From mboxrd@z Thu Jan 1 00:00:00 1970 Authentication-Results: mx.groups.io; dkim=pass header.i=@armh.onmicrosoft.com header.s=selector2-armh-onmicrosoft-com header.b=BgqjU97u; spf=pass (domain: arm.com, ip: 40.107.13.81, mailfrom: sami.mujawar@arm.com) Received: from EUR01-HE1-obe.outbound.protection.outlook.com (EUR01-HE1-obe.outbound.protection.outlook.com [40.107.13.81]) by groups.io with SMTP; Mon, 19 Aug 2019 02:29:42 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=6uz0zuZFLFE2rYoMurTjEbx7fKqjde9U6qfYFRwhUbA=; b=BgqjU97uekUi5qfzIbQgAWz/DAOiGCEI8D3iTr5Wy76zNxMJjhAKyewBPlbZ2aQ8Cr0tWEmQxZKLMjEbXV9HZixUEU9pz5SncQFYfxLccMmOIymrML8tHxVsG3ELtXRY2QeXvu7fmsWNMER7LhO8+T2q/boUzNmG8CZqpm3KNWI= Received: from VE1PR08CA0030.eurprd08.prod.outlook.com (2603:10a6:803:104::43) by VE1PR08MB4958.eurprd08.prod.outlook.com (2603:10a6:803:110::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2157.16; Mon, 19 Aug 2019 09:29:37 +0000 Received: from DB5EUR03FT064.eop-EUR03.prod.protection.outlook.com (2a01:111:f400:7e0a::205) by VE1PR08CA0030.outlook.office365.com (2603:10a6:803:104::43) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2178.16 via Frontend Transport; Mon, 19 Aug 2019 09:29:37 +0000 Authentication-Results: spf=temperror (sender IP is 63.35.35.123) smtp.mailfrom=arm.com; edk2.groups.io; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com;edk2.groups.io; dmarc=temperror action=none header.from=arm.com; Received-SPF: TempError (protection.outlook.com: error in processing during lookup of arm.com: DNS Timeout) Received: from 64aa7808-outbound-1.mta.getcheckrecipient.com (63.35.35.123) by DB5EUR03FT064.mail.protection.outlook.com (10.152.21.199) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2178.16 via Frontend Transport; Mon, 19 Aug 2019 09:29:35 +0000 Received: ("Tessian outbound a1fd2c3cfdb0:v26"); Mon, 19 Aug 2019 09:29:32 +0000 X-CR-MTA-TID: 64aa7808 Received: from 3b7dd65b8d8d.3 (cr-mta-lb-1.cr-mta-net [104.47.4.50]) by 64aa7808-outbound-1.mta.getcheckrecipient.com id C16D896D-3E61-47BD-9537-1A2F24623D54.1; Mon, 19 Aug 2019 09:29:27 +0000 Received: from EUR02-AM5-obe.outbound.protection.outlook.com (mail-am5eur02lp2050.outbound.protection.outlook.com [104.47.4.50]) by 64aa7808-outbound-1.mta.getcheckrecipient.com with ESMTPS id 3b7dd65b8d8d.3 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384); Mon, 19 Aug 2019 09:29:27 +0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=LYuwFd1b813ypMKua80gcEBfjdNmpwdxuMUuwuN7nTuvaLAXG3MJLvRW65E9f+q8+/Q/PkIS5ZPR8GpInGK4JPZtiR9MnDbdXbhfkosgJ7tpQGMgtAx2wXRqw8YjDTJCWgz0JTRyzCh7VWRvCWpx4cCgVg5rnJht9e5O3wSF2tA8nB8dFpkJdOGq7cibCyt7toRty6UMBfN3OqLFBVDetXMHSbE9I255DoOb7u/O9C2Yr69RzETm9qrRTNDGq8kmU/bXjDUMGTwhlw6y8Lt34BelwNEYGonAQwEf/PQXoKHPiFMwRxwzYNoy4h0P8UueoUfQUFitSTLsSuu1FNqqxA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=6uz0zuZFLFE2rYoMurTjEbx7fKqjde9U6qfYFRwhUbA=; b=VjlSnv6Ycb20G62+i3dBx8gkKxrc8PnQy5+CxCf57lKf3SiAkBQvTuOgbXElSWZ962M6gPhtoQc4+l7dwxBj3FP12OFEzoWYqSnU2vo/ZRer6/WnCYsTCoQ+Wi1ZSKrnolv4yceZ6hv3isJQ4wb5pqdB4HB+j+eN0TuyZ3UJbClVIM6zIgI3zfzPSfoCL2HsaiFQhpPzmee7/nnS/qDY38cIhHEjlg2BSiBB+FW00Ja/SKHn1o2PAzeGcf3RUdr0cq8RRt/UuW+c6MOEj1T2jNOIphuy331yYkNdtSStaaTRngHfr2rhf5AT7epZEjQRoljkb1/cUjxVB0wE+b/zFg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=6uz0zuZFLFE2rYoMurTjEbx7fKqjde9U6qfYFRwhUbA=; b=BgqjU97uekUi5qfzIbQgAWz/DAOiGCEI8D3iTr5Wy76zNxMJjhAKyewBPlbZ2aQ8Cr0tWEmQxZKLMjEbXV9HZixUEU9pz5SncQFYfxLccMmOIymrML8tHxVsG3ELtXRY2QeXvu7fmsWNMER7LhO8+T2q/boUzNmG8CZqpm3KNWI= Received: