From: Matt Fleming <matt@codeblueprint.co.uk>
To: Jean Delvare <jdelvare@suse.de>
Cc: LKML <linux-kernel@vger.kernel.org>,
Matt Fleming <matt.fleming@intel.com>,
Ard Biesheuvel <ard.biesheuvel@linaro.org>,
Ivan Khoronzhuk <ivan.khoronzhuk@linaro.org>
Subject: Re: [PATCH] firmware: dmi_scan: Prevent dmi_num integer overflow
Date: Thu, 26 Mar 2015 13:06:52 +0000 [thread overview]
Message-ID: <20150326130651.GC6525@codeblueprint.co.uk> (raw)
In-Reply-To: <20150320095947.644f9c67@endymion.delvare>
On Fri, 20 Mar, at 09:59:47AM, Jean Delvare wrote:
> dmi_num is a u16, dmi_len is a u32, so this construct:
>
> dmi_num = dmi_len / 4;
>
> would result in an integer overflow for a DMI table larger than
> 256 kB. I've never see such a large table so far, but SMBIOS 3.0
> makes it possible so maybe we'll see such tables in the future.
>
> So instead of faking a structure count when the entry point does
> not provide it, adjust the loop condition in dmi_table() to properly
> deal with the case where dmi_num is not set.
>
> Signed-off-by: Jean Delvare <jdelvare@suse.de>
> Cc: Matt Fleming <matt.fleming@intel.com>
> Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
> Cc: Ivan Khoronzhuk <ivan.khoronzhuk@linaro.org>
> ---
> drivers/firmware/dmi_scan.c | 22 +++++++---------------
> 1 file changed, 7 insertions(+), 15 deletions(-)
Jean, are you taking this through your tree?
--
Matt Fleming, Intel Open Source Technology Center
next prev parent reply other threads:[~2015-03-26 13:07 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-03-20 8:59 [PATCH] firmware: dmi_scan: Prevent dmi_num integer overflow Jean Delvare
2015-03-20 9:21 ` Ard Biesheuvel
2015-03-26 13:06 ` Matt Fleming [this message]
2015-03-26 13:15 ` Jean Delvare
2015-03-26 14:47 ` Matt Fleming
2015-03-26 15:21 ` Jean Delvare
2015-03-27 12:12 ` Matt Fleming
2015-03-27 13:22 ` Jean Delvare
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20150326130651.GC6525@codeblueprint.co.uk \
--to=matt@codeblueprint.co.uk \
--cc=ard.biesheuvel@linaro.org \
--cc=ivan.khoronzhuk@linaro.org \
--cc=jdelvare@suse.de \
--cc=linux-kernel@vger.kernel.org \
--cc=matt.fleming@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.