ACK: [PATCH] lib: fwts_acpi_tables: enforce stricter table loading checks
Alex Hung
alex.hung at canonical.com
Thu May 21 23:04:01 UTC 2015
On 05/15/2015 03:36 AM, Colin King wrote:
> From: Colin Ian King <colin.king at canonical.com>
>
> Coverty Scan is warning that malicious or malformed tables being read in
> from file could cause problems with the low 32 bit allocator. Add some
> stricter checking of the size of the buffer being read and also the total
> ACPI table size. ACPI stipulates that the table size is a 32 bit integer
> (which is huge), but we need to keep to that maximum upper limit to be
> in spec.
>
> Signed-off-by: Colin Ian King <colin.king at canonical.com>
> ---
> src/lib/src/fwts_acpi_tables.c | 9 +++++++++
> 1 file changed, 9 insertions(+)
>
> diff --git a/src/lib/src/fwts_acpi_tables.c b/src/lib/src/fwts_acpi_tables.c
> index 81fb096..cca1135 100644
> --- a/src/lib/src/fwts_acpi_tables.c
> +++ b/src/lib/src/fwts_acpi_tables.c
> @@ -667,6 +667,10 @@ static uint8_t *fwts_acpi_load_table_from_file(const int fd, size_t *length)
> }
> continue;
> }
> + if (n > (ssize_t)sizeof(buffer))
> + goto too_big; /* Unlikely */
> + if (size + n > 0xffffffff)
> + goto too_big; /* Very unlikely */
>
> if ((tmp = (uint8_t*)fwts_low_realloc(ptr, size + n + 1)) == NULL) {
> free(ptr);
> @@ -678,6 +682,11 @@ static uint8_t *fwts_acpi_load_table_from_file(const int fd, size_t *length)
> }
> *length = size;
> return ptr;
> +
> +too_big:
> + free(ptr);
> + *length = 0;
> + return NULL;
> }
>
> /*
>
Acked-by: Alex Hung <alex.hung at canonical.com>
More information about the fwts-devel
mailing list