Re: [PATCH] x86/EFI: check table header length in efi_bgrt_init()

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



>>> On 13.11.12 at 21:08, Matt Fleming <matt@xxxxxxxxxxxxxxxxx> wrote:
> On Wed, 2012-11-07 at 16:46 +0000, Jan Beulich wrote:
>> Header length should be validated for all ACPI tables before accessing
>> any non-header field.
>> 
>> Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx>
>> 
>> ---
>>  arch/x86/platform/efi/efi-bgrt.c |    2 ++
>>  1 file changed, 2 insertions(+)
>> 
>> --- 3.7-rc4/arch/x86/platform/efi/efi-bgrt.c
>> +++ 3.7-rc4-x86-EFI-BGRT-checks/arch/x86/platform/efi/efi-bgrt.c
>> @@ -39,6 +39,8 @@ void efi_bgrt_init(void)
>>  	if (ACPI_FAILURE(status))
>>  		return;
>>  
>> +	if (bgrt_tab->header.length < sizeof(*bgrt_tab))
>> +		return;
>>  	if (bgrt_tab->version != 1)
>>  		return;
>>  	if (bgrt_tab->image_type != 0 || !bgrt_tab->image_address)
> 
> Guys, do you want me to take this into the efi tree? Jan, have you see
> machines that actually trip up without this check? I'm trying to gauge
> the urgency of this patch.

No, I haven't. I just spotted that omission in the context of the
apparent lack of checking of the valid flag (which meanwhile was
explained to me as being intentional).

Jan

--
To unsubscribe from this list: send the line "unsubscribe linux-efi" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html


[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux