lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAHp75VdzgWfQ=7nTvYmuxWMaPH0weF=Bzj+AEqsEhyQNeH1XHg@mail.gmail.com>
Date:   Wed, 7 Sep 2022 17:52:10 +0300
From:   Andy Shevchenko <andy.shevchenko@...il.com>
To:     Jean Delvare <jdelvare@...e.de>
Cc:     LKML <linux-kernel@...r.kernel.org>,
        Linus Torvalds <torvalds@...ux-foundation.org>
Subject: Re: [PATCH] firmware: dmi: Fortify entry point length checks

On Wed, Sep 7, 2022 at 11:30 AM Jean Delvare <jdelvare@...e.de> wrote:
>
> Ensure that the SMBIOS entry point is long enough to include all the
> fields we need. Otherwise it is pointless to even attempt to verify
> its checksum.
>
> Also fix the maximum length check, which is technically 32, not 31.
> It does not matter in practice as the only valid values are 31 (for
> SMBIOS 2.x)

"NOTE: This value was incorrectly stated in version 2.1 of this specification as
1Eh. Because of this, there might be version 2.1 implementations that
use either the 1Eh or the 1Fh value, but version 2.2 or later
implementations must use the 1Fh value."

> and 24 (for SMBIOS 3.x), but let's still have the check
> right in case new fields are added to either structure in the future.

Thanks, makes sense to me. But probably needs more work :-)

--
With Best Regards,
Andy Shevchenko

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