lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <1373298554.4298.228.camel@chaos.site>
Date:	Mon, 08 Jul 2013 17:49:14 +0200
From:	Jean Delvare <jdelvare@...e.de>
To:	Ben Hutchings <ben@...adent.org.uk>
Cc:	linux-kernel <linux-kernel@...r.kernel.org>,
	Andrew Morton <akpm@...ux-foundation.org>
Subject: Suspect loop in dmi_scan_machine()

Hi Ben,

I am looking at this commit of yours:

https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/drivers/firmware/dmi_scan.c?id=79bae42d51a5d498500c890c19ef76df41d2bf59

and am a little worried about the for loop in dmi_scan_machine()
(non-EFI case):

* The first iteration looks wrong, as you're resetting the lower half of
buf to 0 instead of initializing it with the 16 first bytes of p. So if
a system as its SMBIOS entry point at 0xF0000, your code won't see it.
Thankfully it will get the DMI entry point, but if the version is in the
SMBIOS entry point, it will be missed.

* The last iteration looks wrong too, as you are reading from offsets
0x10000-0x1000F of an iomap area of size 0x10000, i.e. beyond the end of
the area. You'll hit that on a machine without SMBIOS/DMI. I'm not sure
what exactly happens when calling memcpy_fromio() on an unmapped area
but I'm reasonably certain this is bad and shouldn't be attempted.

Also, the code only looks for the DMI entry point in the second half of
the buffer, so it would also miss a legacy DMI entry point at 0xF0000.

Thoughts?

-- 
Jean Delvare
Suse L3

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