From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-qt1-f182.google.com (mail-qt1-f182.google.com [209.85.160.182]) by mx.groups.io with SMTP id smtpd.web08.1298.1667811498629185029 for ; Mon, 07 Nov 2022 00:58:18 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20210112 header.b=oz3Hqzfw; spf=pass (domain: gmail.com, ip: 209.85.160.182, mailfrom: joaquinconobolillo@gmail.com) Received: by mail-qt1-f182.google.com with SMTP id fz10so6529296qtb.3 for ; Mon, 07 Nov 2022 00:58:18 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :from:to:cc:subject:date:message-id:reply-to; bh=8u+O+m0f6LCpXQ+2ePNzfHUk2bh2RFtYPzqLr+2qRWE=; b=oz3HqzfwZiV6WVBm85aLqhdLn2bOnku5q7Dz2hJI2N6HASjvYEc3s9FDByfM2ptw81 772WZPHpBHjcwOUGm9RjLKYBnLQgu5djNZDZGeIIPb5wxvnH+NvmzPDDpDnzhhMPvMcE yW+GiIvx+k+Fe138hWH1+EKs5xpwahVswGcr4UxUEVnTwgw1gnXj3P16rJ0luVXAM2i6 1RtQ0owxI2edy1d8bJEXRYG3xaBV2vOHmQl7BkQEFDPdXqmJfYcrcSfkpqyKS6k0o3Ma b+Tj3MUuyKupF9drg7nT8xoG7w7eDpNhA5l21T5/S955m8VhiHa+HRKeeAJw4arSJQ0e ijMA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=8u+O+m0f6LCpXQ+2ePNzfHUk2bh2RFtYPzqLr+2qRWE=; b=VBMrkAmCZ5WKVuj0Eq/b+jznYUSD+MNh43Xti6/5mbxmhbOaeX2aVbMFEcjcY+B21x wad4ndazbHy1tV30cWvArVwFkEYeQor+k4dF3bwpi0Rs5O7+d6WLyLK1vSiaWU8skY2q 4RYkbgDw0uLPjXQiBQ6B7OC4jCgXNho3U8e6oB1WdrJWdxX4mrZDHie9wgzDhkLKSO9+ h+fuiQUIHLQhH3w0ZQsbHav8D601HyjQFL5IXVzTtz9JNTnytMGqTVFBaTLOd/8RRX9q zte1BqaCp23tgMWS3gkutNXMf+1rc4Bc6I0TUw+y/BW1SXBuXOgJn4lax7oa/gCHEqMC zheA== X-Gm-Message-State: ACrzQf0pTe1gkvwYDTYc2H5p1Kviw0Z44HECIyKIzErR2yxLsFggzOjW SfM50AmJtkjZl0B6W8bkEc73hTDqvsV/zoV68o6baAFbdcahwc3I X-Google-Smtp-Source: AMsMyM4Xex0PyFyT/sTAVdeFWYk+APhgZf+bSL08Oa0234S1jc/S2zPuuozg/Vx1ERQd6AQRSMq04D5xc3NKIBoYdZo= X-Received: by 2002:a05:622a:14c7:b0:39c:ec5e:f05b with SMTP id u7-20020a05622a14c700b0039cec5ef05bmr38902749qtx.166.1667811497676; Mon, 07 Nov 2022 00:58:17 -0800 (PST) MIME-Version: 1.0 References: <20221103011149.659815-1-pedro.falcato@gmail.com> <000201d8efeb$f43533b0$dc9f9b10$@byosoft.com.cn> <016b01d8f248$cf2d28c0$6d877a40$@byosoft.com.cn> In-Reply-To: From: "JC" Date: Mon, 7 Nov 2022 09:57:58 +0100 Message-ID: Subject: =?UTF-8?B?UmU6IFtlZGsyLWRldmVsXSDlm57lpI06IFtQQVRDSCB2MyAxLzFdIE1kZVBrZy9CYXNlTGliOiBGaXggb3V0LW9mLWJvdW5kcyByZWFkcyBpbiBTYWZlU3RyaW5n?