>>> On 13.11.12 at 21:08, Matt Fleming <m...@console-pimps.org> wrote: > On Wed, 2012-11-07 at 16:46 +0000, Jan Beulich wrote: >> Header length should be validated for all ACPI tables before accessing >> any non-header field. >> >> Signed-off-by: Jan Beulich <jbeul...@suse.com> >> >> --- >> arch/x86/platform/efi/efi-bgrt.c | 2 ++ >> 1 file changed, 2 insertions(+) >> >> --- 3.7-rc4/arch/x86/platform/efi/efi-bgrt.c >> +++ 3.7-rc4-x86-EFI-BGRT-checks/arch/x86/platform/efi/efi-bgrt.c >> @@ -39,6 +39,8 @@ void efi_bgrt_init(void) >> if (ACPI_FAILURE(status)) >> return; >> >> + if (bgrt_tab->header.length < sizeof(*bgrt_tab)) >> + return; >> if (bgrt_tab->version != 1) >> return; >> if (bgrt_tab->image_type != 0 || !bgrt_tab->image_address) > > Guys, do you want me to take this into the efi tree? Jan, have you see > machines that actually trip up without this check? I'm trying to gauge > the urgency of this patch.
No, I haven't. I just spotted that omission in the context of the apparent lack of checking of the valid flag (which meanwhile was explained to me as being intentional). Jan -- To unsubscribe from this list: send the line "unsubscribe linux-efi" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
