From patchwork Tue May 5 12:19:12 2015 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 48028 Return-Path: X-Original-To: linaro@patches.linaro.org Delivered-To: linaro@patches.linaro.org Received: from mail-la0-f69.google.com (mail-la0-f69.google.com [209.85.215.69]) by ip-10-151-82-157.ec2.internal (Postfix) with ESMTPS id B294120553 for ; Tue, 5 May 2015 12:19:52 +0000 (UTC) Received: by lamp14 with SMTP id p14sf54372935lam.3 for ; Tue, 05 May 2015 05:19:51 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:delivered-to:from:to:date:message-id:subject :precedence:reply-to:list-id:list-unsubscribe:list-archive:list-post :list-help:list-subscribe:mime-version:content-type :content-transfer-encoding:errors-to:x-original-sender :x-original-authentication-results:mailing-list; bh=HLIcm+UAA4QauOYAU29iA5QX9XL+wgVuhTqLa9AdL9w=; b=mWfFtSUkzZH5VSE0nz+n8metvIj6aRVm0F+lJsSCsunWTbVSFi5cZzqi6apeRtLayh AoVEjoExBho9YtF40VyLT21WManyEYRUVdP0ZKMiyN16Ade534NGQfAa3SUN2lGypAV+ JD6ZNe3Vfk2bnRvTdbATh3oXiM4G3zDodYSa0N+wNL+XgbRk7u4DKanUYAh+abdk14px FbeA73CpBUYDGU5JvQeycLRnpvHGEMWj8fzMX7spR1v4VVS9rBzlk7jKjCPxOwRB4JnU qbz09s+MarrAs2kWXVdBv29I8KdY5igDAn3jRXoOy5qCFJnN7kRUsQAhnIATIRJ3OtaC ewpw== X-Gm-Message-State: ALoCoQllcZ37NaOFV5S2T8kwB/PJeN+6UKOnyqDH/Qm+zf3tLmAojQsnnNIWFg6jADV/YH5CKMcH X-Received: by 10.194.143.98 with SMTP id sd2mr21981368wjb.6.1430828391111; Tue, 05 May 2015 05:19:51 -0700 (PDT) X-BeenThere: patchwork-forward@linaro.org Received: by 10.152.180.202 with SMTP id dq10ls903837lac.109.gmail; Tue, 05 May 2015 05:19:50 -0700 (PDT) X-Received: by 10.112.150.100 with SMTP id uh4mr23255380lbb.112.1430828390948; Tue, 05 May 2015 05:19:50 -0700 (PDT) Received: from mail-la0-f41.google.com (mail-la0-f41.google.com. [209.85.215.41]) by mx.google.com with ESMTPS id vt12si12292365lac.164.2015.05.05.05.19.50 for (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 05 May 2015 05:19:50 -0700 (PDT) Received-SPF: pass (google.com: domain of patch+caf_=patchwork-forward=linaro.org@linaro.org designates 209.85.215.41 as permitted sender) client-ip=209.85.215.41; Received: by labbd9 with SMTP id bd9so125884582lab.2 for ; Tue, 05 May 2015 05:19:50 -0700 (PDT) X-Received: by 10.152.4.137 with SMTP id k9mr23512485lak.29.1430828390853; Tue, 05 May 2015 05:19:50 -0700 (PDT) X-Forwarded-To: patchwork-forward@linaro.org X-Forwarded-For: patch@linaro.org patchwork-forward@linaro.org Delivered-To: patch@linaro.org Received: by 10.112.67.65 with SMTP id l1csp2210415lbt; Tue, 5 May 2015 05:19:49 -0700 (PDT) X-Received: by 10.50.114.35 with SMTP id jd3mr1421731igb.14.1430828387458; Tue, 05 May 2015 05:19:47 -0700 (PDT) Received: from lists.sourceforge.net (lists.sourceforge.net. [216.34.181.88]) by mx.google.com with ESMTPS id b32si12525512ioj.49.2015.05.05.05.19.46 (version=TLSv1 cipher=RC4-SHA bits=128/128); Tue, 05 May 2015 05:19:47 -0700 (PDT) Received-SPF: pass (google.com: domain of edk2-devel-bounces@lists.sourceforge.net designates 216.34.181.88 as permitted sender) client-ip=216.34.181.88; Received: from localhost ([127.0.0.1] helo=sfs-ml-3.v29.ch3.sourceforge.com) by sfs-ml-3.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1Ypbp2-00045C-CK; Tue, 05 May 2015 12:19:36 +0000 Received: from sog-mx-2.v43.ch3.sourceforge.com ([172.29.43.192] helo=mx.sourceforge.net) by sfs-ml-3.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1Ypbp1-000457-8T for edk2-devel@lists.sourceforge.net; Tue, 05 May 2015 12:19:35 +0000 Received-SPF: pass (sog-mx-2.v43.ch3.sourceforge.com: domain of linaro.org designates 209.85.212.182 as permitted sender) client-ip=209.85.212.182; envelope-from=ard.biesheuvel@linaro.org; helo=mail-wi0-f182.google.com; Received: from mail-wi0-f182.google.com ([209.85.212.182]) by sog-mx-2.