git.ipfire.org Git - thirdparty/kernel/stable.git/commit

author	Ross Lagerwall <ross.lagerwall@citrix.com>
	Mon, 28 Jan 2019 10:04:24 +0000 (10:04 +0000)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Fri, 5 Apr 2019 20:33:04 +0000 (22:33 +0200)
commit	d60f458e4c4dddb4d7ad20656d41a0d83a3d855b
tree	e3e9b266e5b00d9d36c8fb239a7d43973da5b638	tree
parent	e57f4676b92fb8764e6a3ecee182f991345a38f3	commit \| diff

efi: cper: Fix possible out-of-bounds access

[ Upstream commit 45b14a4ffcc1e0b5caa246638f942cbe7eaea7ad ]

When checking a generic status block, we iterate over all the generic
data blocks. The loop condition only checks that the start of the
generic data block is valid (within estatus->data_length) but not the
whole block. Because the size of data blocks (excluding error data) may
vary depending on the revision and the revision is contained within the
data block, ensure that enough of the current data block is valid before
dereferencing any members otherwise an out-of-bounds access may occur if
estatus->data_length is invalid.

This relies on the fact that struct acpi_hest_generic_data_v300 is a
superset of the earlier version. Also rework the other checks to avoid
potential underflow.

Signed-off-by: Ross Lagerwall <ross.lagerwall@citrix.com>
Acked-by: Borislav Petkov <bp@suse.de>
Tested-by: Tyler Baicar <baicar.tyler@gmail.com>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>