from DB6PR0802MB2375.eurprd08.prod.outlook.com (10.172.228.142) by DB6PR0802MB2549.eurprd08.prod.outlook.com (10.172.251.23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2178.16; Mon, 19 Aug 2019 09:29:26 +0000 Received: from DB6PR0802MB2375.eurprd08.prod.outlook.com ([fe80::88a4:74c4:c4b7:aa1a]) by DB6PR0802MB2375.eurprd08.prod.outlook.com ([fe80::88a4:74c4:c4b7:aa1a%5]) with mapi id 15.20.2178.018; Mon, 19 Aug 2019 09:29:26 +0000 From: "Sami Mujawar" To: Krzysztof Koch , "devel@edk2.groups.io" CC: "jaben.carsey@intel.com" , "ray.ni@intel.com" , "zhichao.gao@intel.com" , Matteo Carlini , nd Subject: Re: [PATCH v1 00/11] Test against invalid pointers in acpiview Thread-Topic: [PATCH v1 00/11] Test against invalid pointers in acpiview Thread-Index: AQHVU2r+aBWE64g3i0Wky2i7QjMM06cCOjng Date: Mon, 19 Aug 2019 09:29:26 +0000 Message-ID: References: <20190815131121.52644-1-krzysztof.koch@arm.com> In-Reply-To: <20190815131121.52644-1-krzysztof.koch@arm.com> Accept-Language: en-GB, en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ts-tracking-id: f557ad8f-3655-4018-b4d9-1af1de46590d.0 x-checkrecipientchecked: true Authentication-Results-Original: spf=none (sender IP is ) smtp.mailfrom=Sami.Mujawar@arm.com; x-originating-ip: [217.140.96.140] x-ms-publictraffictype: Email X-MS-Office365-Filtering-Correlation-Id: e6a89fe1-a190-400f-11b5-08d72487bfd8 X-MS-Office365-Filtering-HT: Tenant X-Microsoft-Antispam-Untrusted: BCL:0;PCL:0;RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(711020)(4605104)(1401327)(4618075)(2017052603328)(7193020);SRVR:DB6PR0802MB2549; X-MS-TrafficTypeDiagnostic: DB6PR0802MB2549:|VE1PR08MB4958: X-MS-Exchange-PUrlCount: 1 x-ms-exchange-transport-forked: True X-Microsoft-Antispam-PRVS: x-checkrecipientrouted: true x-ms-oob-tlc-oobclassifiers: OLM:8882;OLM:8882; x-forefront-prvs: 0134AD334F X-Forefront-Antispam-Report-Untrusted: SFV:NSPM;SFS:(10009020)(4636009)(396003)(39860400002)(376002)(136003)(346002)(366004)(189003)(199004)(13464003)(11346002)(476003)(7696005)(99286004)(446003)(486006)(33656002)(86362001)(53936002)(186003)(7736002)(74316002)(6246003)(6506007)(26005)(14454004)(256004)(478600001)(14444005)(53546011)(305945005)(102836004)(71190400001)(71200400001)(2501003)(6116002)(3846002)(76176011)(66066001)(5660300002)(966005)(52536014)(66476007)(66556008)(66446008)(81156014)(64756008)(76116006)(6436002)(66946007)(4326008)(2906002)(110136005)(54906003)(81166006)(6306002)(9686003)(8936002)(316002)(55016002)(229853002)(25786009)(8676002);DIR:OUT;SFP:1101;SCL:1;SRVR:DB6PR0802MB2549;H:DB6PR0802MB2375.eurprd08.prod.outlook.com;FPR:;SPF:None;LANG:en;PTR:InfoNoRecords;MX:1;A:1; received-spf: None (protection.outlook.com: