From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from EUR01-VE1-obe.outbound.protection.outlook.com (EUR01-VE1-obe.outbound.protection.outlook.com [40.107.14.80]) by mx.groups.io with SMTP id smtpd.web10.10769.1580402193979104464 for ; Thu, 30 Jan 2020 08:36:34 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@armh.onmicrosoft.com header.s=selector2-armh-onmicrosoft-com header.b=o+x7Ku0f; spf=pass (domain: arm.com, ip: 40.107.14.80, mailfrom: sami.mujawar@arm.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=4qkWiGK5LJw0wfmc8mNGmTsVWvC1ye0htZBf5ml/zmM=; b=o+x7Ku0f6VvUtcShw4Gl8kKNfB2nfkWDVjldp7wahe/luXfcUvZxVSjxiDIXqfyBTgWnmsEBcP6Puw7LM1iiaA5P3MmhtLljeR3+hQrRdu8r/piYuJellqujkhb5wPE6J0L+eL54VOqAWZdY4XNcpoNuVGGS8U7hkeGQi61BjuQ= Received: from VI1PR08CA0179.eurprd08.prod.outlook.com (2603:10a6:800:d1::33) by VI1PR08MB2832.eurprd08.prod.outlook.com (2603:10a6:802:25::31) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2686.27; Thu, 30 Jan 2020 16:36:30 +0000 Received: from DB5EUR03FT058.eop-EUR03.prod.protection.outlook.com (2a01:111:f400:7e0a::209) by VI1PR08CA0179.outlook.office365.com (2603:10a6:800:d1::33) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2665.22 via Frontend Transport; Thu, 30 Jan 2020 16:36:30 +0000 Authentication-Results: spf=pass (sender IP is 63.35.35.123) smtp.mailfrom=arm.com; edk2.groups.io; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com;edk2.groups.io; dmarc=bestguesspass action=none header.from=arm.com; Received-SPF: Pass (protection.outlook.com: domain of arm.com designates 63.35.35.123 as permitted sender) receiver=protection.outlook.com; client-ip=63.35.35.123; helo=64aa7808-outbound-1.mta.getcheckrecipient.com; Received: from 64aa7808-outbound-1.mta.getcheckrecipient.com (63.35.35.123) by DB5EUR03FT058.mail.protection.outlook.com (10.152.20.255) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2665.18 via Frontend Transport; Thu, 30 Jan 2020 16:36:29 +0000 Received: ("Tessian outbound d1ceabc7047e:v42"); Thu, 30 Jan 2020 16:36:29 +0000 X-CR-MTA-TID: 64aa7808 Received: from 0a11f2391d63.3 by 64aa7808-outbound-1.mta.getcheckrecipient.com id 5A73981F-C043-45CE-8B47-8FD4B05BE765.1; Thu, 30 Jan 2020 16:36:24 +0000 Received: from EUR04-HE1-obe.outbound.protection.outlook.com by 64aa7808-outbound-1.mta.getcheckrecipient.com with ESMTPS id 0a11f2391d63.3 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384); Thu, 30 Jan 2020 16:36:24 +0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ZR23QqqZJcatTWdLxGez8n6t8yNorinq3MbxwDq1NW0ZvNFUEpfcXokHQvaJGvJX2D4o55dZdrqosnSilNFNTbDMWmzcajnNKVpebpjZ1hfOxe8tUPCaj/AdiZffDl9Qw1h9bItOGLEOqcrgs1b046PGzUB3Nh8jxRvwzsohBxG0l5dfDdnj3nBbYq1VsXU08R/V5GlpXPNXRNtNImbNqppyyHrXuROuO7QDtKtNiLKlKIH9Q/RBzHT7x0cw5a6CaZgACpTaN4yvLXt0/c2GP1ORAQGOLzW+99FoR5s+zn117cY/tPxdWA8VX0BXxyn9iOjWtLTiFr192IyF0//wug== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=4qkWiGK5LJw0wfmc8mNGmTsVWvC1ye0htZBf5ml/zmM=; b=jhlh2dr9gb2WXuDMjSKYEMdRI7RzuHYoPOna7shUd91MuLMVZt5Z3odAjmJtNFF2ms3q32jz1n/9JfKCkD98iTeQaaR8nSLarDe9TFsBZvbDw7bdeLyfR7DGpZLiCAMA8dtaRr2VdfP07lZT5Oh/4AX+2MQSqPJxVJB7stSQKVfTJz/hV7BihBvSdPqHY2rmd4d4SZAbTrfzvoIuantOr5o7yp08/E5O/VWwmX6FP2ZCbwMuL6IaJXb7E23Tt3nv7tNVONE39QEw4gUw+EXg+6aesGFhtXverUvcCQBA0/WOBWlsH2vlTxKcxV2rl3R/+T2f1s9qqRBgGtuegWIZjQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=4qkWiGK5LJw0wfmc8mNGmTsVWvC1ye0htZBf5ml/zmM=; b=o+x7Ku0f6VvUtcShw4Gl8kKNfB2nfkWDVjldp7wahe/luXfcUvZxVSjxiDIXqfyBTgWnmsEBcP6Puw7LM1iiaA5P3MmhtLljeR3+hQrRdu8r/piYuJellqujkhb5wPE6J0L+eL54VOqAWZdY4XNcpoNuVGGS8U7hkeGQi61BjuQ= Received: from DB7PR08MB3097.eurprd08.prod.outlook.com (52.134.110.27) by DB7PR08MB3100.eurprd08.prod.outlook.com (52.135.131.159) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2665.24; Thu, 30 Jan 2020 16:36:20 +0000 Received: from DB7PR08MB3097.eurprd08.prod.outlook.com ([fe80::f939:af35:dc8:3b53]) by DB7PR08MB3097.eurprd08.prod.outlook.com ([fe80::f939:af35:dc8:3b53%7]) with mapi id 15.20.2665.027; Thu, 30 Jan 2020 16:36:20 +0000 From: "Sami Mujawar" To: Krzysztof Koch , "devel@edk2.groups.io" CC: "ray.ni@intel.com" , "zhichao.gao@intel.com" , Matteo Carlini , nd , Laura Moretta Subject: Re: [PATCH v1 1/1] ShellPkg: acpiview: Validate ACPI table 'Length' field Thread-Topic: [PATCH v1 1/1] ShellPkg: acpiview: Validate ACPI table 'Length' field Thread-Index: AQHV14kqdF7lB11nwEOfvEbAJEbD4KgDZ2Eg Date: Thu, 30 Jan 2020 16:36:20 +0000 Message-ID: References: <20200130161958.40212-1-krzysztof.koch@arm.com> In-Reply-To: <20200130161958.40212-1-krzysztof.koch@arm.com> Accept-Language: en-GB, en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ts-tracking-id: 8cd43f89-ca6f-4b56-89fd-750b7354d6e3.1 x-checkrecipientchecked: true Authentication-Results-Original: spf=none (sender IP is ) smtp.mailfrom=Sami.Mujawar@arm.com; x-originating-ip: [217.140.106.51] x-ms-publictraffictype: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: 124c1bcd-b0b1-40f7-6d61-08d7a5a28efd X-MS-TrafficTypeDiagnostic: DB7PR08MB3100:|DB7PR08MB3100:|VI1PR08MB2832: x-ms-exchange-transport-forked: True X-Microsoft-Antispam-PRVS: x-checkrecipientrouted: true nodisclaimer: true x-ms-oob-tlc-oobclassifiers: OLM:8273;OLM:8273; x-forefront-prvs: 02981BE340 X-Forefront-Antispam-Report-Untrusted: SFV:NSPM;SFS:(10009020)(4636009)(346002)(376002)(39860400002)(396003)(136003)(366004)(189003)(199004)(186003)(81166006)(81156014)(8676002)(2906002)(26005)(53546011)(15650500001)(8936002)(6506007)(9686003)(86362001)(4326008)(55016002)(54906003)(316002)(110136005)(33656002)(71200400001)(966005)(478600001)(66556008)(64756008)(66446008)(7696005)(66476007)(76116006)(5660300002)(66946007)(52536014);DIR:OUT;SFP:1101;SCL:1;SRVR:DB7PR08MB3100;H:DB7PR08MB3097.eurprd08.prod.outlook.com;FPR:;SPF:None;LANG:en;PTR:InfoNoRecords;MX:1;A:1; received-spf: None (protection.outlook.com: arm.com does not designate permitted sender hosts) X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam-Untrusted: BCL:0; X-Microsoft-Antispam-Message-Info-Original: iK3ca2dXuLcMiyZ/OE91b3umpFc3c/FYRPS0nbsFHJCVyE6Ua1Rm2hCs1F5pV0MzZsZwJ36fIB+syEvu+4L/g6Ztsi0TnR9opR4r8G5Ld6EfJ7ZE7lcujbVSZJLms7TQNzOZAnxh9Lgz6EiV6Righ7E7ZTCTDYwDy428VaampkbrEW9Fdrj6w71KNytjSa/rW1ltz13y7E5JR3j5AQleZhg/kh446+QRtgrZ9VibGTZXqCDrU13G162OokxBJNx0VP2vliw9XP9LYnIQQ57Y3NhJUmsg2akGE6NLbmss5t7AhxPqPS1oE7B6KRnD1WhsfSVymO1MiJUvg066Sx9GGvqSEI3bGDDG0AqgbLl0l1wRY/zb6E7iyBOhqIlYex+6epytfWBNBCU1De3OQmPTfMQNDUjGu2239yIrtaCLAiUIOaZAa/WDZzI1+N6VTDjePDqR05hfGEpvway2vvcDMSFBuq7ZfgIcYZxlIZJIt16XOMKjeA1F7CWBPfVFc6dUOdMusdota+OodvNFK3J6Tg== x-ms-exchange-antispam-messagedata: xy6Yjy1VBCH6WRnmGmrLQJRjE6fEahfvBQROZ2XEXK9DWDwqiHfGrvv1mbmUq8eiV209NDiBrWpkB6mYv6qVh8J8Sm9kfO0HoEyrDFtuuvpyEHZfpsDaQxXrPrDOa3g1Nw1xmz53J3Csswz9EjCYeQ== MIME-Version: 1.0 X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB7PR08MB3100 Original-Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=Sami.Mujawar@arm.com; Return-Path: Sami.Mujawar@arm.com X-EOPAttributedMessage: 0 X-MS-Exchange-Transport-CrossTenantHeadersStripped: DB5EUR03FT058.eop-EUR03.prod.protection.outlook.com X-Forefront-Antispam-Report: CIP:63.35.35.123;IPV:CAL;SCL:-1;CTRY:IE;EFV:NLI;SFV:NSPM;SFS:(10009020)(4636009)(396003)(136003)(346002)(376002)(39860400002)(189003)(199004)(86362001)(478600001)(110136005)(54906003)(5660300002)(70206006)(70586007)(52536014)(8676002)(33656002)(81166006)(81156014)(15650500001)(316002)(55016002)(8936002)(966005)(26826003)(2906002)(336012)(53546011)(356004)(4326008)(9686003)(186003)(26005)(6506007)(7696005);DIR:OUT;SFP:1101;SCL:1;SRVR:VI1PR08MB2832;H:64aa7808-outbound-1.mta.getcheckrecipient.com;FPR:;SPF:Pass;LANG:en;PTR:ec2-63-35-35-123.eu-west-1.compute.amazonaws.com;MX:1;A:1; X-MS-Office365-Filtering-Correlation-Id-Prvs: 2769d3b5-969b-4b8f-2d56-08d7a5a289a4 X-Forefront-PRVS: 02981BE340 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: F+P1zgV1h/Qk5nnAjVy24B6KiHNMTPoip2TJwekzPaKgfZk1UMPyZ3fN3kh1SS0Iu066kIoA6jUoFvNs+/ScnoxI5ZQCHtCcqolRG9gUTKcOCyIuO6VSbywOyk2L5ut0aFV2QbMIpZhKPvL6GBKn1yVYAxgUhxjsKlgldxlKTpwchKkaaAmzed+WBdDHpHtmMSwlfWolQd+aHOeKdrIucud7E+1VDM1DdtJOrcBFNqBFaDgkD2NCt926AkIacl9bfd0vQAczHYRtq16jHPdXQ13tIoD2uTGVS+Ez1pXk6TDA3g91i3zXrNpQo/aWlv3ECqmOleP/+9sNp0ABj+zRH5PnkNfLKSFCrhZyRuTCpiAOWXlJJTX6ML23qDgt8+MIoYq9yQHXPGiUY/GEiVTi+bJLIiKGY5dMM1aZMXez17MxTa/qJ8gFDNOe36G4qp6Pe22LiCATOjC7w4E00RBtcRPQRlSyL1Mtqh7vYMZryAHOTfej47bIjlMiJfiLl9oKhFWdUlkMrAyhucwWytwF4A== X-OriginatorOrg: arm.