From nobody Mon May 1 21:28:52 2023 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Q9GYJ6Hnjz492XB; Mon, 1 May 2023 21:28:52 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Q9GYJ5hp7z3kBt; Mon, 1 May 2023 21:28:52 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1682976532; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=yb8ykKk+3NSbK8koskW5nDBOoGnrjmcMN8FxQEh5ksc=; b=IL2V64kaa4ITqGSsUp4Gyv+KLyT2HcfXpG/kqAlGjhQrjP9PXWHUkbfwpo7Itrfyjrz2na vOAj06F8Ql7ZyjUAjLCMvKDh937AAsOOk0zs1GeahATML2wTs9VkPgHxP0qQtaq/FkFxAY psIYthrd4iOGqnb/iXS2fupJei8dG63XSwhMU4NDhzsAmKAzZCW2GAIvSByv1ehLBT34ji qQCzLrRK14QcHppu3d5om0BgBdbzXhdsmnzL+yGY3KD6142TPKWZqw+SRAYi3rXMJ9uO9+ NTZ8BLwKBtdvpn8Le/5bTttB8A3A4z1Nq9lXRh0UqMaCBdZI2Bq4n9kfcENPJg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1682976532; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=yb8ykKk+3NSbK8koskW5nDBOoGnrjmcMN8FxQEh5ksc=; b=FbuLBanGllTRr81+AD4xxIC7dQ9j2yd/HCdHB0VJVnUc9MO2ozF3jw7wsJqE94wbty3xFv dbAPzYVgZBmh/rucdoBTi9YjIjbvfZGOfhDNu8CE4t9KTIEh+2JzB46I4PY88JqHuvKR/F TwnOHowulGrMQCHJLXEXlJiZyJfNAB3L5Dn53ThVr7cePZvWlsHIA/3nX/Uznr8NUPiRrl MgUdXL5YSlxZS8cw9HgBgzf5ziC41aIiPYqkZpV4Up3Bp3Qfuv2up2jEjrGIGCsAnnU/dI ikiFhfq+7o76Gc909UhxrF9IJmEy/ob7Gr6SwSdF1dz1pkiPbYydSGQV4Y7YLw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1682976532; a=rsa-sha256; cv=none; b=vB8Y4vp8RMFIbOtyw02gnv83Tw9bE7HokoyV1fcAJCvQq9tGWzggF5LzPWOvZ79ln+d2zJ 3iP8pw8L3t7LOHp3TJ/u5EgtMNzrbiwioH+zM89yYtkMpC63Fd5nbXXMKaNb8EwFF24zpL FBE5MHKSnW5bls9MYbNxPGuyOgzQ+UKZCJXu3uBUOcoQWFXRlMyr3LGiE4O6/+sbK8kenR V0c1w6de1ONpzBslR/H9M7VwH5EehzMI/9ZPA943lnTIuHlodUpYFVNXgAL0tCROvuqiL0 1b3eq449RY0IXLB063mdmfVcv1oW9wrpXzmULg9Rjc4aPHS1hb2eygjmaLFo9g== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4Q9GYJ4kN2zMJZ; Mon, 1 May 2023 21:28:52 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 341LSqkO085958; Mon, 1 May 2023 21:28:52 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 341LSqiM085957; Mon, 1 May 2023 21:28:52 GMT (envelope-from git) Date: Mon, 1 May 2023 21:28:52 GMT Message-Id: <202305012128.341LSqiM085957@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Warner Losh Subject: git: a5b4ec528192 - main - stand: More protection against malformed smbios tables List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-all@freebsd.org X-BeenThere: dev-commits-src-all@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: imp X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: a5b4ec5281929a9b7ef4a8005bb4b0035322e922 Auto-Submitted: auto-generated X-ThisMailContainsUnwantedMimeParts: N The branch main has been updated by imp: URL: https://cgit.FreeBSD.org/src/commit/?id=a5b4ec5281929a9b7ef4a8005bb4b0035322e922 commit a5b4ec5281929a9b7ef4a8005bb4b0035322e922 Author: Warner Losh AuthorDate: 2023-05-01 21:12:41 +0000 Commit: Warner Losh CommitDate: 2023-05-01 21:12:41 +0000 stand: More protection against malformed smbios tables Add some more sanity checks to make sure we don't march off the end of the table. Typically, smbios structures are well formed, or Windows wouldn't boot. Sometimes they aren't, and this at least fails safe. Sponsored by: Netflix Differential Revision: https://reviews.freebsd.org/D39794 --- stand/libsa/smbios.c | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/stand/libsa/smbios.c b/stand/libsa/smbios.c index a88d3ac4ab69..01083fdfd756 100644 --- a/stand/libsa/smbios.c +++ b/stand/libsa/smbios.c @@ -520,19 +520,23 @@ smbios_find_struct(int type) { caddr_t dmi; size_t i; + caddr_t ep; if (smbios.addr == NULL) return (NULL); + ep = smbios.addr + smbios.length; for (dmi = smbios.addr, i = 0; - dmi < smbios.addr + smbios.length && i < smbios.count; i++) { - if (SMBIOS_GET8(dmi, 0) == type) + dmi < ep && i < smbios.count; i++) { + if (SMBIOS_GET8(dmi, 0) == type) { return dmi; + } /* Find structure terminator. */ dmi = SMBIOS_GETSTR(dmi); - while (SMBIOS_GET16(dmi, 0) != 0) + while (SMBIOS_GET16(dmi, 0) != 0 && dmi < ep) { dmi++; - dmi += 2; + } + dmi += 2; /* For checksum */ } return (NULL);