Re: [PATCH] firmware: dmi: Fortify entry point length checks

[Jean Delvare]

On Wed, 7 Sep 2022 18:48:03 +0300, Andy Shevchenko wrote:
> On Wed, Sep 7, 2022 at 6:21 PM Jean Delvare <jdelvare@xxxxxxx> wrote:
> > On Wed, 7 Sep 2022 17:52:10 +0300, Andy Shevchenko wrote:  
> > > "NOTE: This value was incorrectly stated in version 2.1 of this specification as
> > > 1Eh. Because of this, there might be version 2.1 implementations that
> > > use either the 1Eh or the 1Fh value, but version 2.2 or later
> > > implementations must use the 1Fh value."  
> >
> > Good point, so maybe we should accept 0x1E and treat is silently as
> > 0x1F (which is what we have been doing implicitly so far) for maximum
> > compatibility?  
> 
> At least the previous comparison covers this case, if I'm not mistaken.

Before my proposed change, yes. After my proposed change, no longer.
Let's not risk a regression, I'll change the check to:

	if (memcmp(buf, "_SM_", 4) == 0 &&
	    buf[5] >= 30 && buf[5] <= 32 &&
	    dmi_checksum(buf, buf[5])) {

I'll also add a comment stating why we are allowing length 30.

Thanks for the valuable feedback,
-- 
Jean Delvare
SUSE L3 Support