From mboxrd@z Thu Jan 1 00:00:00 1970 Authentication-Results: mx.groups.io; dkim=pass header.i=@armh.onmicrosoft.com header.s=selector2-armh-onmicrosoft-com header.b=MhKKnANo; spf=pass (domain: arm.com, ip: 40.107.4.54, mailfrom: krzysztof.koch@arm.com) Received: from EUR03-DB5-obe.outbound.protection.outlook.com (EUR03-DB5-obe.outbound.protection.outlook.com [40.107.4.54]) by groups.io with SMTP; Fri, 16 Aug 2019 00:21:31 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=r3E/BiA1GSc/KGMyG00S9BZoNNgDHs9mK2O3JEEM4Bs=; b=MhKKnANoySo6bkgWjeNcj4XxH51N5ZfmOftjzp51LmnY+/F9bIDXhMubai2pQyOcLCQSXnAgWn7nNp64u7sEj9tIeq1dEHnR796B9Dou127CfbTOFPK++QbEaUovUCkAJweAsnaKa6MCEpVZwL70pSi3dH+pcpSDEO6B4TPt4lU= Received: from DB7PR08CA0001.eurprd08.prod.outlook.com (2603:10a6:5:16::14) by VE1PR08MB4958.eurprd08.prod.outlook.com (2603:10a6:803:110::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2157.16; Fri, 16 Aug 2019 07:21:27 +0000 Received: from DB5EUR03FT048.eop-EUR03.prod.protection.outlook.com (2a01:111:f400:7e0a::209) by DB7PR08CA0001.outlook.office365.com (2603:10a6:5:16::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.2178.16 via Frontend Transport; Fri, 16 Aug 2019 07:21:27 +0000 Authentication-Results: spf=temperror (sender IP is 63.35.35.123) smtp.mailfrom=arm.com; edk2.groups.io; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com;edk2.groups.io; dmarc=temperror action=none header.from=arm.com; Received-SPF: TempError (protection.outlook.com: error in processing during lookup of arm.com: DNS Timeout) Received: from 64aa7808-outbound-1.mta.getcheckrecipient.com (63.35.35.123) by DB5EUR03FT048.mail.protection.outlook.com (10.152.21.28) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.2178.16 via Frontend Transport; Fri, 16 Aug 2019 07:21:26 +0000 Received: ("Tessian outbound 578a71fe5eaa:v26"); Fri, 16 Aug 2019 07:21:25 +0000 X-CR-MTA-TID: 64aa7808 Received: from b6d2d7b894ed.2 (cr-mta-lb-1.cr-mta-net [104.47.13.53]) by 64aa7808-outbound-1.mta.getcheckrecipient.com id 79364EFC-802F-4499-B644-EB2E5F0B70C9.1; Fri, 16 Aug 2019 07:21:20 +0000 Received: from EUR04-HE1-obe.outbound.protection.outlook.com (mail-he1eur04lp2053.outbound.protection.outlook.com [104.47.13.53]) by 64aa7808-outbound-1.mta.getcheckrecipient.com with ESMTPS id b6d2d7b894ed.2 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384); Fri, 16 Aug 2019 07:21:20 +0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ZaNeFKnNNh84Y1U0wJob9+BtAfmMoUsrQSDIRpVYXY3AW6+HPmyE/K6RP0nA9IM3yGC1Jm03oZ5ZPu57GFgYtQ2LmZ/NTbhgLuGVpXaxk/wbpVSsA18KqJG+QR85KkyWrDzxiTUK5GGhSmIGzN2MIcALNqX8n7NTwS2SbQE7VsfHFogF8lbilLDRz3s5Jwpet3yCUIFWpYw8XJTAPsgT3Ly/uOui4ys/ytUkOhpYZS6ao5Mj01z4zcW3ZDJ7gzTEfWCcYP/3LWDK58GlLl6XoYBX0APTpqz4DwIJwBgLaEWLYuSay/3uVrIyI6OEZLjr/XPpB+jpWsmMk24ZHeIFVw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=r3E/BiA1GSc/KGMyG00S9BZoNNgDHs9mK2O3JEEM4Bs=; b=HrA85jzYzhgRoEF/dRQVO+zqCHp9wByWeOdjQ8i2bkXa9yTsQrf6OWFgRjGrfAABZhN1XZpJ1cD6l1qCT58wDcak+QFf4Od+lwzL7Je1lndqs9oU3u+XytCAX0EGE5PUtHDEufP9BaGOakb+IiQxk1C9lR0NKDyhEVV/Oeafhfy45cVEal1yDFmjVo9ide57b2R1rBVMHkHO53lTSDu+dQkk0YCG5ocqCuW2VK0vF1ASZ6CvCOkYk5p5iOysEmegcaDjhdRiYhdbrzfB8WfNg6vH45DusOge9hchbPUGO5ttYpRf+rEaMQW8m6T3wnZ0QAyoBmGDCJQWURgmvJE4hQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=r3E/BiA1GSc/KGMyG00S9BZoNNgDHs9mK2O3JEEM4Bs=; b=MhKKnANoySo6bkgWjeNcj4XxH51N5ZfmOftjzp51LmnY+/F9bIDXhMubai2pQyOcLCQSXnAgWn7nNp64u7sEj9tIeq1dEHnR796B9Dou127CfbTOFPK++QbEaUovUCkAJweAsnaKa6MCEpVZwL70pSi3dH+pcpSDEO6B4TPt4lU= Received: