Re: [PATCH] firmware: dmi: Fortify entry point length checks

From: Andy Shevchenko
Date: Wed Sep 07 2022 - 12:22:57 EST


On Wed, Sep 7, 2022 at 7:09 PM Jean Delvare <jdelvare@xxxxxxx> wrote:
> On Wed, 7 Sep 2022 18:48:03 +0300, Andy Shevchenko wrote:
> > On Wed, Sep 7, 2022 at 6:21 PM Jean Delvare <jdelvare@xxxxxxx> wrote:
> > > On Wed, 7 Sep 2022 17:52:10 +0300, Andy Shevchenko wrote:

...

> > > > "NOTE: This value was incorrectly stated in version 2.1 of this specification as
> > > > 1Eh. Because of this, there might be version 2.1 implementations that
> > > > use either the 1Eh or the 1Fh value, but version 2.2 or later
> > > > implementations must use the 1Fh value."
> > >
> > > Good point, so maybe we should accept 0x1E and treat is silently as
> > > 0x1F (which is what we have been doing implicitly so far) for maximum
> > > compatibility?
> >
> > At least the previous comparison covers this case, if I'm not mistaken.
>
> Before my proposed change, yes. After my proposed change, no longer.
> Let's not risk a regression, I'll change the check to:
>
> if (memcmp(buf, "_SM_", 4) == 0 &&
> buf[5] >= 30 && buf[5] <= 32 &&
> dmi_checksum(buf, buf[5])) {
>
> I'll also add a comment stating why we are allowing length 30.
>
> Thanks for the valuable feedback,

You're welcome! You may add
Reviewed-by: Andy Shevchenko <andy.shevchenko@xxxxxxxxx>
to the resulting patch.

--
With Best Regards,
Andy Shevchenko