheE237rvRWg0JKmf704t8pVlD6rNkbFmwrkzMnfFpm3sTs88+YyHGbF9shssXABvApIW7hrKAaZYHPzQzB6BXEB+JUQWKiYJcKxDmA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=T1U1W+Ql24uwghNpc7WtX0SFG55eTgyZvuRxJ6BypIQ=; b=OT/pCqoqvDYXTpzc0ilwOudyqxN9ovPhxqSxmCwWkBuT8+rMfxyrvUlhPuZ3m5GqwBoAfAYywYSNRlwKZTmIs0U3OWugo3ipempzKSRSoDGGNdbnwuZUhjqPKThxX/lVNaCgIzoektbq5qILdIi4Vl3qebsKnYiCks8iJKqn0QMwXne1XZZJyQiue2QeZDqFbO0BPbFg2DoQ02FMt3GDaEu7HE2IE4Hf8kIZcthD8ulgASn6b5nYKl9uQHAiqS4pgfmvqQ4pFv3BMZTEBz/SBI8nW1CvDnHgKmy3LChZ/c+DB4B/Vm9BX1vwl7+To4znY9LbrAZ1Xbvi+Yzli1H2Fg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=T1U1W+Ql24uwghNpc7WtX0SFG55eTgyZvuRxJ6BypIQ=; b=zTL2J5/7CX7tdbiZFAriPRUYE7lXg+Rvcy1Nwfeo1/7FeiI58IXRxU1ESk9Woc+wxN0bOcQL+GJxJMCg3njVUa5X5KeJjUyNBtKApa0QSHrJRRenMSIyf7Bi77OWarq2JhMh3vSj27Boft/iDMxSeQJbC9vPfCRh+ZVKmoAXMhA= Received: from AM5PR0801MB1777.eurprd08.prod.outlook.com (10.169.246.139) by AM5PR0801MB1937.eurprd08.prod.outlook.com (10.168.158.13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2686.29; Mon, 3 Feb 2020 09:07:22 +0000 Received: from AM5PR0801MB1777.eurprd08.prod.outlook.com ([fe80::b4c3:e06e:b199:7af3]) by AM5PR0801MB1777.eurprd08.prod.outlook.com ([fe80::b4c3:e06e:b199:7af3%3]) with mapi id 15.20.2686.031; Mon, 3 Feb 2020 09:07:22 +0000 From: "Krzysztof Koch" To: "devel@edk2.groups.io" CC: "ray.ni@intel.com" , "zhichao.gao@intel.com" , Sami Mujawar , Matteo Carlini , nd Subject: Re: [edk2-devel] [PATCH v3 00/11] Test against invalid pointers in acpiview Thread-Topic: [edk2-devel] [PATCH v3 00/11] Test against invalid pointers in acpiview Thread-Index: AQHVz4LH0Msjf+97GUeR+7BtN/7hQagJQikg Date: Mon, 3 Feb 2020 09:07:22 +0000 Message-ID: References: <15EB9409DB0D0A3E.19926@groups.io> In-Reply-To: <15EB9409DB0D0A3E.19926@groups.io> Accept-Language: en-GB, en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ts-tracking-id: 773ef47d-6c6c-4a9f-9614-4de632516c18.0 x-checkrecipientchecked: true Authentication-Results-Original: spf=none (sender IP is ) smtp.mailfrom=Krzysztof.Koch@arm.com; x-originating-ip: [217.140.106.51] x-ms-publictraffictype: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: 73b89cb6-34c9-450d-2e2c-08d7a8887eaf X-MS-TrafficTypeDiagnostic: AM5PR0801MB1937:|AM5PR0801MB1937:|AM6PR08MB5218: x-ms-exchange-transport-forked: True X-Microsoft-Antispam-PRVS: x-checkrecipientrouted: true nodisclaimer: true x-ms-oob-tlc-oobclassifiers: OLM:9508;OLM:9508; x-forefront-prvs: 0302D4F392 X-Forefront-Antispam-Report-Untrusted: SFV:NSPM;SFS:(10009020)(4636009)(366004)(346002)(136003)(376002)(39860400002)(396003)(199004)(189003)(4326008)(316002)(5660300002)(54906003)(966005)(7696005)(478600001)(86362001)(33656002)(2906002)(6916009)(52536014)(81156014)(81166006)(26005)(8676002)(8936002)(6506007)(53546011)(71200400001)(66446008)(66556008)(66946007)(76116006)(9686003)(66476007)(64756008)(186003)(55016002);DIR:OUT;SFP:1101;SCL:1;SRVR:AM5PR0801MB1937;H:AM5PR0801MB1777.eurprd08.prod.outlook.com;FPR:;SPF:None;LANG:en;PTR:InfoNoRecords;A:1;MX:1; received-spf: None (protection.outlook.com: arm.com does not designate permitted sender hosts) X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam-Untrusted: BCL:0; X-Microsoft-Antispam-Message-Info-Original: