Date: Tue, 13 Jul 2010 19:10:03 GMT From: John Baldwin <jhb@FreeBSD.org> To: freebsd-bugs@FreeBSD.org Subject: Re: kern/148546: [ipmi] Buffer overrun in the impi driver while processing smbios date Message-ID: <201007131910.o6DJA3LX040110@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR kern/148546; it has been noted by GNATS. From: John Baldwin <jhb@FreeBSD.org> To: bug-followup@FreeBSD.org, spencer_minear@mcafee.com Cc: Subject: Re: kern/148546: [ipmi] Buffer overrun in the impi driver while processing smbios date Date: Tue, 13 Jul 2010 15:06:02 -0400 Hmm, the smbios table parser in ipmi_smbios.c is a bit broken. :( I think it was derived from a more generic parser. At some point it might be useful to write a more generic smbios table parser that this code could use, but the simplest fix might be to just simplify this code to be more IPMI specific. For example, the IPMI table entry doesn't use the strings at all, so the table of strings could just be dropped. We could also remove the dispatch table and instead check the table entry type in the the smbios_t38_proc_info() function. This is more like what other places in the kernel do when walking tables e.g. the MADT or MP Table. -- John Baldwin
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201007131910.o6DJA3LX040110>