From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 7512FECAAD3 for ; Mon, 5 Sep 2022 21:33:51 +0000 (UTC) Received: from localhost ([::1]:37206 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1oVJj4-0003NU-Fx for qemu-devel@archiver.kernel.org; Mon, 05 Sep 2022 17:33:50 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:35138) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1oVJgt-0002O2-8b for qemu-devel@nongnu.org; Mon, 05 Sep 2022 17:31:40 -0400 Received: from mail-vk1-f175.google.com ([209.85.221.175]:38887) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1oVJgm-0005mi-3n for qemu-devel@nongnu.org; Mon, 05 Sep 2022 17:31:30 -0400 Received: by mail-vk1-f175.google.com with SMTP id s11so463738vkb.5 for ; Mon, 05 Sep 2022 14:31:26 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date; bh=sMpqXy9ccadFa29SQHFWqr4a8P7bYkzQF15gUHUPBy8=; b=P3s3ticnnAZTUnEWNkoLDUuWmYDykR8aD1M4aM82pF5WcbPNpz6XKlprG4N4XR+klh OT943Vj2Kwj1mr7CQh4RTfzk89lSUil1lBhABBed5x9aLsFUGl7DNmSy7xA2ObQGVypG k0Xs7n3w0DWNTnKL0USz8DVEcaB3iyJOvxyKV+MjBvomNzHqxc5X4aKC+hVegRuwLnED hDXXm9prA7kEBmmHsJVaIxeI9T8BVuvCsc9Bdxh3CL0iLfq7Zl7Ji+EBMM3JcQvNWgzh ypw5t809L9NjqvNkqwu2wT6apvzaKZlFRmlrVm2FZgrxiOLt0XRaUzxRPumaxztIMEGL lgcw== X-Gm-Message-State: ACgBeo3WPbl9D12XxMmjQdO8u0sSZK06Eg9339Toqsl7EhHWdJUV1DnA WlyJAm+wmI/1NIVBlutK7aokAVBhIlIL4pB5z8Q= X-Google-Smtp-Source: AA6agR5EQyMynO7rebLqQwq72mjM+rf1u07LHntap6WuIWdK19f5J1Teq/bkEStdS+rRYdGq9pVsXMM1XnVIbnb92oE= X-Received: by 2002:a1f:9c52:0:b0:389:404d:44bc with SMTP id f79-20020a1f9c52000000b00389404d44bcmr14919264vke.23.1662413485637; Mon, 05 Sep 2022 14:31:25 -0700 (PDT) MIME-Version: 1.0 References: <20220905204349.102405-1-pbonzini@redhat.com> In-Reply-To: <20220905204349.102405-1-pbonzini@redhat.com> Date: Mon, 5 Sep 2022 23:31:14 +0200 Message-ID: Subject: Re: [PATCH v2] smbios: sanitize type from external type before checking have_fields_bitmap To: Paolo Bonzini Cc: "qemu-devel@nongnu.org Developers" Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Received-SPF: pass client-ip=209.85.221.175; envelope-from=philippe.mathieu.daude@gmail.com; helo=mail-vk1-f175.google.com X-Spam_score_int: -13 X-Spam_score: -1.4 X-Spam_bar: - X-Spam_report: (-1.4 / 5.0 requ) BAYES_00=-1.9, FREEMAIL_FORGED_FROMDOMAIN=0.25, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.25, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: "Qemu-devel" Reply-to: =?UTF-8?Q?Philippe_Mathieu=2DDaud=C3=A9?= From: =?UTF-8?Q?Philippe_Mathieu=2DDaud=C3=A9?= via On Mon, Sep 5, 2022 at 10:44 PM Paolo Bonzini wrote: > > test_bit uses header->type as an offset; if the file incorrectly specifie= s a > type greater than 127, smbios_entry_add will read and write garbage. > > To fix this, just pass the smbios data through, assuming the user knows w= hat > to do. Reported by Coverity as CID 1487255. > > Signed-off-by: Paolo Bonzini > --- > hw/smbios/smbios.c | 14 ++++++++------ > 1 file changed, 8 insertions(+), 6 deletions(-) Reviewed-by: Philippe Mathieu-Daud=C3=A9