= To: devel@edk2.groups.io, pedro.falcato@gmail.com Content-Type: multipart/alternative; boundary="000000000000df14ba05ecdd9fe4" --000000000000df14ba05ecdd9fe4 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable test mail On Mon, Nov 7, 2022 at 9:14 AM Pedro Falcato wrote: > Thanks! > > On Mon, 7 Nov 2022, 01:32 gaoliming via groups.io, byosoft.com.cn@groups.io> wrote: > >> Create https://github.com/tianocore/edk2/pull/3604 to merge this patch. >> >> >> >> Thanks >> >> Liming >> >> *=E5=8F=91=E4=BB=B6=E4=BA=BA:* devel@edk2.groups.io *=E4=BB=A3=E8=A1=A8 *Pedro Falcato >> *=E5=8F=91=E9=80=81=E6=97=B6=E9=97=B4:* 2022=E5=B9=B411=E6=9C=885=E6=97= =A5 8:25 >> *=E6=94=B6=E4=BB=B6=E4=BA=BA:* devel@edk2.groups.io; gaoliming@byosoft.c= om.cn >> *=E6=8A=84=E9=80=81:* Vitaly Cheptsov ; Marvin H= =C3=A4user < >> mhaeuser@posteo.de>; Michael D Kinney ; >> Zhiguang Liu ; Jiewen Yao >> *=E4=B8=BB=E9=A2=98:* Re: [edk2-devel] =E5=9B=9E=E5=A4=8D: [PATCH v3 1/1= ] MdePkg/BaseLib: Fix >> out-of-bounds reads in SafeString >> >> >> >> Hi Liming, >> >> >> >> Thank you for the review. Can we please push this in time for the stable >> tag? >> >> >> >> Thanks, >> >> Pedro >> >> >> >> On Fri, Nov 4, 2022 at 1:22 AM gaoliming via groups.io > byosoft.com.cn@groups.io> wrote: >> >> Reviewed-by: Liming Gao >> >> > -----=E9=82=AE=E4=BB=B6=E5=8E=9F=E4=BB=B6----- >> > =E5=8F=91=E4=BB=B6=E4=BA=BA: Pedro Falcato >> > =E5=8F=91=E9=80=81=E6=97=B6=E9=97=B4: 2022=E5=B9=B411=E6=9C=883=E6=97= =A5 9:12 >> > =E6=94=B6=E4=BB=B6=E4=BA=BA: devel@edk2.groups.io >> > =E6=8A=84=E9=80=81: Pedro Falcato ; Vitaly Ch= eptsov >> > ; Marvin H=C3=A4user ; >> > Michael D Kinney ; Liming Gao >> > ; Zhiguang Liu ; >> Jiewen >> > Yao >> > =E4=B8=BB=E9=A2=98: [PATCH v3 1/1] MdePkg/BaseLib: Fix out-of-bounds r= eads in >> SafeString >> > >> > There was a OOB access in *StrHexTo* functions, when passed strings li= ke >> > "XDEADBEEF". >> > >> > OpenCore folks established an ASAN-equipped project to fuzz Ext4Dxe, >> > which was able to catch these (mostly harmless) issues. >> > >> > Cc: Vitaly Cheptsov >> > Cc: Marvin H=C3=A4user >> > Cc: Michael D Kinney >> > Cc: Liming Gao >> > Cc: Zhiguang Liu >> > Signed-off-by: Pedro Falcato >> > Acked-by: Michael D Kinney >> > Reviewed-by: Jiewen Yao >> > --- >> > MdePkg/Library/BaseLib/SafeString.c | 25 +++++++++++++++++++++---- >> > 1 file changed, 21 insertions(+), 4 deletions(-) >> > >> > diff --git a/MdePkg/Library/BaseLib/SafeString.c >> > b/MdePkg/Library/BaseLib/SafeString.c >> > index f338a32a3a41..b75b33381732 100644 >> > --- a/MdePkg/Library/BaseLib/SafeString.c >> > +++ b/MdePkg/Library/BaseLib/SafeString.c >> > @@ -863,6 +863,9 @@ StrHexToUintnS ( >> > OUT UINTN *Data >> > ) >> > { >> > + BOOLEAN FoundLeadingZero; >> > + >> > + FoundLeadingZero =3D FALSE; >> > ASSERT (((UINTN)String & BIT0) =3D=3D 0); >> > >> > // >> > @@ -892,12 +895,14 @@ StrHexToUintnS ( >> > // >> > // Ignore leading Zeros after the spaces >> > // >> > + >> > + FoundLeadingZero =3D *String =3D=3D L'0'; >> > while (*String =3D=3D L'0') { >> > String++; >> > } >> > >> > if (CharToUpper (*String) =3D=3D L'X') { >> > - if (*(String - 1) !