From owner-freebsd-bugs@FreeBSD.ORG  Tue Jul 13 19:10:04 2010
Return-Path: <owner-freebsd-bugs@FreeBSD.ORG>
Delivered-To: freebsd-bugs@hub.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 22DC61065672
	for <freebsd-bugs@hub.freebsd.org>;
	Tue, 13 Jul 2010 19:10:04 +0000 (UTC)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org
	[IPv6:2001:4f8:fff6::28])
	by mx1.freebsd.org (Postfix) with ESMTP id 124778FC1D
	for <freebsd-bugs@hub.freebsd.org>;
	Tue, 13 Jul 2010 19:10:04 +0000 (UTC)
Received: from freefall.freebsd.org (localhost [127.0.0.1])
	by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id o6DJA3lq040112
	for <freebsd-bugs@freefall.freebsd.org>; Tue, 13 Jul 2010 19:10:03 GMT
	(envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.14.4/8.14.4/Submit) id o6DJA3LX040110;
	Tue, 13 Jul 2010 19:10:03 GMT (envelope-from gnats)
Date: Tue, 13 Jul 2010 19:10:03 GMT
Message-Id: <201007131910.o6DJA3LX040110@freefall.freebsd.org>
To: freebsd-bugs@FreeBSD.org
From: John Baldwin <jhb@FreeBSD.org>
Cc: 
Subject: Re: kern/148546: [ipmi] Buffer overrun in the impi driver while
 processing smbios date
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: John Baldwin <jhb@FreeBSD.org>
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
	<mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
	<mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 13 Jul 2010 19:10:04 -0000

The following reply was made to PR kern/148546; it has been noted by GNATS.

From: John Baldwin <jhb@FreeBSD.org>
To: bug-followup@FreeBSD.org, spencer_minear@mcafee.com
Cc:  
Subject: Re: kern/148546: [ipmi] Buffer overrun in the impi driver while processing
 smbios date
Date: Tue, 13 Jul 2010 15:06:02 -0400

 Hmm, the smbios table parser in ipmi_smbios.c is a bit broken. :(  I 
 think it was derived from a more generic parser.  At some point it might 
 be useful to write a more generic smbios table parser that this code 
 could use, but the simplest fix might be to just simplify this code to 
 be more IPMI specific.  For example, the IPMI table entry doesn't use 
 the strings at all, so the table of strings could just be dropped.  We 
 could also remove the dispatch table and instead check the table entry 
 type in the the smbios_t38_proc_info() function.  This is more like what 
 other places in the kernel do when walking tables e.g. the MADT or MP Table.
 
 -- 
 John Baldwin