from VE1PR08MB4783.eurprd08.prod.outlook.com (10.255.114.16) by VE1PR08MB5072.eurprd08.prod.outlook.com (20.179.29.150) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2157.16; Fri, 16 Aug 2019 07:21:18 +0000 Received: from VE1PR08MB4783.eurprd08.prod.outlook.com ([fe80::c0c1:9dbc:4681:6b5c]) by VE1PR08MB4783.eurprd08.prod.outlook.com ([fe80::c0c1:9dbc:4681:6b5c%7]) with mapi id 15.20.2178.016; Fri, 16 Aug 2019 07:21:18 +0000 From: "Krzysztof Koch" To: "Gao, Liming" , "devel@edk2.groups.io" CC: "Carsey, Jaben" , "Ni, Ray" , "Gao, Zhichao" , Sami Mujawar , Matteo Carlini , nd Subject: Re: [edk2-devel] [PATCH v1 00/11] Test against invalid pointers in acpiview Thread-Topic: [edk2-devel] [PATCH v1 00/11] Test against invalid pointers in acpiview Thread-Index: AQHVU2sKXwmCUo0Ig0e7ndOUPYqpjqb9J+BwgAA3I1A= Date: Fri, 16 Aug 2019 07:21:17 +0000 Message-ID: References: <20190815131121.52644-1-krzysztof.koch@arm.com> <4A89E2EF3DFEDB4C8BFDE51014F606A14E4D233E@SHSMSX104.ccr.corp.intel.com> In-Reply-To: <4A89E2EF3DFEDB4C8BFDE51014F606A14E4D233E@SHSMSX104.ccr.corp.intel.com> Accept-Language: en-GB, en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ts-tracking-id: 063b6466-4ca1-46ba-b842-7e839ccd3e3d.1 x-checkrecipientchecked: true Authentication-Results-Original: spf=none (sender IP is ) smtp.mailfrom=Krzysztof.Koch@arm.com; x-originating-ip: [217.140.106.49] x-ms-publictraffictype: Email X-MS-Office365-Filtering-Correlation-Id: c6ab4625-51d3-4d68-aa58-08d7221a59e9 X-MS-Office365-Filtering-HT: Tenant X-Microsoft-Antispam-Untrusted: BCL:0;PCL:0;RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(711020)(4605104)(1401327)(4618075)(2017052603328)(7193020);SRVR:VE1PR08MB5072; X-MS-TrafficTypeDiagnostic: VE1PR08MB5072:|VE1PR08MB4958: X-MS-Exchange-PUrlCount: 6 x-ms-exchange-transport-forked: True X-Microsoft-Antispam-PRVS: x-checkrecipientrouted: true x-ms-oob-tlc-oobclassifiers: OLM:8273;OLM:8273; x-forefront-prvs: 0131D22242 X-Forefront-Antispam-Report-Untrusted: SFV:NSPM;SFS:(10009020)(4636009)(366004)(376002)(39860400002)(396003)(346002)(136003)(199004)(189003)(13464003)(66476007)(102836004)(71200400001)(66066001)(7736002)(52536014)(966005)(74316002)(71190400001)(64756008)(53936002)(66446008)(186003)(229853002)(76116006)(305945005)(66556008)(33656002)(54906003)(6306002)(6436002)(6506007)(478600001)(53546011)(2501003)(55016002)(9686003)(2906002)(99286004)(4326008)(86362001)(26005)(8676002)(6116002)(14454004)(14444005)(476003)(8936002)(6246003)(11346002)(25786009)(110136005)(446003)(3846002)(316002)(256004)(7696005)(81166006)(5660300002)(76176011)(486006)(81156014)(66946007);DIR:OUT;SFP:1101;SCL:1;SRVR:VE1PR08MB5072;H:VE1PR08MB4783.eurprd08.prod.outlook.com;FPR:;SPF:None;LANG:en;PTR:InfoNoRecords;A:1;MX:1; received-spf: None (protection.outlook.com: arm.com does not designate permitted sender hosts) X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam-Message-Info-Original: qpu0X/DDoNEmO8g4X2TiLbfGc3dvpkmxOrnaMr9aJ0mK0FBf0PTCGY//ZNU+c92azCu7W7ecBd89STs71CyHxlorwzA7c6efXPRd0oGw/kYerE05mYJjQ38RTYwg/jZ6aQENmoH+uhU8PA+FuRRnwSRNrMvnwYcAJK4HEnjru9k0kMdr3jqqO3goOHKmVtxQOMwuVgIYns/NuicdaLkqj+A6N/qdtlXqWIA/Nkp8hZpocG3+kXas/7z8xGPvZ57sFqFxHGKbD0MbNbLpGSE140W7nsHkQY8wfLF8HJjF+QuFGuq1b2l3U3lB/1w2HuK6DcKwEzhzTqL7Uo4HJO9YL5yKB2nILmGEBqIQAUhL8NgGYqI0H4CWkf9wonVeyTv9EeCZxQJ8uAJ56qF2yiNhe7pUqxcDCdhCLpaLTHtVxDo= MIME-Version: 1.0 X-MS-Exchange-Transport-CrossTenantHeadersStamped: VE1PR08MB5072 Original-Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=Krzysztof.Koch@arm.com; Return-Path: Krzysztof.Koch@arm.com X-EOPAttributedMessage: 0 X-MS-Exchange-Transport-CrossTenantHeadersStripped: DB5EUR03FT048.eop-EUR03.prod.protection.outlook.com X-Forefront-Antispam-Report: CIP:63.35.35.123;IPV:CAL;SCL:-1;CTRY:IE;EFV:NLI;SFV:NSPM;SFS:(10009020)(4636009)(346002)(136003)(376002)(396003)(39860400002)(2980300002)(199004)(13464003)(189003)(6116002)(23726003)(46406003)(4326008)(9686003)(478600001)(14454004)(74316002)(86362001)(26826003)(55016002)(6246003)(6306002)(966005)(2906002)(356004)(25786009)(2501003)(305945005)(8676002)(97756001)(7736002)(186003)(3846002)(99286004)(52536014)(446003)(76176011)(5660300002)(7696005)(316002)(81156014)(6506007)(26005)(11346002)(63370400001)(63350400001)(14444005)(8746002)(66066001)(47776003)(102836004)(110136005)(53546011)(81166006)(476003)(54906003)(70206006)(229853002)(22756006)(76130400001)(50466002)(33656002)(486006)(336012)(126002)(70586007)(8936002);DIR:OUT;SFP:1101;SCL:1;SRVR:VE1PR08MB4958;H:64aa7808-outbound-1.mta.getcheckrecipient.com;FPR:;SPF:TempError;LANG:en;PTR:ec2-63-35-35-123.eu-west-1.compute.amazonaws.com;A:1;MX:1; X-MS-Office365-Filtering-Correlation-Id-Prvs: 0b739aaf-ce52-4072-6e08-08d7221a54ae X-Microsoft-Antispam: BCL:0;PCL:0;RULEID:(2390118)(7020095)(4652040)(8989299)(5600148)(710020)(711020)(4605104)(1401327)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(2017052603328)(7193020);SRVR:VE1PR08MB4958; NoDisclaimer: True X-Forefront-PRVS: 0131D22242 X-Microsoft-Antispam-Message-Info: wpfncSlTeX5PjBEXtjrfbP/l2cSC0cyQeSKQdEcOsyPaGBcN8Mo8iNC040UywzeLGzEDg1q/sJoDOC4rNNZAQndVoHtQrGi+3uFeD5smGPAKofMDVFvQvNTGnrv8O1IFqlR1cfNBLeh3WGxz0q3nxwoVgydZnAKzQC5yaK6xCBmIXunx+eRXmjs6QmyTg5w+1OQDg6euKoP12qPJI93Wu65wAjHYnR2OaAv8+xtPcnvMlipBRrjDs3md9tZZx6raJE4XNGOKGULgiE5/ElJykcwmUgPtnmZs9/wE2Sd3WNmW+wXSuJjUJVHvt96pI6crc70mL6cAxXEUcHQgDZkQtwzTcJUEWWdixlMdtHSXETAKKxl/z/Kfb0bFb/y7Yd9e1IVJn5u9fhjzmJFdCQyppl12kqnwJZltroO0A/BywkU= X-OriginatorOrg: arm.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 16 Aug 2019 07:21:26.8633 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: c6ab4625-51d3-4d68-aa58-08d7221a59e9 X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=f34e5979-57d9-4aaa-ad4d-b122a662184d;Ip=[63.35.35.123];Helo=[64aa7808-outbound-1.mta.getcheckrecipient.com] X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: VE1PR08MB4958 Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D2089 Hi Liming, Sure, no problem. Kind regards, Krzysztof -----Original Message----- From: Gao, Liming =20 Sent: Friday, August 16, 2019 5:03 To: devel@edk2.groups.io; Krzysztof Koch Cc: Carsey, Jaben ; Ni, Ray ; Ga= o, Zhichao ; Sami Mujawar ; Ma= tteo Carlini ; nd Subject: RE: [edk2-devel] [PATCH v1 00/11] Test against invalid pointers i= n acpiview Krzysztof: Can you submit BZ in https://bugzilla.tianocore.org/ for this change?= =20 Thanks Liming >-----Original Message----- >From: devel@edk2.groups.io [mailto:devel@edk2.groups.io] On Behalf Of=20 >Krzysztof Koch >Sent: Thursday, August 15, 2019 9:11 PM >To: devel@edk2.groups.io >Cc: Carsey, Jaben ; Ni, Ray ;= =20 >Gao, Zhichao ; Sami.Mujawar@arm.com;=20 >Matteo.Carlini@arm.com; nd@arm.com >Subject: [edk2-devel] [PATCH v1 00/11] Test against invalid pointers in= =20 >acpiview > >Prevent the use of invalid pointers when parsing ACPI tables in the=20 >UEFI shell acpiview tool. > >The parsing of ACPI tables is often controlled with the values read=20 >earlier from the same table. For example, the 'Offset' or 'Count'=20 >fields found in a structure are later used to parse the substructures.=20 >If such fields lie outside the structure's buffer length provided, then= =20 >there is a possibility for a wild or dangling pointer. > >Currently, if the ParseAcpi() function terminates early because the end= =20 >of the input table data buffer has been reached, then the pointers=20 >which were supposed to be updated by this function are left untouched. >This is a security issue as the values pointed to by these pointers are= =20 >later used for flow control. > >This patch series aims to solve this security issue by explicitly=20 >initializing any pointers lying outside the input ACPI data buffer to=20 >NULL and testing for NULL whenever these pointers are dereferenced. > >Changes can be seet at: >https://github.com/KrzysztofKoch1/edk2/tree/612_add_pointer_validation_ >v1 > >Krzysztof Koch (11): > ShellPkg: acpiview: Set ItemPtr to NULL for unprocessed table fields > ShellPkg: acpiview: RSDP: Validate global pointer before use > ShellPkg: acpiview: FADT: Validate global pointer before use > ShellPkg: acpiview: SLIT: Validate global pointer before use > ShellPkg: acpiview: SLIT: Validate System Locality count > ShellPkg: acpiview: SRAT: Validate global pointers before use > ShellPkg: acpiview: MADT: Validate global pointers before use > ShellPkg: acpiview: PPTT: Validate global pointers before use > ShellPkg: acpiview: IORT: Validate global pointers before use > ShellPkg: acpiview: GTDT: Validate global pointers before use > ShellPkg: acpiview: DBG2: Validate global pointers before use > > ShellPkg/Library/UefiShellAcpiViewCommandLib/AcpiParser.c |= 9 ++- > ShellPkg/Library/UefiShellAcpiViewCommandLib/Parsers/Dbg2/Dbg2Parser.c >| 43 ++++++++++++++ > ShellPkg/Library/UefiShellAcpiViewCommandLib/Parsers/Fadt/FadtParser.c= =20 >| >14 +++++ > ShellPkg/Library/UefiShellAcpiViewCommandLib/Parsers/Gtdt/GtdtParser.c >| 37 ++++++++++++ > ShellPkg/Library/UefiShellAcpiViewCommandLib/Parsers/Iort/IortParser.c= =20 >| >52 +++++++++++++++++ > >ShellPkg/Library/UefiShellAcpiViewCommandLib/Parsers/Madt/MadtParser.c >| 13 +++++ > ShellPkg/Library/UefiShellAcpiViewCommandLib/Parsers/Pptt/PpttParser.c= =20 >| >25 ++++++++ > ShellPkg/Library/UefiShellAcpiViewCommandLib/Parsers/Rsdp/RsdpParser.c >| 12 ++++ > ShellPkg/Library/UefiShellAcpiViewCommandLib/Parsers/Slit/SlitParser.c= =20 > | 61 >++++++++++++++++++-- > ShellPkg/Library/UefiShellAcpiViewCommandLib/Parsers/Srat/SratParser.c= =20 >| >13 +++++ > 10 files changed, 272 insertions(+), 7 deletions(-) > >-- >'Guid(CE165669-3EF3-493F-B85D-6190EE5B9759)' > > > >