From: "Michael Kubacki" <mikuback@linux.microsoft.com>
To: devel@edk2.groups.io, michael.d.kinney@intel.com
Cc: "Bi, Dandan" <dandan.bi@intel.com>,
Erich McMillan <emcmillan@microsoft.com>,
"Wang, Jian J" <jian.j.wang@intel.com>,
"Gao, Liming" <gaoliming@byosoft.com.cn>,
"Zeng, Star" <star.zeng@intel.com>,
"Gao, Zhichao" <zhichao.gao@intel.com>,
"Liu, Zhiguang" <zhiguang.liu@intel.com>,
"Kubacki, Michael" <michael.kubacki@microsoft.com>
Subject: Re: [edk2-devel] [PATCH v1 01/12] MdeModulePkg/SmbiosDxe: Fix pointer and buffer overflow CodeQL alerts
Date: Wed, 23 Nov 2022 20:46:15 -0500 [thread overview]
Message-ID: <e7510a89-d325-8771-66d0-b8238a3d7fc7@linux.microsoft.com> (raw)
In-Reply-To: <CO1PR11MB49296301550554179A82AE1FD20F9@CO1PR11MB4929.namprd11.prod.outlook.com>
Thanks Mike. Erich, I'll include the update for this in the v2 series.
On 11/23/2022 8:28 PM, Michael D Kinney wrote:
> Hi Erich,
>
> One comment below.
>
> Mike
>
>> -----Original Message-----
>> From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Michael Kubacki
>> Sent: Wednesday, November 9, 2022 9:33 AM
>> To: devel@edk2.groups.io
>> Cc: Bi, Dandan <dandan.bi@intel.com>; Erich McMillan <emcmillan@microsoft.com>; Wang, Jian J <jian.j.wang@intel.com>; Gao,
>> Liming <gaoliming@byosoft.com.cn>; Michael Kubacki <mikuback@linux.microsoft.com>; Zeng, Star <star.zeng@intel.com>; Gao,
>> Zhichao <zhichao.gao@intel.com>; Liu, Zhiguang <zhiguang.liu@intel.com>; Kubacki, Michael <michael.kubacki@microsoft.com>
>> Subject: [edk2-devel] [PATCH v1 01/12] MdeModulePkg/SmbiosDxe: Fix pointer and buffer overflow CodeQL alerts
>>
>> From: Erich McMillan <emcmillan@microsoft.com>
>>
>> Details for these CodeQL alerts can be found here:
>>
>> - Pointer overflow check (cpp/pointer-overflow-check):
>> - https://cwe.mitre.org/data/definitions/758.html
>>
>> - Potential buffer overflow check (cpp/potential-buffer-overflow):
>> - https://cwe.mitre.org/data/definitions/676.html
>>
>> CodeQL alert:
>>
>> - Line 1612 in MdeModulePkg/Universal/SmbiosDxe/SmbiosDxe.c
>> - Type: Pointer overflow check
>> - Severity: Low
>> - Problem: Range check relying on pointer overflow
>>
>> Cc: Dandan Bi <dandan.bi@intel.com>
>> Cc: Erich McMillan <emcmillan@microsoft.com>
>> Cc: Jian J Wang <jian.j.wang@intel.com>
>> Cc: Liming Gao <gaoliming@byosoft.com.cn>
>> Cc: Michael Kubacki <mikuback@linux.microsoft.com>
>> Cc: Star Zeng <star.zeng@intel.com>
>> Cc: Zhichao Gao <zhichao.gao@intel.com>
>> Cc: Zhiguang Liu <zhiguang.liu@intel.com>
>> Co-authored-by: Michael Kubacki <michael.kubacki@microsoft.com>
>> Signed-off-by: Erich McMillan <emcmillan@microsoft.com>
>> ---
>> MdeModulePkg/Universal/SmbiosDxe/SmbiosDxe.c | 4 +++-
>> MdeModulePkg/Universal/SmbiosDxe/SmbiosDxe.inf | 1 +
>> 2 files changed, 4 insertions(+), 1 deletion(-)
>>
>> diff --git a/MdeModulePkg/Universal/SmbiosDxe/SmbiosDxe.c b/MdeModulePkg/Universal/SmbiosDxe/SmbiosDxe.c
>> index 1d43adc7662c..03eca4e6b103 100644
>> --- a/MdeModulePkg/Universal/SmbiosDxe/SmbiosDxe.c
>> +++ b/MdeModulePkg/Universal/SmbiosDxe/SmbiosDxe.c
>> @@ -8,6 +8,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
>> **/
>>
>> #include "SmbiosDxe.h"
>> +#include <Library/SafeIntLib.h>
>>
>> //
>> // Module Global:
>> @@ -1594,6 +1595,7 @@ ParseAndAddExistingSmbiosTable (
>> CHAR8 *String;
>> EFI_SMBIOS_HANDLE SmbiosHandle;
>> SMBIOS_STRUCTURE_POINTER SmbiosEnd;
>> + UINTN SafeIntResult;
>>
>> mPrivateData.Smbios.MajorVersion = MajorVersion;
>> mPrivateData.Smbios.MinorVersion = MinorVersion;
>> @@ -1609,7 +1611,7 @@ ParseAndAddExistingSmbiosTable (
>> // Make sure not to access memory beyond SmbiosEnd
>> //
>> if ((Smbios.Raw + sizeof (SMBIOS_STRUCTURE) > SmbiosEnd.Raw) ||
>
> The line above does the same unsafe add operation.
