Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 8 Apr 2025 13:40:56 GMT
From:      Olivier Certner <olce@FreeBSD.org>
To:        src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org
Subject:   git: 55e8cdff1443 - stable/14 - smbios: Harden decoding of the BCD revision
Message-ID:  <202504081340.538DeuJO032241@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help 
The branch stable/14 has been updated by olce:

URL: https://cgit.FreeBSD.org/src/commit/?id=55e8cdff14435ddb056440b3d962eded453d2b22

commit 55e8cdff14435ddb056440b3d962eded453d2b22
Author:     Olivier Certner <olce@FreeBSD.org>
AuthorDate: 2025-03-03 14:25:23 +0000
Commit:     Olivier Certner <olce@FreeBSD.org>
CommitDate: 2025-04-08 13:38:25 +0000

    smbios: Harden decoding of the BCD revision
    
    bcd2bin() must not be called with a value greater or equal to
    LIBKERN_LEN_BCD2BIN.
    
    MFC after:      2 weeks
    Sponsored by:   The FreeBSD Foundation
    
    (cherry picked from commit 516e24e57987d184cce70e7f31443653aa1a5e63)
---
 sys/dev/smbios/smbios.c | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/sys/dev/smbios/smbios.c b/sys/dev/smbios/smbios.c
index c8536d5f86c5..24e110f722d3 100644
--- a/sys/dev/smbios/smbios.c
+++ b/sys/dev/smbios/smbios.c
@@ -242,18 +242,20 @@ smbios_attach (device_t dev)
 			    "Docrev: %u, Entry Point Revision: %u\n",
 			    sc->eps3->docrev, sc->eps3->entry_point_revision);
 	} else {
+		const struct smbios_eps *const eps = va;
+		const uint8_t bcd = eps->BCD_revision;
+
 		sc->eps = va;
 		device_printf(dev, "Entry point: v2.1 (32-bit), Version: %u.%u",
-		    sc->eps->major_version, sc->eps->minor_version);
-		if (bcd2bin(sc->eps->BCD_revision))
+		    eps->major_version, eps->minor_version);
+		if (bcd < LIBKERN_LEN_BCD2BIN && bcd2bin(bcd) != 0)
 			printf(", BCD Revision: %u.%u\n",
-			    bcd2bin(sc->eps->BCD_revision >> 4),
-			    bcd2bin(sc->eps->BCD_revision & 0x0f));
+			    bcd2bin(bcd >> 4), bcd2bin(bcd & 0x0f));
 		else
 			printf("\n");
 		if (bootverbose)
 			device_printf(dev, "Entry Point Revision: %u\n",
-			    sc->eps->entry_point_revision);
+			    eps->entry_point_revision);
 	}
 	return (0);
 }

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202504081340.538DeuJO032241>