=3D L'0') { >> > + if (!FoundLeadingZero) { >> > *Data =3D 0; >> > return RETURN_SUCCESS; >> > } >> > @@ -992,6 +997,9 @@ StrHexToUint64S ( >> > OUT UINT64 *Data >> > ) >> > { >> > + BOOLEAN FoundLeadingZero; >> > + >> > + FoundLeadingZero =3D FALSE; >> > ASSERT (((UINTN)String & BIT0) =3D=3D 0); >> > >> > // >> > @@ -1021,12 +1029,13 @@ StrHexToUint64S ( >> > // >> > // Ignore leading Zeros after the spaces >> > // >> > + FoundLeadingZero =3D *String =3D=3D L'0'; >> > while (*String =3D=3D L'0') { >> > String++; >> > } >> > >> > if (CharToUpper (*String) =3D=3D L'X') { >> > - if (*(String - 1) !=3D L'0') { >> > + if (!FoundLeadingZero) { >> > *Data =3D 0; >> > return RETURN_SUCCESS; >> > } >> > @@ -2393,6 +2402,9 @@ AsciiStrHexToUintnS ( >> > OUT UINTN *Data >> > ) >> > { >> > + BOOLEAN FoundLeadingZero; >> > + >> > + FoundLeadingZero =3D FALSE; >> > // >> > // 1. Neither String nor Data shall be a null pointer. >> > // >> > @@ -2420,12 +2432,13 @@ AsciiStrHexToUintnS ( >> > // >> > // Ignore leading Zeros after the spaces >> > // >> > + FoundLeadingZero =3D *String =3D=3D '0'; >> > while (*String =3D=3D '0') { >> > String++; >> > } >> > >> > if (AsciiCharToUpper (*String) =3D=3D 'X') { >> > - if (*(String - 1) !=3D '0') { >> > + if (!FoundLeadingZero) { >> > *Data =3D 0; >> > return RETURN_SUCCESS; >> > } >> > @@ -2517,6 +2530,9 @@ AsciiStrHexToUint64S ( >> > OUT UINT64 *Data >> > ) >> > { >> > + BOOLEAN FoundLeadingZero; >> > + >> > + FoundLeadingZero =3D FALSE; >> > // >> > // 1. Neither String nor Data shall be a null pointer. >> > // >> > @@ -2544,12 +2560,13 @@ AsciiStrHexToUint64S ( >> > // >> > // Ignore leading Zeros after the spaces >> > // >> > + FoundLeadingZero =3D *String =3D=3D '0'; >> > while (*String =3D=3D '0') { >> > String++; >> > } >> > >> > if (AsciiCharToUpper (*String) =3D=3D 'X') { >> > - if (*(String - 1) !=3D '0') { >> > + if (!FoundLeadingZero) { >> > *Data =3D 0; >> > return RETURN_SUCCESS; >> > } >> > -- >> > 2.38.1 >> >> >> >> >> >> >> >> >> >> -- >> >> Pedro Falcato >> >>=20 > > --000000000000df14ba05ecdd9fe4 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
test mail

