Hi,
On 3/2/21 5:33 PM, Henning Schild wrote:
<snip>
> +static inline u32 simatic_ipc_get_station_id(u8 *data)
> +{
> + u32 station_id = SIMATIC_IPC_INVALID_STATION_ID;
> + int i;
> + struct {
> + u8 type; /* type (0xff = binary) */
> + u8 len; /* len of data entry */
> + u8 reserved[3];
> + u32 station_id; /* station id (LE) */
> + } __packed * data_entry = (void *)data;
> +
> + /* find 4th entry in OEM data */
> + for (i = 0; i < 3; i++)
> + data_entry = (void *)((u8 *)(data_entry) + data_entry->len);
> +
> + /* decode station id */
> + if (data_entry && data_entry->type == 0xff && data_entry->len == 9)
> + station_id = le32_to_cpu(data_entry->station_id);
> +
> + return station_id;
> +}
> +
> +static inline void
> +simatic_ipc_find_dmi_entry_helper(const struct dmi_header *dh, void *_data)
> +{
> + u32 *id = _data;
> +
> + if (dh->type != DMI_ENTRY_OEM)
> + return;
> +
> + *id = simatic_ipc_get_station_id((u8 *)dh + sizeof(struct dmi_header));
> +}
Please take dh->length into account here and make sure that you don't walk
past the end of the DMI tables during the parsing here.
Regards,
Hans
> +
> +#endif /* __PLATFORM_DATA_X86_SIMATIC_IPC_H */
>