> The use of SafeUintnAdd()should be moved before the if statement
> and SafeIntResult should be used twice in the if statement.
> The check for EFI_ERROR from SafeUintnAdd() can be performed
> before the if statement.
>
>> - (Smbios.Raw + sizeof (SMBIOS_STRUCTURE) < Smbios.Raw))
>> + EFI_ERROR (SafeUintnAdd ((UINTN)Smbios.Raw, sizeof (SMBIOS_STRUCTURE), &SafeIntResult)))
>> {
>> return EFI_INVALID_PARAMETER;
>> }
>> diff --git a/MdeModulePkg/Universal/SmbiosDxe/SmbiosDxe.inf b/MdeModulePkg/Universal/SmbiosDxe/SmbiosDxe.inf
>> index c03915a6921f..8b7c74694775 100644
>> --- a/MdeModulePkg/Universal/SmbiosDxe/SmbiosDxe.inf
>> +++ b/MdeModulePkg/Universal/SmbiosDxe/SmbiosDxe.inf
>> @@ -42,6 +42,7 @@ [LibraryClasses]
>> DebugLib
>> PcdLib
>> HobLib
>> + SafeIntLib
>>
>> [Protocols]
>> gEfiSmbiosProtocolGuid ## PRODUCES
>> --
>> 2.28.0.windows.1
>>
>>
>>
>> -=-=-=-=-=-=
>> Groups.io Links: You receive all messages sent to this group.
>> View/Reply Online (#96147): https://edk2.groups.io/g/devel/message/96147
>> Mute This Topic: https://groups.io/mt/94918085/1643496
>> Group Owner: devel+owner@edk2.groups.io
>> Unsubscribe: https://edk2.groups.io/g/devel/unsub [michael.d.kinney@intel.com]
>> -=-=-=-=-=-=
>>
>
>
>
>
>
>
next prev parent reply other threads:[~2022-11-24 1:46 UTC|newest]
Thread overview: 33+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-11-09 17:32 [PATCH v1 00/12] Enable New CodeQL Queries Michael Kubacki
2022-11-09 17:32 ` [PATCH v1 01/12] MdeModulePkg/SmbiosDxe: Fix pointer and buffer overflow CodeQL alerts Michael Kubacki
2022-11-24 1:28 ` [edk2-devel] " Michael D Kinney
2022-11-24 1:46 ` Michael Kubacki [this message]
2022-11-09 17:32 ` [PATCH v1 02/12] BaseTools/PatchCheck.py: Add PCCTS to tab exemption list Michael Kubacki
2022-11-24 1:30 ` Michael D Kinney
2022-11-09 17:32 ` [PATCH v1 03/12] BaseTools/VfrCompile: Fix potential buffer overwrites Michael Kubacki
2022-11-24 1:32 ` [edk2-devel] " Michael D Kinney
2022-11-09 17:32 ` [PATCH v1 04/12] CryptoPkg: Fix conditionally uninitialized variable Michael Kubacki
2022-11-24 1:37 ` [edk2-devel] " Michael D Kinney
2022-11-24 1:47 ` Michael Kubacki
2022-11-09 17:32 ` [PATCH v1 05/12] MdeModulePkg: Fix conditionally uninitialized variables Michael Kubacki
2022-11-09 17:32 ` [PATCH v1 06/12] MdePkg: " Michael Kubacki
2022-11-24 1:53 ` Michael D Kinney
2022-11-24 1:59 ` Michael Kubacki
2022-11-09 17:32 ` [PATCH v1 07/12] NetworkPkg: " Michael Kubacki
2022-11-24 1:59 ` Michael D Kinney
2022-11-09 17:32 ` [PATCH v1 08/12] PcAtChipsetPkg: " Michael Kubacki
2022-11-24 2:00 ` Michael D Kinney
2022-11-24 5:01 ` Ni, Ray
2022-11-09 17:32 ` [PATCH v1 09/12] ShellPkg: " Michael Kubacki
2022-11-24 2:19 ` Gao, Zhichao
2022-11-24 2:36 ` [edk2-devel] " Michael Kubacki
2022-11-09 17:32 ` [PATCH v1 10/12] UefiCpuPkg: " Michael Kubacki
2022-11-24 2:04 ` [edk2-devel] " Michael D Kinney
2022-11-24 2:14 ` Michael Kubacki
2022-11-24 2:31 ` Michael D Kinney
2022-11-24 5:12 ` Ni, Ray
2022-11-28 22:50 ` Michael Kubacki
2022-11-09 17:32 ` [PATCH v1 11/12] .github/codeql/edk2.qls: Enable CWE 457, 676, and 758 queries Michael Kubacki
2022-11-24 2:05 ` [edk2-devel] " Michael D Kinney
2022-11-09 17:32 ` [PATCH v1 12/12] .github/codeql/edk2.qls: Enable CWE 120, 787, and 805 queries Michael Kubacki
2022-11-24 2:06 ` Michael D Kinney
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=e7510a89-d325-8771-66d0-b8238a3d7fc7@linux.microsoft.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox