lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <20250729130524.7226-1-listout@listout.xyz>
Date: Tue, 29 Jul 2025 18:35:24 +0530
From: Brahmajit Das <listout@...tout.xyz>
To: linux-acpi@...r.kernel.org,
	acpica-devel@...ts.linux.dev,
	linux-kernel@...r.kernel.org
Cc: robert.moore@...el.com,
	rafael.j.wysocki@...el.com,
	lenb@...nel.org,
	jrtc27@...c27.com,
	x0rw3ll@...il.com
Subject: [RFC PATCH] Revert "ACPICA: Avoid subobject buffer overflow when validating RSDP signature"

This reverts commit a3e525feaeec436cd9f82f84e345f0d18dc2638f.

With 64b9dfd0776e9 there is the following build error:

In file included from ./include/acpi/acpi.h:24,
                 from drivers/acpi/acpica/tbprint.c:10:
drivers/acpi/acpica/tbprint.c: In function ‘acpi_tb_print_table_header’:
./include/acpi/actypes.h:530:43: error: ‘strncmp’ argument 1 declared attribute ‘nonstring’ is smaller than the specified bound 8 [-Werror=stringop-overread]
  530 | #define ACPI_VALIDATE_RSDP_SIG(a)       (!strncmp (ACPI_CAST_PTR (char, (a)), ACPI_SIG_RSDP, (sizeof(a) < 8) ? ACPI_NAMESEG_SIZE : 8))
      |                                           ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
drivers/acpi/acpica/tbprint.c:105:20: note: in expansion of macro ‘ACPI_VALIDATE_RSDP_SIG’
  105 |         } else if (ACPI_VALIDATE_RSDP_SIG(ACPI_CAST_PTR(struct acpi_table_rsdp,
      |                    ^~~~~~~~~~~~~~~~~~~~~~
In file included from ./include/acpi/acpi.h:26:
./include/acpi/actbl.h:69:14: note: argument ‘signature’ declared here
   69 |         char signature[ACPI_NAMESEG_SIZE] ACPI_NONSTRING;       /* ASCII table signature */
      |              ^~~~~~~~~
cc1: all warnings being treated as errors

With the overread checking in 64b9dfd0776e9, I think we can safely
revert this and fix the build error.

Signed-off-by: Brahmajit Das <listout@...tout.xyz>
---
 drivers/acpi/acpica/tbprint.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/drivers/acpi/acpica/tbprint.c b/drivers/acpi/acpica/tbprint.c
index fd64460a2e26..73d854daad76 100644
--- a/drivers/acpi/acpica/tbprint.c
+++ b/drivers/acpi/acpica/tbprint.c
@@ -102,8 +102,7 @@ acpi_tb_print_table_header(acpi_physical_address address,
 		ACPI_INFO(("%-4.4s 0x%8.8X%8.8X %06X",
 			   header->signature, ACPI_FORMAT_UINT64(address),
 			   header->length));
-	} else if (ACPI_VALIDATE_RSDP_SIG(ACPI_CAST_PTR(struct acpi_table_rsdp,
-							header)->signature)) {
+	} else if (ACPI_VALIDATE_RSDP_SIG(header->signature)) {
 
 		/* RSDP has no common fields */
 
-- 
2.50.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