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 30 Jan 2020 16:36:29.7932 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 124c1bcd-b0b1-40f7-6d61-08d7a5a28efd X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=f34e5979-57d9-4aaa-ad4d-b122a662184d;Ip=[63.35.35.123];Helo=[64aa7808-outbound-1.mta.getcheckrecipient.com] X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR08MB2832 Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Reviewed-by: Sami Mujawar Regards, Sami Mujawar -----Original Message----- From: Krzysztof Koch =20 Sent: 30 January 2020 16:20 To: devel@edk2.groups.io Cc: ray.ni@intel.com; zhichao.gao@intel.com; Matteo Carlini ; Sami Mujawar ; nd Subject: [PATCH v1 1/1] ShellPkg: acpiview: Validate ACPI table 'Length' fi= eld Check if the ACPI table length, as reported in the ACPI table header, is bi= g enough to fit at least the header itself. If not, report an error to the user and stop parsing the table in order to = prevent buffer overruns. Signed-off-by: Krzysztof Koch --- Changes can be seet at: https://github.com/KrzysztofKoch1/edk2/pull/new/650= _add_checks_process_acpi_table_v1 Notes: v1: - Validate ACPI table length [Krzysztof] ShellPkg/Library/UefiShellAcpiViewCommandLib/AcpiTableParser.c | 22 ++++++= +++++++++++++- 1 file changed, 21 insertions(+), 1 deletion(-) diff --git a/ShellPkg/Library/UefiShellAcpiViewCommandLib/AcpiTableParser.c= b/ShellPkg/Library/UefiShellAcpiViewCommandLib/AcpiTableParser.c index d5500bcb2b4a55c7a69f45444aa49d36d2c1694f..0c93bca4fc0f7d2f105a7654258= e00f714fc1519 100644 --- a/ShellPkg/Library/UefiShellAcpiViewCommandLib/AcpiTableParser.c +++ b/ShellPkg/Library/UefiShellAcpiViewCommandLib/AcpiTableParser.c @@ -1,7 +1,7 @@ /** @file ACPI table parser =20 - Copyright (c) 2016 - 2019, ARM Limited. All rights reserved. + Copyright (c) 2016 - 2020, ARM Limited. All rights reserved. SPDX-License-Identifier: BSD-2-Clause-Patent **/ =20 @@ -176,6 +176,7 @@ ProcessAcpiTable ( CONST UINT32* AcpiTableSignature; CONST UINT32* AcpiTableLength; CONST UINT8* AcpiTableRevision; + CONST UINT8* SignaturePtr; PARSE_ACPI_TABLE_PROC ParserProc; =20 ParseAcpiHeader ( @@ -193,6 +194,25 @@ ProcessAcpiTable ( =20 if (Trace) { DumpRaw (Ptr, *AcpiTableLength); + + /* + Do not process the ACPI table any further if the table length read + is invalid. The ACPI table should at least contain the table header. + */ + if (*AcpiTableLength < sizeof (EFI_ACPI_DESCRIPTION_HEADER)) { + SignaturePtr =3D (CONST UINT8*)AcpiTableSignature; + IncrementErrorCount (); + Print ( + L"ERROR: Invalid %c%c%c%c table length. Length =3D %d\n", + SignaturePtr[0], + SignaturePtr[1], + SignaturePtr[2], + SignaturePtr[3], + *AcpiTableLength + ); + return; + } + if (GetConsistencyChecking ()) { VerifyChecksum (TRUE, Ptr, *AcpiTableLength); } -- 'Guid(CE165669-3EF3-493F-B85D-6190EE5B9759)'