arm.com does not designate permitted sender hosts) X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam-Message-Info-Original: Unbt8HCb7ljCZ7h4jATzkZXEsQ0CjFjZPAWVXM6J1DzqehPhiZVWg5PET6CCUtxDHHmegYktRVwYDq8Fu8ljO3qQSTBauslnct+nb7ShD0RUI91PHwxC2I5rk51n47nZXpHwSCmP68GfeiIGPL9UjCHkQhr8Pj3wMwyP1cRq9nEuJ7Rw05Y8x0C8rT8FcnkgNpwnZESoLNmH5q5eCWjHmTR2hxxBOEgWQQeS0+fAGkKbpo2OCgSUeo11L5CW5EQWVvEGd1BhNbJDpbD1ZtEOjDmoqlGjngPRIohaGZUETeX2K7x/OviDOw6oySmSAhRNW1KI/HIOGgqqRtSMRzlxkAN1YVlTF5iJQ6K5PXe73pPNOJev7wQD+7x0eCnmcng7NaYZ5CNKot4QgJuBIn+LR/pfJNP5h+Sdvpp/h1juZcE= MIME-Version: 1.0 X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB6PR0802MB2549 Original-Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=Sami.Mujawar@arm.com; Return-Path: Sami.Mujawar@arm.com X-EOPAttributedMessage: 0 X-MS-Exchange-Transport-CrossTenantHeadersStripped: DB5EUR03FT064.eop-EUR03.prod.protection.outlook.com X-Forefront-Antispam-Report: CIP:63.35.35.123;IPV:CAL;SCL:-1;CTRY:IE;EFV:NLI;SFV:NSPM;SFS:(10009020)(4636009)(346002)(396003)(39860400002)(376002)(136003)(2980300002)(13464003)(199004)(189003)(50466002)(25786009)(23726003)(356004)(229853002)(6116002)(3846002)(14444005)(966005)(186003)(11346002)(446003)(70206006)(33656002)(26826003)(2501003)(486006)(336012)(476003)(126002)(478600001)(70586007)(8676002)(63350400001)(63370400001)(22756006)(76130400001)(26005)(14454004)(102836004)(81166006)(81156014)(110136005)(54906003)(52536014)(99286004)(97756001)(8936002)(8746002)(6506007)(86362001)(53546011)(7736002)(2906002)(305945005)(4326008)(55016002)(9686003)(6306002)(6246003)(5660300002)(46406003)(316002)(7696005)(47776003)(76176011)(66066001)(74316002);DIR:OUT;SFP:1101;SCL:1;SRVR:VE1PR08MB4958;H:64aa7808-outbound-1.mta.getcheckrecipient.com;FPR:;SPF:TempError;LANG:en;PTR:ec2-63-35-35-123.eu-west-1.compute.amazonaws.com;A:1;MX:1; X-MS-Office365-Filtering-Correlation-Id-Prvs: c93607dd-e1ff-4de0-e052-08d72487ba54 X-Microsoft-Antispam: BCL:0;PCL:0;RULEID:(2390118)(7020095)(4652040)(8989299)(5600148)(710020)(711020)(4605104)(1401327)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(2017052603328)(7193020);SRVR:VE1PR08MB4958; NoDisclaimer: True X-Forefront-PRVS: 0134AD334F X-Microsoft-Antispam-Message-Info: hqy4Z82+DWxNQq1DBwssW0p/zn4ShzAUN4DtoOhEBa7lbrNKuCChIRjj8GcbVXNExN/jje/ujoWtZe4x1Qor3nQ5RWholqKkH9zd6wEWHfGFFPdrw2cqh6xDHCJCyxDMTvXZq5Xr1ftrg4uy0BsBrfvwVPMp08NbBvCfiAwBWx6phgkbrA/II/E1QFa2K8u0Mk3qYaHjAJ4O7wa6317ZkAhQTrPv4zEV/1suFpNkKtSoPnq7QTrVwjmD5Iig5GNR17A78abTuXdI7wend0ABGd9LTohqEpTx0oKxvudFcfOJqWvfuRCeHBVtWsRp2+OZD5CAVOR4EVxj63MY2r/Cqb4/V+st5Eopcwch4Z3FODm9KCwOmBMI6G9dvCzw/Rdyv6MWdVwP3Fb9hqeQRAayxGFFb9/uEjjvY9GqIns35og= X-OriginatorOrg: arm.