diff options
| author | Olivier Certner <olce@FreeBSD.org> | 2025-03-07 13:32:24 +0000 |
|---|---|---|
| committer | Olivier Certner <olce@FreeBSD.org> | 2025-03-11 13:54:09 +0000 |
| commit | 64fc51a9cf71b2308399b7b7dee8a9bc9468877b (patch) | |
| tree | 99a1741a7462f13cd6923f9fa37c084b3d5ce35c | |
| parent | 7e61fc76400cce08de39adde99b879f0bca21b7d (diff) | |
libsa: smbios: Reject a 64-bit entry point with revision 0
According to the specification, such an entry point may have different
data in bytes at offsets 0x0c to 0x17 (included). In such a case,
interpreting them as the Structure Table Maximum Size and Address fields
could have catastrophic consequences.
Reviewed by: imp, markj
MFC after: 2 weeks
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D49286
| -rw-r--r-- | stand/libsa/smbios.c | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/stand/libsa/smbios.c b/stand/libsa/smbios.c index 50cab3eee939..4deea4f31b11 100644 --- a/stand/libsa/smbios.c +++ b/stand/libsa/smbios.c @@ -193,6 +193,13 @@ smbios_sigsearch(const caddr_t addr, const uint32_t len) #ifdef SMBIOS_64BIT_EP /* v3.0, 64-bit Entry point */ if (strncmp(cp, SMBIOS3_SIG, sizeof(SMBIOS3_SIG) - 1) == 0 && + /* + * The specification only guarantees the presence of the + * Structure Table Maximum Size and Address Entry fields at + * offsets 0x0c and 0x10 if the Entry Point Revision is not + * 0. + */ + SMBIOS_GET8(cp, 0x0a) != 0 && smbios_checksum(cp, SMBIOS_GET8(cp, 0x06)) == 0) { smbios.is_64bit_ep = 1; return (cp); |