On Mon, Nov 7, 2022 at 9:14 AM Pedro Falcato = <pedro.falcato@gmail.com&= gt; wrote:
Thanks!

On Mon, 7 Nov 2022, 01:32 gaoliming via groups.io, <gaoliming=3Dbyosoft.com.cn@groups.io<= /a>> wrote:
<= div style=3D"overflow-wrap: break-word;" lang=3D"ZH-CN">

Create https://github.com/tianocore/edk2/pul= l/3604 to merge this patch.

=C2=A0

Thanks<= u>

Liming

=E5=8F=91=E4=BB=B6=E4=BA=BA: devel@edk2.groups.io <d= evel@edk2.groups.io> =E4=BB=A3=E8=A1=A8 Pedro Falcato
<= /span>=E5= =8F=91=E9=80=81=E6=97=B6=E9=97=B4:= 2022= =E5=B9=B411=E6=9C=885=E6=97=A5 8:25
=E6=94=B6=E4=BB=B6=E4=BA= =BA: devel@edk2.grou= ps.io; gaoliming@byosoft.com.cn
=E6=8A=84=E9=80= =81: Vitaly Cheptsov &= lt;vit9696@protonmail.com>; Marvin H=C3=A4user <mhaeuser@post= eo.de>; Michael D Kinney <michael.d.kinney@intel.com&= gt;; Zhiguang Liu <zhiguang.liu@intel.com>; Jiewen Yao <= Jiewen.yao@intel.com>
=E4=B8=BB=E9=A2=98: Re: [edk2-devel] =E5=9B=9E= =E5=A4=8D: [PATCH v3 1/1] MdePkg/BaseLib: Fix out-of-b= ounds reads in SafeString

=C2=A0

<= div>

Hi Liming,

=C2= =A0

Thank you for the review. Can we please push this in time for the stable t= ag?

=C2=A0

Thanks,

Pedro

=C2=A0

On Fri, Nov 4, 2022 at = 1:22 AM gaoliming via groups.io <gaoliming=3Dbyosoft.com.cn@groups.io> wrote:

