From 6d8f4bafadb52a4a674de1a2eb463f84154d066d Mon Sep 17 00:00:00 2001 From: Krzysztof Koch Date: Tue, 11 Feb 2020 18:01:17 +0800 Subject: ShellPkg: acpiview: Validate ACPI table 'Length' field Check if the ACPI table length, as reported in the ACPI table header, is big enough to fit at least the header itself. If not, report an error to the user and stop parsing the table in order to prevent buffer overruns. Signed-off-by: Krzysztof Koch Reviewed-by: Sami Mujawar Reviewed-by: Zhichao Gao --- .../UefiShellAcpiViewCommandLib/AcpiTableParser.c | 20 +++++++++++++++++++- 1 file changed, 19 insertions(+), 1 deletion(-) (limited to 'ShellPkg') diff --git a/ShellPkg/Library/UefiShellAcpiViewCommandLib/AcpiTableParser.c b/ShellPkg/Library/UefiShellAcpiViewCommandLib/AcpiTableParser.c index d5500bcb2b..501967c4dd 100644 --- a/ShellPkg/Library/UefiShellAcpiViewCommandLib/AcpiTableParser.c +++ b/ShellPkg/Library/UefiShellAcpiViewCommandLib/AcpiTableParser.c @@ -1,7 +1,7 @@ /** @file ACPI table parser - Copyright (c) 2016 - 2019, ARM Limited. All rights reserved. + Copyright (c) 2016 - 2020, ARM Limited. All rights reserved. SPDX-License-Identifier: BSD-2-Clause-Patent **/ @@ -176,6 +176,7 @@ ProcessAcpiTable ( CONST UINT32* AcpiTableSignature; CONST UINT32* AcpiTableLength; CONST UINT8* AcpiTableRevision; + CONST UINT8* SignaturePtr; PARSE_ACPI_TABLE_PROC ParserProc; ParseAcpiHeader ( @@ -193,6 +194,23 @@ ProcessAcpiTable ( if (Trace) { DumpRaw (Ptr, *AcpiTableLength); + + // Do not process the ACPI table any further if the table length read + // is invalid. The ACPI table should at least contain the table header. + if (*AcpiTableLength < sizeof (EFI_ACPI_DESCRIPTION_HEADER)) { + SignaturePtr = (CONST UINT8*)AcpiTableSignature; + IncrementErrorCount (); + Print ( + L"ERROR: Invalid %c%c%c%c table length. Length = %d\n", + SignaturePtr[0], + SignaturePtr[1], + SignaturePtr[2], + SignaturePtr[3], + *AcpiTableLength + ); + return; + } + if (GetConsistencyChecking ()) { VerifyChecksum (TRUE, Ptr, *AcpiTableLength); } -- cgit v1.2.3