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 19 Aug 2019 09:29:35.3397 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: e6a89fe1-a190-400f-11b5-08d72487bfd8 X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=f34e5979-57d9-4aaa-ad4d-b122a662184d;Ip=[63.35.35.123];Helo=[64aa7808-outbound-1.mta.getcheckrecipient.com] X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: VE1PR08MB4958 Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Reviewed-by: Sami Mujawar Regards, Sami Mujawar -----Original Message----- From: Krzysztof Koch =20 Sent: 15 August 2019 02:11 PM To: devel@edk2.groups.io Cc: jaben.carsey@intel.com; ray.ni@intel.com; zhichao.gao@intel.com; Sami M= ujawar ; Matteo Carlini ; nd = Subject: [PATCH v1 00/11] Test against invalid pointers in acpiview Prevent the use of invalid pointers when parsing ACPI tables in the UEFI sh= ell acpiview tool. The parsing of ACPI tables is often controlled with the values read earlier= from the same table. For example, the 'Offset' or 'Count' fields found in = a structure are later used to parse the substructures. If such fields lie o= utside the structure's buffer length provided, then there is a possibility = for a wild or dangling pointer. Currently, if the ParseAcpi() function terminates early because the end of = the input table data buffer has been reached, then the pointers which were = supposed to be updated by this function are left untouched. This is a security issue as the values pointed to by these pointers are lat= er used for flow control. This patch series aims to solve this security issue by explicitly initializ= ing any pointers lying outside the input ACPI data buffer to NULL and testi= ng for NULL whenever these pointers are dereferenced. Changes can be seet at: https://github.com/KrzysztofKoch1/edk2/tree/612_add= _pointer_validation_v1 Krzysztof Koch (11): ShellPkg: acpiview: Set ItemPtr to NULL for unprocessed table fields ShellPkg: acpiview: RSDP: Validate global pointer before use ShellPkg: acpiview: FADT: Validate global pointer before use ShellPkg: acpiview: SLIT: Validate global pointer before use ShellPkg: acpiview: SLIT: Validate System Locality count ShellPkg: acpiview: SRAT: Validate global pointers before use ShellPkg: acpiview: MADT: Validate global pointers before use ShellPkg: acpiview: PPTT: Validate global pointers before use ShellPkg: acpiview: IORT: Validate global pointers before use ShellPkg: acpiview: GTDT: Validate global pointers before use ShellPkg: acpiview: DBG2: Validate global pointers before use ShellPkg/Library/UefiShellAcpiViewCommandLib/AcpiParser.c | = 9 ++- ShellPkg/Library/UefiShellAcpiViewCommandLib/Parsers/Dbg2/Dbg2Parser.c | 4= 3 ++++++++++++++ ShellPkg/Library/UefiShellAcpiViewCommandLib/Parsers/Fadt= /FadtParser.c | 14 +++++ ShellPkg/Library/UefiShellAcpiViewCommandLib/Pars= ers/Gtdt/GtdtParser.c | 37 ++++++++++++ ShellPkg/Library/UefiShellAcpiView= CommandLib/Parsers/Iort/IortParser.c | 52 +++++++++++++++++ ShellPkg/Libra= ry/UefiShellAcpiViewCommandLib/Parsers/Madt/MadtParser.c | 13 +++++ ShellP= kg/Library/UefiShellAcpiViewCommandLib/Parsers/Pptt/PpttParser.c | 25 +++++= +++ ShellPkg/Library/UefiShellAcpiViewCommandLib/Parsers/Rsdp/RsdpParser.c= | 12 ++++ ShellPkg/Library/UefiShellAcpiViewCommandLib/Parsers/Slit/SlitP= arser.c | 61 ++++++++++++++++++-- ShellPkg/Library/UefiShellAcpiViewComman= dLib/Parsers/Srat/SratParser.c | 13 +++++ 10 files changed, 272 insertions(+), 7 deletions(-) -- 'Guid(CE165669-3EF3-493F-B85D-6190EE5B9759)'