Reviewed-by: Liming Gao <g= aoliming@byosoft.com.cn>

> -----=E9=82=AE=E4=BB=B6= =E5=8E=9F=E4=BB=B6-----
> =E5=8F=91=E4=BB= =B6=E4=BA=BA: Pedro Falcato <pedro.falcato@gma= il.com>
> =E5=8F=91=E9=80=81=E6=97=B6=E9=97=B4: 2022=E5=B9=B411=E6=9C=883=E6=97=A5 9:12
> =E6=94=B6=E4=BB=B6=E4=BA=BA: devel@edk2.groups.io=
> =E6=8A=84=E9=80=81: Pedro Falcato = <pedro.falcato@gmail.com>; Vitaly Cheptsov
> <v= it9696@protonmail.com>; Marvin H=C3=A4user <mhaeuser@posteo.de>;
> Michael D Kinney <michael.d.kinney@intel.com&= gt;; Liming Gao
> <gaoliming@byosoft.com.cn>; Zhiguan= g Liu <zhiguang.liu@intel.com>; Jiewen
> Yao <Jiew= en.yao@Intel.com>
> =E4=B8=BB=E9=A2=98: [PATCH v3 1/1] MdePkg/BaseLib: Fix out-of-bounds reads in SafeString<= br>>
> There was a OOB access in *StrHexTo* functions, when passe= d strings like
> "XDEADBEEF".
>
> OpenCore fol= ks established an ASAN-equipped project to fuzz Ext4Dxe,
> which was = able to catch these (mostly harmless) issues.
>
> Cc: Vitaly C= heptsov <vit9696@protonmail.com>
> Cc: Marvin H=C3=A4us= er <mhaeuser@posteo.de>
> Cc: Michael D Kinney <michael.d.kinney@intel.com>
> Cc: Liming Gao <gaolim= ing@byosoft.com.cn>
> Cc: Zhiguang Liu <zhiguang.liu@in= tel.com>
> Signed-off-by: Pedro Falcato <pedro.falcato= @gmail.com>
> Acked-by: Michael D Kinney <michael.d= .kinney@intel.com>
> Reviewed-by: Jiewen Yao <Jiewen.yao@= Intel.com>
> ---
>=C2=A0 MdePkg/Library/BaseLib/SafeStri= ng.c | 25 +++++++++++++++++++++----
>=C2=A0 1 file changed, 21 insert= ions(+), 4 deletions(-)
>
> diff --git a/MdePkg/Library/BaseLi= b/SafeString.c
> b/MdePkg/Library/BaseLib/SafeString.c
> index = f338a32a3a41..b75b33381732 100644
> --- a/MdePkg/Library/BaseLib/Safe= String.c
> +++ b/MdePkg/Library/BaseLib/SafeString.c
> @@ -863,= 6 +863,9 @@ StrHexToUintnS (
>=C2=A0 =C2=A0 OUT=C2=A0 =C2=A0 =C2=A0 = =C2=A0UINTN=C2=A0 =C2=A0*Data
>=C2=A0 =C2=A0 )
>=C2=A0 {
>= ; +=C2=A0 BOOLEAN=C2=A0 FoundLeadingZero;
> +
> +=C2=A0 FoundLe= adingZero =3D FALSE;
>=C2=A0 =C2=A0 ASSERT (((UINTN)String & BIT0= ) =3D=3D 0);
>
>=C2=A0 =C2=A0 //
> @@ -892,12 +895,14 @@= StrHexToUintnS (
>=C2=A0 =C2=A0 //
>=C2=A0 =C2=A0 // Ignore le= ading Zeros after the spaces
>=C2=A0 =C2=A0 //
> +
> +=C2= =A0 FoundLeadingZero =3D *String =3D=3D L'0';
>=C2=A0 =C2=A0 = while (*String =3D=3D L'0') {
>=C2=A0 =C2=A0 =C2=A0 String++;=
>=C2=A0 =C2=A0 }
>
>=C2=A0 =C2=A0 if (CharToUpper (*Str= ing) =3D=3D L'X') {
> -=C2=A0 =C2=A0 if (*(String - 1) !=3D L= '0') {
> +=C2=A0 =C2=A0 if (!FoundLeadingZero) {
>=C2= =A0 =C2=A0 =C2=A0 =C2=A0 *Data =3D 0;
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 re= turn RETURN_SUCCESS;
>=C2=A0 =C2=A0 =C2=A0 }
> @@ -992,6 +997,9= @@ StrHexToUint64S (
>=C2=A0 =C2=A0 OUT=C2=A0 =C2=A0 =C2=A0 =C2=A0UI= NT64=C2=A0 *Data