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128) (Exim 4.76) id 1Ypbp0-0005eu-CZ for edk2-devel@lists.sourceforge.net; Tue, 05 May 2015 12:19:35 +0000 Received: by widdi4 with SMTP id di4so158115811wid.0 for ; Tue, 05 May 2015 05:19:28 -0700 (PDT) X-Received: by 10.180.37.101 with SMTP id x5mr3593894wij.74.1430828368392; Tue, 05 May 2015 05:19:28 -0700 (PDT) Received: from localhost.localdomain (cag06-7-83-153-85-71.fbx.proxad.net. [83.153.85.71]) by mx.google.com with ESMTPSA id v3sm15903136wix.8.2015.05.05.05.19.26 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Tue, 05 May 2015 05:19:27 -0700 (PDT) From: Ard Biesheuvel To: olivier.martin@arm.com, edk2-devel@lists.sourceforge.net, ronald.cron@arm.com Date: Tue, 5 May 2015 14:19:12 +0200 Message-Id: <1430828352-29192-1-git-send-email-ard.biesheuvel@linaro.org> X-Mailer: git-send-email 1.9.1 X-Spam-Score: -1.5 (-) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for sender-domain -0.0 SPF_PASS SPF: sender matches SPF record 0.0 AWL AWL: Adjusted score from AWL reputation of From: address X-Headers-End: 1Ypbp0-0005eu-CZ Subject: [edk2] [PATCH] EmbeddedPkg: do not ASSERT() on valid external input X-BeenThere: edk2-devel@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list Reply-To: edk2-devel@lists.sourceforge.net List-Id: List-Unsubscribe: , List-Archive: List-Post: , List-Help: , List-Subscribe: , MIME-Version: 1.0 Errors-To: edk2-devel-bounces@lists.sourceforge.net X-Removed-Original-Auth: Dkim didn't pass. X-Original-Sender: ard.biesheuvel@linaro.org X-Original-Authentication-Results: mx.google.com; spf=pass (google.com: domain of patch+caf_=patchwork-forward=linaro.org@linaro.org designates 209.85.215.41 as permitted sender) smtp.mail=patch+caf_=patchwork-forward=linaro.org@linaro.org Mailing-list: list patchwork-forward@linaro.org; contact patchwork-forward+owners@linaro.org X-Google-Group-Id: 836684582541 Since ASSERT()s are enabled even on all ArmPlatformPkg RELEASE builds, ASSERT()ing on a valid FDT header will crash the firmware if the user selects an incorrect file. Since ASSERT() is meant to catch internal inconsistencies in the firmware, its use here is inappropriate. Instead, handle it as a normal error condition. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Ard Biesheuvel --- EmbeddedPkg/Drivers/FdtPlatformDxe/FdtPlatform.c | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/EmbeddedPkg/Drivers/FdtPlatformDxe/FdtPlatform.c b/EmbeddedPkg/Drivers/FdtPlatformDxe/FdtPlatform.c index e777b0f7f7ed..90ac9d36d5e9 100644 --- a/EmbeddedPkg/Drivers/FdtPlatformDxe/FdtPlatform.c +++ b/EmbeddedPkg/Drivers/FdtPlatformDxe/FdtPlatform.c @@ -404,15 +404,16 @@ InstallFdt ( goto Error; } - // Check the FDT header is valid. We only make this check in DEBUG mode in - // case the FDT header change on production device and this ASSERT() becomes - // not valid. - ASSERT (fdt_check_header ((VOID*)(UINTN)FdtBlobBase) == 0); - // - // Ensure the Size of the Device Tree is smaller than the size of the read file + // Ensure that the FDT header is valid and that the Size of the Device Tree + // is smaller than the size of the read file // - ASSERT ((UINTN)fdt_totalsize ((VOID*)(UINTN)FdtBlobBase) <= FdtBlobSize); + if (fdt_check_header ((VOID*)(UINTN)FdtBlobBase) != 0 || + (UINTN)fdt_totalsize ((VOID*)(UINTN)FdtBlobBase) > FdtBlobSize) { + DEBUG ((EFI_D_ERROR, "InstallFdt() - loaded FDT binary image seems corrupt\n")); + Status = EFI_LOAD_ERROR; + goto Error; + } // // Store the FDT as Runtime Service Data to prevent the Kernel from