From patchwork Thu Oct 17 10:05:36 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Maxim Polyakov X-Patchwork-Id: 1178441 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from lists.ozlabs.org (lists.ozlabs.org [203.11.71.2]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 46v4Yc4MnXz9sPV for ; Thu, 17 Oct 2019 21:05:56 +1100 (AEDT) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=yadro.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=yadro.com header.i=@yadro.com header.b="PKmqFUup"; dkim-atps=neutral Received: from bilbo.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) by lists.ozlabs.org (Postfix) with ESMTP id 46v4Yc2K1KzDqLT for ; Thu, 17 Oct 2019 21:05:56 +1100 (AEDT) X-Original-To: petitboot@lists.ozlabs.org Delivered-To: petitboot@lists.ozlabs.org Authentication-Results: lists.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=yadro.com (client-ip=89.207.88.252; helo=mta-01.yadro.com; envelope-from=m.polyakov@yadro.com; receiver=) Authentication-Results: lists.ozlabs.org; dmarc=pass (p=none dis=none) header.from=yadro.com Authentication-Results: lists.ozlabs.org; dkim=pass (1024-bit key; unprotected) header.d=yadro.com header.i=@yadro.com header.b="PKmqFUup"; dkim-atps=neutral Received: from mta-01.yadro.com (mta-02.yadro.com [89.207.88.252]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by lists.ozlabs.org (Postfix) with ESMTPS id 46v4YJ3SJSzDrH8 for ; Thu, 17 Oct 2019 21:05:40 +1100 (AEDT) Received: from localhost (unknown [127.0.0.1]) by mta-01.yadro.com (Postfix) with ESMTP id 9CF2B43130; Thu, 17 Oct 2019 10:05:37 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=yadro.com; h= user-agent:content-disposition:content-type:content-type :mime-version:message-id:subject:subject:from:from:date:date :received:received:received; s=mta-01; t=1571306736; x= 1573121137; bh=SiNKX4dmfEeeV1QHMWEXkGl6R03jl/SMGPc8JLQarGg=; b=P KmqFUupvwZMeSVRyz4j0VTiNS6gCWjoUdHKG69aqIXo1+PFIZh2vD69x9SzfiHhV V1OB2vG+VSWdBN1ti1nqXoXdAlu6ja+OWv9TbXAkA6MLelvrbqkoaY8BEWBRtg97 KpIpQm/w8regC/Xu9Zltwd52QJskSmZH4Dz8xWVe5A= X-Virus-Scanned: amavisd-new at yadro.com Received: from mta-01.yadro.com ([127.0.0.1]) by localhost (mta-01.yadro.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id K3dDxV9Yi89n; Thu, 17 Oct 2019 13:05:36 +0300 (MSK) Received: from T-EXCH-02.corp.yadro.com (t-exch-02.corp.yadro.com [172.17.10.102]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by mta-01.yadro.com (Postfix) with ESMTPS id A31EA4122E; Thu, 17 Oct 2019 13:05:36 +0300 (MSK) Received: from localhost (172.17.15.1) by T-EXCH-02.corp.yadro.com (172.17.10.102) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.669.32; Thu, 17 Oct 2019 13:05:36 +0300 Date: Thu, 17 Oct 2019 13:05:36 +0300 From: Maxim Polyakov To: Jeremy Kerr , , Maxim Polyakov Subject: [PATCH v3 2/5] discover/platform-powerpc: limit mailbox response size Message-ID: <20191017100534.GA6670@gmail.com> MIME-Version: 1.0 Content-Disposition: inline User-Agent: Mutt/1.5.24 (2015-08-30) X-Originating-IP: [172.17.15.1] X-ClientProxiedBy: T-EXCH-01.corp.yadro.com (172.17.10.101) To T-EXCH-02.corp.yadro.com (172.17.10.102) X-BeenThere: petitboot@lists.ozlabs.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Petitboot bootloader development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: petitboot-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org Sender: "Petitboot" The maximum size of the mailbox with Boot Initiator info is defined in the specification (1). The code should not extract data from the IPMI response message if its size exceeds the maximum limit from the specification. [1] page 398, IPMI Specification v2.0, Revision 1.1, October 1, 2013 Signed-off-by: Maxim Polyakov --- discover/platform-powerpc.c | 31 +++++++++++++++++-------------- 1 file changed, 17 insertions(+), 14 deletions(-) diff --git a/discover/platform-powerpc.c b/discover/platform-powerpc.c index 6651e3f..1e33bf1 100644 --- a/discover/platform-powerpc.c +++ b/discover/platform-powerpc.c @@ -461,24 +461,27 @@ static int get_ipmi_boot_mailbox_block(struct platform_powerpc *platform, return -1; } - if (resp_len < sizeof(resp)) { - if (resp_len < 4) { - pb_log("platform: unexpected length (%d) in " - "boot options mailbox response\n", - resp_len); - return -1; - } + if (resp_len > sizeof(resp)) { + pb_debug("platform: invalid mailbox response size!\n"); + return -1; + } - if (resp_len == 4) { - pb_debug_fn("block %hu empty\n", block); - return 0; - } + if (resp_len < 4) { + pb_log("platform: unexpected length (%d) in " + "boot options mailbox response\n", + resp_len); + return -1; + } - blocksize = sizeof(resp) - 4; - pb_debug_fn("Mailbox block %hu returns only %zu bytes in block\n", - block, blocksize); + if (resp_len == 4) { + pb_debug_fn("block %hu empty\n", block); + return 0; } + blocksize = sizeof(resp) - 4; + pb_debug_fn("Mailbox block %hu returns only %zu bytes in block\n", + block, blocksize); + debug_buf = format_buffer(platform, resp, resp_len); pb_debug_fn("IPMI bootdev mailbox block %hu:\n%s\n", block, debug_buf); talloc_free(debug_buf);