Add check for header length > file length to prevent fault. Small

other cleanups. date 2005.04.05.19.01.00; author rmoore1; state Exp;
2025-03-09 15:51:37 +03:00 · 2005-06-29 16:22:44 +00:00 · 2005-06-29 16:22:44 +00:00 · c5fb601a03
commit c5fb601a03
parent 17d6d57be0
1 changed files with 48 additions and 26 deletions
--- a/source/components/debugger/dbfileio.c
+++ b/source/components/debugger/dbfileio.c
@ -2,7 +2,7 @@
 *
 * Module Name: dbfileio - Debugger file I/O commands.  These can't usually
 *              be used when running the debugger in Ring 0 (Kernel mode)
- *              $Revision: 1.74 $
+ *              $Revision: 1.81 $
 *
 ******************************************************************************/

@ -10,7 +10,7 @@
 *
 * 1. Copyright Notice
 *
- * Some or all of this work - Copyright (c) 1999 - 2003, Intel Corp.
+ * Some or all of this work - Copyright (c) 1999 - 2005, Intel Corp.
 * All rights reserved.
 *
 * 2. License
@ -126,7 +126,6 @@
 #define _COMPONENT          ACPI_CA_DEBUGGER
        ACPI_MODULE_NAME    ("dbfileio")

-
 /*
 * NOTE: this is here for lack of a better place.  It is used in all
 * flavors of the debugger, need LCD file
@ -136,6 +135,18 @@
 FILE                        *AcpiGbl_DebugFile = NULL;
 #endif

+/* Local prototypes */
+
+static ACPI_STATUS
+AcpiDbCheckTextModeCorruption (
+    UINT8                   *Table,
+    UINT32                  TableLength,
+    UINT32                  FileLength);
+
+static ACPI_STATUS
+AeLocalLoadTable (
+    ACPI_TABLE_HEADER       *TablePtr);
+

 #ifdef ACPI_DEBUGGER
 /*******************************************************************************
@ -144,7 +155,7 @@ FILE                        *AcpiGbl_DebugFile = NULL;
 *
 * PARAMETERS:  None
 *
- * RETURN:      Status
+ * RETURN:      None
 *
 * DESCRIPTION: If open, close the current debug output file
 *
@ -174,7 +185,7 @@ AcpiDbCloseDebugFile (
 *
 * PARAMETERS:  Name                - Filename to open
 *
- * RETURN:      Status
+ * RETURN:      None
 *
 * DESCRIPTION: Open a file where debug output will be directed.
 *
@ -235,8 +246,9 @@ AcpiDbCheckTextModeCorruption (

    if (TableLength != FileLength)
    {
-        ACPI_REPORT_WARNING (("File length (0x%X) is not the same as the table length (0x%X)\n",
-                FileLength, TableLength));
+        ACPI_REPORT_WARNING ((
+            "File length (0x%X) is not the same as the table length (0x%X)\n",
+            FileLength, TableLength));
    }

    /* Scan entire table to determine if each LF has been prefixed with a CR */
@ -247,7 +259,7 @@ AcpiDbCheckTextModeCorruption (
        {
            if (Table[i - 1] != 0x0D)
            {
-                /* the LF does not have a preceeding CR, table is not corrupted */
+                /* The LF does not have a preceeding CR, table not corrupted */

                return (AE_OK);
            }
@ -261,12 +273,12 @@ AcpiDbCheckTextModeCorruption (
        }
    }

-    /* 
+    /*
     * Entire table scanned, each CR is part of a CR/LF pair --
     * meaning that the table was treated as a text file somewhere.
     *
     * NOTE: We can't "fix" the table, because any existing CR/LF pairs in the
-     * original table are left untouched by the text conversion process -- 
+     * original table are left untouched by the text conversion process --
     * meaning that we cannot simply replace CR/LF pairs with LFs.
     */
    AcpiOsPrintf ("Table has been corrupted by text mode conversion\n");
@ -308,20 +320,30 @@ AcpiDbReadTable (