>=C2=A0 =C2=A0 )
>=C2=A0 {
> +=C2=A0 BOO= LEAN=C2=A0 FoundLeadingZero;
> +
> +=C2=A0 FoundLeadingZero =3D= FALSE;
>=C2=A0 =C2=A0 ASSERT (((UINTN)String & BIT0) =3D=3D 0);<= br>>
>=C2=A0 =C2=A0 //
> @@ -1021,12 +1029,13 @@ StrHexToUi= nt64S (
>=C2=A0 =C2=A0 //
>=C2=A0 =C2=A0 // Ignore leading Zero= s after the spaces
>=C2=A0 =C2=A0 //
> +=C2=A0 FoundLeadingZero= =3D *String =3D=3D L'0';
>=C2=A0 =C2=A0 while (*String =3D= =3D L'0') {
>=C2=A0 =C2=A0 =C2=A0 String++;
>=C2=A0 =C2= =A0 }
>
>=C2=A0 =C2=A0 if (CharToUpper (*String) =3D=3D L'= X') {
> -=C2=A0 =C2=A0 if (*(String - 1) !=3D L'0') {
= > +=C2=A0 =C2=A0 if (!FoundLeadingZero) {
>=C2=A0 =C2=A0 =C2=A0 = =C2=A0 *Data =3D 0;
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 return RETURN_SUCCES= S;
>=C2=A0 =C2=A0 =C2=A0 }
> @@ -2393,6 +2402,9 @@ AsciiStrHexT= oUintnS (
>=C2=A0 =C2=A0 OUT=C2=A0 =C2=A0 =C2=A0 =C2=A0UINTN=C2=A0 *D= ata
>=C2=A0 =C2=A0 )
>=C2=A0 {
> +=C2=A0 BOOLEAN=C2=A0 Fo= undLeadingZero;
> +
> +=C2=A0 FoundLeadingZero =3D FALSE;
&g= t;=C2=A0 =C2=A0 //
>=C2=A0 =C2=A0 // 1. Neither String nor Data shall= be a null pointer.
>=C2=A0 =C2=A0 //
> @@ -2420,12 +2432,13 @@= AsciiStrHexToUintnS (
>=C2=A0 =C2=A0 //
>=C2=A0 =C2=A0 // Igno= re leading Zeros after the spaces
>=C2=A0 =C2=A0 //
> +=C2=A0 F= oundLeadingZero =3D *String =3D=3D '0';
>=C2=A0 =C2=A0 while = (*String =3D=3D '0') {
>=C2=A0 =C2=A0 =C2=A0 String++;
>= ;=C2=A0 =C2=A0 }
>
>=C2=A0 =C2=A0 if (AsciiCharToUpper (*Strin= g) =3D=3D 'X') {
> -=C2=A0 =C2=A0 if (*(String - 1) !=3D '= ;0') {
> +=C2=A0 =C2=A0 if (!FoundLeadingZero) {
>=C2=A0 = =C2=A0 =C2=A0 =C2=A0 *Data =3D 0;
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 return= RETURN_SUCCESS;
>=C2=A0 =C2=A0 =C2=A0 }
> @@ -2517,6 +2530,9 @= @ AsciiStrHexToUint64S (
>=C2=A0 =C2=A0 OUT=C2=A0 =C2=A0 =C2=A0 =C2= =A0UINT64=C2=A0 *Data
>=C2=A0 =C2=A0 )
>=C2=A0 {
> +=C2= =A0 BOOLEAN=C2=A0 FoundLeadingZero;
> +
> +=C2=A0 FoundLeadingZ= ero =3D FALSE;
>=C2=A0 =C2=A0 //
>=C2=A0 =C2=A0 // 1. Neither S= tring nor Data shall be a null pointer.
>=C2=A0 =C2=A0 //
> @@ = -2544,12 +2560,13 @@ AsciiStrHexToUint64S (
>=C2=A0 =C2=A0 //
>= =C2=A0 =C2=A0 // Ignore leading Zeros after the spaces
>=C2=A0 =C2=A0= //
> +=C2=A0 FoundLeadingZero =3D *String =3D=3D '0';
>= ;=C2=A0 =C2=A0 while (*String =3D=3D '0') {
>=C2=A0 =C2=A0 = =C2=A0 String++;
>=C2=A0 =C2=A0 }
>
>=C2=A0 =C2=A0 if (A= sciiCharToUpper (*String) =3D=3D 'X') {
> -=C2=A0 =C2=A0 if (= *(String - 1) !=3D '0') {
> +=C2=A0 =C2=A0 if (!FoundLeadingZ= ero) {
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 *Data =3D 0;
>=C2=A0 =C2=A0= =C2=A0 =C2=A0 return RETURN_SUCCESS;
>=C2=A0 =C2=A0 =C2=A0 }
>= --
> 2.38.1







=



--

Pedro Falcato

=20 =20

--000000000000df14ba05ecdd9fe4--