git: a5b4ec528192 - main - stand: More protection against malformed smbios tables
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Mon, 01 May 2023 21:28:52 UTC
The branch main has been updated by imp:
URL: https://cgit.FreeBSD.org/src/commit/?id=a5b4ec5281929a9b7ef4a8005bb4b0035322e922
commit a5b4ec5281929a9b7ef4a8005bb4b0035322e922
Author: Warner Losh <imp@FreeBSD.org>
AuthorDate: 2023-05-01 21:12:41 +0000
Commit: Warner Losh <imp@FreeBSD.org>
CommitDate: 2023-05-01 21:12:41 +0000
stand: More protection against malformed smbios tables
Add some more sanity checks to make sure we don't march off the end of
the table. Typically, smbios structures are well formed, or Windows
wouldn't boot. Sometimes they aren't, and this at least fails safe.
Sponsored by: Netflix
Differential Revision: https://reviews.freebsd.org/D39794
---
stand/libsa/smbios.c | 12 ++++++++----
1 file changed, 8 insertions(+), 4 deletions(-)
diff --git a/stand/libsa/smbios.c b/stand/libsa/smbios.c
index a88d3ac4ab69..01083fdfd756 100644
--- a/stand/libsa/smbios.c
+++ b/stand/libsa/smbios.c
@@ -520,19 +520,23 @@ smbios_find_struct(int type)
{
caddr_t dmi;
size_t i;
+ caddr_t ep;
if (smbios.addr == NULL)
return (NULL);
+ ep = smbios.addr + smbios.length;
for (dmi = smbios.addr, i = 0;
- dmi < smbios.addr + smbios.length && i < smbios.count; i++) {
- if (SMBIOS_GET8(dmi, 0) == type)
+ dmi < ep && i < smbios.count; i++) {
+ if (SMBIOS_GET8(dmi, 0) == type) {
return dmi;
+ }
/* Find structure terminator. */
dmi = SMBIOS_GETSTR(dmi);
- while (SMBIOS_GET16(dmi, 0) != 0)
+ while (SMBIOS_GET16(dmi, 0) != 0 && dmi < ep) {
dmi++;
- dmi += 2;
+ }
+ dmi += 2; /* For checksum */
}
return (NULL);