git: bb04712e3772 - main - smbios: Carefully print wrong entry point signature on identify

Fri, 07 Mar 2025 08:46:15 -0800 

The branch main has been updated by olce:

URL: 
https://cgit.FreeBSD.org/src/commit/?id=bb04712e37723d112b2fad28af4b035ef35a25be

commit bb04712e37723d112b2fad28af4b035ef35a25be
Author:     Olivier Certner <o...@freebsd.org>
AuthorDate: 2025-03-03 09:30:00 +0000
Commit:     Olivier Certner <o...@freebsd.org>
CommitDate: 2025-03-07 16:42:46 +0000

    smbios: Carefully print wrong entry point signature on identify
    
    Using printf() with '%s' can lead to arbitrary long printing (although,
    usually, a NUL byte should appear quite quickly) and trying to print
    unprintable characters.
    
    Instead, print in hexadecimal the exact bytes that are compared to the
    expected signature.
    
    MFC after:      2 weeks
    Sponsored by:   The FreeBSD Foundation
---
 sys/dev/smbios/smbios.c | 41 +++++++++++++++++++++++++++++------------
 1 file changed, 29 insertions(+), 12 deletions(-)

diff --git a/sys/dev/smbios/smbios.c b/sys/dev/smbios/smbios.c
index 67443d75c8fa..2cc8e3ff21c4 100644
--- a/sys/dev/smbios/smbios.c
+++ b/sys/dev/smbios/smbios.c
@@ -124,21 +124,13 @@ smbios_identify (driver_t *driver, device_t parent)
        if (map_size == sizeof(*eps3)) {
                eps3 = ptr;
                length = eps3->length;
-               if (memcmp(eps3->anchor_string,
-                   SMBIOS3_SIG, SMBIOS3_LEN) != 0) {
-                       printf("smbios3: corrupt sig %s found\n",
-                           eps3->anchor_string);
-                       goto unmap_return;
-               }
+               if (memcmp(eps3->anchor_string, SMBIOS3_SIG, SMBIOS3_LEN) != 0)
+                       goto corrupt_sig;
        } else {
                eps = ptr;
                length = eps->length;
-               if (memcmp(eps->anchor_string,
-                   SMBIOS_SIG, SMBIOS_LEN) != 0) {
-                       printf("smbios: corrupt sig %s found\n",
-                           eps->anchor_string);
-                       goto unmap_return;
-               }
+               if (memcmp(eps->anchor_string, SMBIOS_SIG, SMBIOS_LEN) != 0)
+                       goto corrupt_sig;
        }
        if (length != map_size) {
                /*
@@ -167,6 +159,31 @@ smbios_identify (driver_t *driver, device_t parent)
 unmap_return:
        pmap_unmapbios(ptr, map_size);
        return;
+
+corrupt_sig:
+       {
+               const char *sig;
+               const char *table_ver_str;
+               size_t i, end;
+
+               if (map_size == sizeof(*eps3)) {
+                       sig = eps3->anchor_string;
+                       table_ver_str = "64";
+                       end = SMBIOS3_LEN;
+               } else {
+                       sig = eps->anchor_string;
+                       table_ver_str = "32";
+                       end = SMBIOS_LEN;
+               }
+
+               /* Space after ':' printed by the loop. */
+               printf("smbios: %s-bit Entry Point: Corrupt signature (hex):",
+                   table_ver_str);
+               for (i = 0; i < end; ++i)
+                       printf(" %02hhx", sig[i]);
+               printf("\n");
+       }
+       goto unmap_return;
 }
 
 static int

Reply via email to