| Message ID | 20170712125334.20176-2-colin.king@canonical.com |
|---|---|
| State | Accepted |
| Headers | show |
On 2017-07-12 05:53 AM, Colin King wrote: > From: Colin Ian King <colin.king@canonical.com> > > We need to check we don't get SIGSEGV or SIGBUS errors when reading > the mmap'd SMBIOS data before we try and access it. Use the fwts_safe_memread > check on the data to sanity check these mappings. > > Signed-off-by: Colin Ian King <colin.king@canonical.com> > --- > src/dmi/dmicheck/dmicheck.c | 12 ++++++++++++ > 1 file changed, 12 insertions(+) > > diff --git a/src/dmi/dmicheck/dmicheck.c b/src/dmi/dmicheck/dmicheck.c > index 5f010f53..306a0088 100644 > --- a/src/dmi/dmicheck/dmicheck.c > +++ b/src/dmi/dmicheck/dmicheck.c > @@ -332,6 +332,12 @@ static void* dmi_table_smbios(fwts_framework *fw, fwts_smbios_entry *entry) > > mem = fwts_mmap(addr, length); > if (mem != FWTS_MAP_FAILED) { > + /* Can we safely copy the table? */ > + if (fwts_safe_memread((void *)addr, length) != FWTS_OK) { > + fwts_log_info(fw, "SMBIOS table at %p cannot be read", (void *)addr); > + (void)fwts_munmap(mem, length); > + return NULL; > + } > table = malloc(length); > if (table) > memcpy(table, mem, length); > @@ -373,6 +379,12 @@ static void* dmi_table_smbios30(fwts_framework *fw, fwts_smbios30_entry *entry) > > mem = fwts_mmap(addr, length); > if (mem != FWTS_MAP_FAILED) { > + /* Can we safely copy the table? */ > + if (fwts_safe_memread((void *)addr, length) != FWTS_OK) { > + fwts_log_info(fw, "SMBIOS table at %p cannot be read", (void *)addr); > + (void)fwts_munmap(mem, length); > + return NULL; > + } > table = malloc(length); > if (table) > fwts_memcpy_unaligned(table, mem, length); > Acked-by: Alex Hung <alex.hung@canonical.com>
On 07/12/2017 08:53 PM, Colin King wrote: > From: Colin Ian King <colin.king@canonical.com> > > We need to check we don't get SIGSEGV or SIGBUS errors when reading > the mmap'd SMBIOS data before we try and access it. Use the fwts_safe_memread > check on the data to sanity check these mappings. > > Signed-off-by: Colin Ian King <colin.king@canonical.com> > --- > src/dmi/dmicheck/dmicheck.c | 12 ++++++++++++ > 1 file changed, 12 insertions(+) > > diff --git a/src/dmi/dmicheck/dmicheck.c b/src/dmi/dmicheck/dmicheck.c > index 5f010f53..306a0088 100644 > --- a/src/dmi/dmicheck/dmicheck.c > +++ b/src/dmi/dmicheck/dmicheck.c > @@ -332,6 +332,12 @@ static void* dmi_table_smbios(fwts_framework *fw, fwts_smbios_entry *entry) > > mem = fwts_mmap(addr, length); > if (mem != FWTS_MAP_FAILED) { > + /* Can we safely copy the table? */ > + if (fwts_safe_memread((void *)addr, length) != FWTS_OK) { > + fwts_log_info(fw, "SMBIOS table at %p cannot be read", (void *)addr); > + (void)fwts_munmap(mem, length); > + return NULL; > + } > table = malloc(length); > if (table) > memcpy(table, mem, length); > @@ -373,6 +379,12 @@ static void* dmi_table_smbios30(fwts_framework *fw, fwts_smbios30_entry *entry) > > mem = fwts_mmap(addr, length); > if (mem != FWTS_MAP_FAILED) { > + /* Can we safely copy the table? */ > + if (fwts_safe_memread((void *)addr, length) != FWTS_OK) { > + fwts_log_info(fw, "SMBIOS table at %p cannot be read", (void *)addr); > + (void)fwts_munmap(mem, length); > + return NULL; > + } > table = malloc(length); > if (table) > fwts_memcpy_unaligned(table, mem, length); > Acked-by: Ivan Hu <ivan.hu@canonical.com>
diff --git a/src/dmi/dmicheck/dmicheck.c b/src/dmi/dmicheck/dmicheck.c index 5f010f53..306a0088 100644 --- a/src/dmi/dmicheck/dmicheck.c +++ b/src/dmi/dmicheck/dmicheck.c @@ -332,6 +332,12 @@ static void* dmi_table_smbios(fwts_framework *fw, fwts_smbios_entry *entry) mem = fwts_mmap(addr, length); if (mem != FWTS_MAP_FAILED) { + /* Can we safely copy the table? */ + if (fwts_safe_memread((void *)addr, length) != FWTS_OK) { + fwts_log_info(fw, "SMBIOS table at %p cannot be read", (void *)addr); + (void)fwts_munmap(mem, length); + return NULL; + } table = malloc(length); if (table) memcpy(table, mem, length); @@ -373,6 +379,12 @@ static void* dmi_table_smbios30(fwts_framework *fw, fwts_smbios30_entry *entry) mem = fwts_mmap(addr, length); if (mem != FWTS_MAP_FAILED) { + /* Can we safely copy the table? */ + if (fwts_safe_memread((void *)addr, length) != FWTS_OK) { + fwts_log_info(fw, "SMBIOS table at %p cannot be read", (void *)addr); + (void)fwts_munmap(mem, length); + return NULL; + } table = malloc(length); if (table) fwts_memcpy_unaligned(table, mem, length);