jCF6N/JHzxYXjytCFVImOhiDGjHa/RPznqGpdcvG3vfSkvQkxmCyN7KA/tWZrxIyTMshyEGBb7fn578p/j/Lbnjfs516oJgd/sQZcPvYNloD36kA64+IbkTcQgyuqNyClQAPu/3VLGlo2azIV+H+H5NFbpltvD634fyIjYPRmPSPXSU6l1ecjfhY1+D2cwIZJ8DabzDy47+bVP3Ei4DlzGj4lgdvs34b14AzO5q2roRbVtD0rKBzH7yOYmzzIT277rico4cxrgfcg9vDbC2kcqm5O3K+g4mUePPg1Ow0k6kgS6Eeiezm77408TYTbCwN3OEA2mNDPcYxZY/KHaqEd4e2+oH9u+7zFm2wXJcK/RvgYnagvwKsAJBnGJVG40uUPiWH+583bw6WO23jANyzOFzOpKH72aGkSH3IBWlJ0zUM/WBeXTIfbEAgNyXEvP7UlxO3Yc75FErztk1CqgvQES5bNkCyZxIqV33IKou0FRhyoZFKdvk1j7qmTBiWq/uJBE1tQdAmxMDApAm+PxeoMg== x-ms-exchange-antispam-messagedata: 1daPwJpSZiJOYR05VamoKxLUONIBr9P6Ugj1I4sWQpM/JR5Ad918VogbbVTA2cc3P1XM0izOc2Zk3kE49fqKOTY2eq05nESyTli9uS3Us2Y/0WYXmKjJG5P1hdd4SX6cRAHN3XbRRSvXVp2V+qiZ9A== MIME-Version: 1.0 X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM5PR0801MB1937 Original-Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=Krzysztof.Koch@arm.com; Return-Path: Krzysztof.Koch@arm.com X-EOPAttributedMessage: 0 X-MS-Exchange-Transport-CrossTenantHeadersStripped: DB5EUR03FT053.eop-EUR03.prod.protection.outlook.com X-Forefront-Antispam-Report: CIP:63.35.35.123;IPV:CAL;SCL:-1;CTRY:IE;EFV:NLI;SFV:NSPM;SFS:(10009020)(4636009)(346002)(396003)(376002)(39860400002)(136003)(189003)(199004)(52536014)(33656002)(70206006)(70586007)(9686003)(5660300002)(54906003)(4326008)(7696005)(55016002)(316002)(186003)(26005)(336012)(6916009)(81156014)(53546011)(86362001)(6506007)(8936002)(26826003)(478600001)(966005)(81166006)(8676002)(2906002)(356004);DIR:OUT;SFP:1101;SCL:1;SRVR:AM6PR08MB5218;H:64aa7808-outbound-1.mta.getcheckrecipient.com;FPR:;SPF:Pass;LANG:en;PTR:ec2-63-35-35-123.eu-west-1.compute.amazonaws.com;MX:1;A:1; X-MS-Office365-Filtering-Correlation-Id-Prvs: 3bef39fe-fe51-464d-827f-08d7a8887aee X-Forefront-PRVS: 0302D4F392 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: NYpwsgbPyZmc19DwH0UeqJEqpfvZCfsEUff2dXsq+ez8UGuMx8+IsmWdo3myzyiyUyrNj2GXPi1/Psk23vT84BJclbiiEdSvWFFFv6cQb+/T46a7RRpO8M9QN0v+SPYfNF0uEaErlwkwPvOxp/SU++zonSsvyyyCUuJ1glN8h+60JQ6NXSIpuvoDe+E/6lsQF0xViiNPLMuqJOP07eVNqBu8FTKQN1EIj+nyW5QlNGMLMdeTTozPlfkLNBZyQQzkozP2UN4X/Zmtz0caiM0qMLl9rtJCZwzw/FlWU6Oe6QZkZGc/t+GYxEqL2XlQ+o9yXPiGqOM0JSjNwIglKOEqjOJdD4OgWcyUj9fa49DvZaAObZ3Z2vP2cLGuvT8dm0fXJYr2S7+DKrlcsgpQSs8lqEagLu87fHb/6ugIp4Anc7fjZBExAXo7Fqrb8PD+0BBvVnj7A0tpob7FiiuuJhlVyCBO4ZOR/qGtU86mLodTXWNvNs/vyi+ueHk6VBvoZDj0va8S6+ED24To+nsyw4QkGg== X-OriginatorOrg: arm.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 03 Feb 2020 09:07:29.0102 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 73b89cb6-34c9-450d-2e2c-08d7a8887eaf X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=f34e5979-57d9-4aaa-ad4d-b122a662184d;Ip=[63.35.35.123];Helo=[64aa7808-outbound-1.mta.getcheckrecipient.com] X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM6PR08MB5218 Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Hi, Is there any chance this patch series will get reviewed soon? The v1 series has already been reviewed a few months ago and the patches w= hich were not ok were re-submitted as v2. The v3 series is basically a rebase of v1 on latest master with the v2 cha= nges included. Kind regards, Krzysztof -----Original Message----- From: devel@edk2.groups.io On Behalf Of