git: 64fc51a9cf71 - main - libsa: smbios: Reject a 64-bit entry point with revision 0
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Tue, 11 Mar 2025 14:04:43 UTC
The branch main has been updated by olce:
URL: https://cgit.FreeBSD.org/src/commit/?id=64fc51a9cf71b2308399b7b7dee8a9bc9468877b
commit 64fc51a9cf71b2308399b7b7dee8a9bc9468877b
Author: Olivier Certner <olce@FreeBSD.org>
AuthorDate: 2025-03-07 13:32:24 +0000
Commit: Olivier Certner <olce@FreeBSD.org>
CommitDate: 2025-03-11 13:54:09 +0000
libsa: smbios: Reject a 64-bit entry point with revision 0
According to the specification, such an entry point may have different
data in bytes at offsets 0x0c to 0x17 (included). In such a case,
interpreting them as the Structure Table Maximum Size and Address fields
could have catastrophic consequences.
Reviewed by: imp, markj
MFC after: 2 weeks
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D49286
---
stand/libsa/smbios.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/stand/libsa/smbios.c b/stand/libsa/smbios.c
index 50cab3eee939..4deea4f31b11 100644
--- a/stand/libsa/smbios.c
+++ b/stand/libsa/smbios.c
@@ -193,6 +193,13 @@ smbios_sigsearch(const caddr_t addr, const uint32_t len)
#ifdef SMBIOS_64BIT_EP
/* v3.0, 64-bit Entry point */
if (strncmp(cp, SMBIOS3_SIG, sizeof(SMBIOS3_SIG) - 1) == 0 &&
+ /*
+ * The specification only guarantees the presence of the
+ * Structure Table Maximum Size and Address Entry fields at
+ * offsets 0x0c and 0x10 if the Entry Point Revision is not
+ * 0.
+ */
+ SMBIOS_GET8(cp, 0x0a) != 0 &&
smbios_checksum(cp, SMBIOS_GET8(cp, 0x06)) == 0) {
smbios.is_64bit_ep = 1;
return (cp);