    /* Read the table header */

-    if (fread (&TableHeader, 1, sizeof (TableHeader), fp) != sizeof (ACPI_TABLE_HEADER))
+    if (fread (&TableHeader, 1, sizeof (TableHeader), fp) !=
+            sizeof (ACPI_TABLE_HEADER))
    {
-        AcpiOsPrintf ("Couldn't read the table header\n");
-        return (AE_BAD_SIGNATURE);
+        AcpiOsPrintf ("Could not read the table header\n");
+        return (AE_BAD_HEADER);
    }

    /* Validate the table header/length */

    Status = AcpiTbValidateTableHeader (&TableHeader);
-    if ((ACPI_FAILURE (Status)) ||
-        (TableHeader.Length > 0x800000))  /* 8 Mbyte should be enough */
+    if (ACPI_FAILURE (Status))
    {
        AcpiOsPrintf ("Table header is invalid!\n");
-        return (AE_ERROR);
+        return (Status);
+    }
+
+    /* File size must be at least as long as the Header-specified length */
+
+    if (TableHeader.Length > FileSize)
+    {
+        AcpiOsPrintf (
+            "TableHeader length [0x%X] greater than the input file size [0x%X]\n",
+            TableHeader.Length, FileSize);
+        return (AE_BAD_HEADER);
    }

    /* We only support a limited number of table types */
@ -330,7 +352,8 @@ AcpiDbReadTable (
        ACPI_STRNCMP ((char *) TableHeader.Signature, PSDT_SIG, 4) &&
        ACPI_STRNCMP ((char *) TableHeader.Signature, SSDT_SIG, 4))
    {
-        AcpiOsPrintf ("Table signature is invalid\n");
+        AcpiOsPrintf ("Table signature [%4.4s] is invalid or not supported\n",
+            (char *) TableHeader.Signature);
        ACPI_DUMP_BUFFER (&TableHeader, sizeof (ACPI_TABLE_HEADER));
        return (AE_ERROR);
    }
@ -341,8 +364,9 @@ AcpiDbReadTable (
    *Table = AcpiOsAllocate ((size_t) (FileSize));
    if (!*Table)
    {
-        AcpiOsPrintf ("Could not allocate memory for ACPI table %4.4s (size=%X)\n",
-                    TableHeader.Signature, TableHeader.Length);
+        AcpiOsPrintf (
+            "Could not allocate memory for ACPI table %4.4s (size=0x%X)\n",
+            TableHeader.Signature, TableHeader.Length);
        return (AE_NO_MEMORY);
    }

@ -358,7 +382,7 @@ AcpiDbReadTable (

        if (Status == AE_BAD_CHECKSUM)
        {
-            Status = AcpiDbCheckTextModeCorruption ((UINT8 *) *Table, 
+            Status = AcpiDbCheckTextModeCorruption ((UINT8 *) *Table,
                        FileSize, (*Table)->Length);
            return (Status);
        }
@ -379,7 +403,6 @@ AcpiDbReadTable (

    return (AE_ERROR);
 }
-#endif


 /*******************************************************************************
@ -398,7 +421,7 @@ AcpiDbReadTable (
 *
 ******************************************************************************/

-ACPI_STATUS
+static ACPI_STATUS
 AeLocalLoadTable (
    ACPI_TABLE_HEADER       *Table)
 {
@ -448,7 +471,6 @@ AeLocalLoadTable (
 }


-#ifdef ACPI_APPLICATION
 /*******************************************************************************
 *
 * FUNCTION:    AcpiDbReadTableFromFile
@ -489,7 +511,7 @@ AcpiDbReadTableFromFile (

    if (ACPI_FAILURE (Status))
    {
-        AcpiOsPrintf ("Couldn't get table from the file\n");
+        AcpiOsPrintf ("Could not get table from the file\n");
        return (Status);
    }

@ -502,8 +524,8 @@ AcpiDbReadTableFromFile (
 *
 * FUNCTION:    AcpiDbGetTableFromFile
 *
- * PARAMETERS:  Filename         - File where table is located
- *              Table            - Where a pointer to the table is returned
+ * PARAMETERS:  Filename        - File where table is located
+ *              ReturnTable     - Where a pointer to the table is returned
 *
 * RETURN:      Status
 *