Krzysztof K= och via Groups.Io Sent: Monday, January 20, 2020 11:14 To: devel@edk2.groups.io Cc: ray.ni@intel.com; zhichao.gao@intel.com; Sami Mujawar ; Matteo Carlini ; nd Subject: [edk2-devel] [PATCH v3 00/11] Test against invalid pointers in ac= piview Prevent the use of invalid pointers when parsing ACPI tables in the UEFI s= hell acpiview tool. The parsing of ACPI tables is often controlled with the values read earlie= r from the same table. For example, the 'Offset' or 'Count' fields found in= a structure are later used to parse the substructures. If such fields lie = outside the structure's buffer length provided, then there is a possibility= for a wild or dangling pointer. Currently, if the ParseAcpi() function terminates early because the end of= the input table data buffer has been reached, then the pointers which were= supposed to be updated by this function are left untouched. This is a security issue as the values pointed to by these pointers are la= ter used for flow control. This patch series aims to solve this security issue by explicitly initiali= zing any pointers lying outside the input ACPI data buffer to NULL and test= ing for NULL whenever these pointers are dereferenced. Changes can be seet at: https://github.com/KrzysztofKoch1/edk2/tree/612_ad= d_pointer_validation_v3 Notes: v3: - Rebase on latest master [Krzysztof] v2: - Do not require FadtMinorRevision and X_DsdtAddress pointers to be valid in FADT table parser [Zhichao] v1: - Validate static pointers in acpiview parsers before use [Krzysztof] Krzysztof Koch (11): ShellPkg: acpiview: Set ItemPtr to NULL for unprocessed table fields ShellPkg: acpiview: RSDP: Validate global pointer before use ShellPkg: acpiview: FADT: Validate global pointer before use ShellPkg: acpiview: SLIT: Validate global pointer before use ShellPkg: acpiview: SLIT: Validate System Locality count ShellPkg: acpiview: SRAT: Validate global pointers before use ShellPkg: acpiview: MADT: Validate global pointers before use ShellPkg: acpiview: PPTT: Validate global pointers before use ShellPkg: acpiview: IORT: Validate global pointers before use ShellPkg: acpiview: GTDT: Validate global pointers before use ShellPkg: acpiview: DBG2: Validate global pointers before use ShellPkg/Library/UefiShellAcpiViewCommandLib/AcpiParser.c | = 9 ++- ShellPkg/Library/UefiShellAcpiViewCommandLib/Parsers/Dbg2/Dbg2Parser.c | = 43 ++++++++++++++ ShellPkg/Library/UefiShellAcpiViewCommandLib/Parsers/Fad= t/FadtParser.c | 21 +++---- ShellPkg/Library/UefiShellAcpiViewCommandLib/P= arsers/Gtdt/GtdtParser.c | 37 ++++++++++++ ShellPkg/Library/UefiShellAcpiV= iewCommandLib/Parsers/Iort/IortParser.c | 52 +++++++++++++++++ ShellPkg/Li= brary/UefiShellAcpiViewCommandLib/Parsers/Madt/MadtParser.c | 13 +++++ She= llPkg/Library/UefiShellAcpiViewCommandLib/Parsers/Pptt/PpttParser.c | 25 ++= ++++++ ShellPkg/Library/UefiShellAcpiViewCommandLib/Parsers/Rsdp/RsdpParse= r.c | 12 ++++ ShellPkg/Library/UefiShellAcpiViewCommandLib/Parsers/Slit/Sl= itParser.c | 61 ++++++++++++++++++-- ShellPkg/Library/UefiShellAcpiViewCom= mandLib/Parsers/Srat/SratParser.c | 13 +++++ 10 files changed, 269 insertions(+), 17 deletions(-) -- 'Guid(CE165669-3EF3-493F-B85D-6190EE5B9759)'