[PATCH 1/1] smbios: buffer overflow when zeroing entry point
Ilias Apalodimas
ilias.apalodimas at linaro.org
Thu Jan 11 08:29:56 CET 2024
On Thu, 11 Jan 2024 at 08:34, Heinrich Schuchardt
<heinrich.schuchardt at canonical.com> wrote:
>
> A SMBIOS 3 entry point has a different length than an SMBIOS 2.1 entry
> point.
>
> Fixes: 70924294f375 ("smbios: Use SMBIOS 3.0 to support an address above 4GB")
> Fixes: 1c5f6fa3883d ("smbios: Drop support for SMBIOS2 tables")
> Addresses-Coverity-ID: 477212 ("Wrong sizeof argument")
> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt at canonical.com>
> ---
> lib/smbios.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/lib/smbios.c b/lib/smbios.c
> index 41aa936c4c..25595f55ab 100644
> --- a/lib/smbios.c
> +++ b/lib/smbios.c
> @@ -591,8 +591,8 @@ ulong write_smbios_table(ulong addr)
> table_addr = (ulong)map_sysmem(tables, 0);
>
> /* now go back and write the SMBIOS3 header */
> - se = map_sysmem(start_addr, sizeof(struct smbios_entry));
> - memset(se, '\0', sizeof(struct smbios_entry));
> + se = map_sysmem(start_addr, sizeof(struct smbios3_entry));
> + memset(se, '\0', sizeof(struct smbios3_entry));
> memcpy(se->anchor, "_SM3_", 5);
> se->length = sizeof(struct smbios3_entry);
> se->major_ver = SMBIOS_MAJOR_VER;
> --
> 2.43.0
>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas at linaro.org>
More information about the U-Boot
mailing list