Reviewed-by: Sami Mujawar <sami.muja...@arm.com> Regards,
Sami Mujawar -----Original Message----- From: Krzysztof Koch <krzysztof.k...@arm.com> Sent: 15 August 2019 02:11 PM To: devel@edk2.groups.io Cc: jaben.car...@intel.com; ray...@intel.com; zhichao....@intel.com; Sami Mujawar <sami.muja...@arm.com>; Matteo Carlini <matteo.carl...@arm.com>; nd <n...@arm.com> Subject: [PATCH v1 00/11] Test against invalid pointers in acpiview Prevent the use of invalid pointers when parsing ACPI tables in the UEFI shell acpiview tool. The parsing of ACPI tables is often controlled with the values read earlier from the same table. For example, the 'Offset' or 'Count' fields found in a structure are later used to parse the substructures. If such fields lie outside the structure's buffer length provided, then there is a possibility for a wild or dangling pointer. Currently, if the ParseAcpi() function terminates early because the end of the input table data buffer has been reached, then the pointers which were supposed to be updated by this function are left untouched. This is a security issue as the values pointed to by these pointers are later used for flow control. This patch series aims to solve this security issue by explicitly initializing any pointers lying outside the input ACPI data buffer to NULL and testing for NULL whenever these pointers are dereferenced. Changes can be seet at: https://github.com/KrzysztofKoch1/edk2/tree/612_add_pointer_validation_v1 Krzysztof Koch (11): ShellPkg: acpiview: Set ItemPtr to NULL for unprocessed table fields ShellPkg: acpiview: RSDP: Validate global pointer before use ShellPkg: acpiview: FADT: Validate global pointer before use ShellPkg: acpiview: SLIT: Validate global pointer before use ShellPkg: acpiview: SLIT: Validate System Locality count ShellPkg: acpiview: SRAT: Validate global pointers before use ShellPkg: acpiview: MADT: Validate global pointers before use ShellPkg: acpiview: PPTT: Validate global pointers before use ShellPkg: acpiview: IORT: Validate global pointers before use ShellPkg: acpiview: GTDT: Validate global pointers before use ShellPkg: acpiview: DBG2: Validate global pointers before use ShellPkg/Library/UefiShellAcpiViewCommandLib/AcpiParser.c | 9 ++- ShellPkg/Library/UefiShellAcpiViewCommandLib/Parsers/Dbg2/Dbg2Parser.c | 43 ++++++++++++++ ShellPkg/Library/UefiShellAcpiViewCommandLib/Parsers/Fadt/FadtParser.c | 14 +++++ ShellPkg/Library/UefiShellAcpiViewCommandLib/Parsers/Gtdt/GtdtParser.c | 37 ++++++++++++ ShellPkg/Library/UefiShellAcpiViewCommandLib/Parsers/Iort/IortParser.c | 52 +++++++++++++++++ ShellPkg/Library/UefiShellAcpiViewCommandLib/Parsers/Madt/MadtParser.c | 13 +++++ ShellPkg/Library/UefiShellAcpiViewCommandLib/Parsers/Pptt/PpttParser.c | 25 ++++++++ ShellPkg/Library/UefiShellAcpiViewCommandLib/Parsers/Rsdp/RsdpParser.c | 12 ++++ ShellPkg/Library/UefiShellAcpiViewCommandLib/Parsers/Slit/SlitParser.c | 61 ++++++++++++++++++-- ShellPkg/Library/UefiShellAcpiViewCommandLib/Parsers/Srat/SratParser.c | 13 +++++ 10 files changed, 272 insertions(+), 7 deletions(-) -- 'Guid(CE165669-3EF3-493F-B85D-6190EE5B9759)' -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#46031): https://edk2.groups.io/g/devel/message/46031 Mute This Topic: https://groups.io/mt/32886564/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
