git: bb04712e3772 - main - smbios: Carefully print wrong entry point signature on identify

Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: Olivier Certner <olce_at_FreeBSD.org>
Date: Fri, 07 Mar 2025 16:44:43 UTC
The branch main has been updated by olce:

URL: https://cgit.FreeBSD.org/src/commit/?id=bb04712e37723d112b2fad28af4b035ef35a25be

commit bb04712e37723d112b2fad28af4b035ef35a25be
Author:     Olivier Certner <olce@FreeBSD.org>
AuthorDate: 2025-03-03 09:30:00 +0000
Commit:     Olivier Certner <olce@FreeBSD.org>
CommitDate: 2025-03-07 16:42:46 +0000

    smbios: Carefully print wrong entry point signature on identify
    
    Using printf() with '%s' can lead to arbitrary long printing (although,
    usually, a NUL byte should appear quite quickly) and trying to print
    unprintable characters.
    
    Instead, print in hexadecimal the exact bytes that are compared to the
    expected signature.
    
    MFC after:      2 weeks
    Sponsored by:   The FreeBSD Foundation
---
 sys/dev/smbios/smbios.c | 41 +++++++++++++++++++++++++++++------------
 1 file changed, 29 insertions(+), 12 deletions(-)

diff --git a/sys/dev/smbios/smbios.c b/sys/dev/smbios/smbios.c
index 67443d75c8fa..2cc8e3ff21c4 100644
--- a/sys/dev/smbios/smbios.c
+++ b/sys/dev/smbios/smbios.c
@@ -124,21 +124,13 @@ smbios_identify (driver_t *driver, device_t parent)
 	if (map_size == sizeof(*eps3)) {
 		eps3 = ptr;
 		length = eps3->length;
-		if (memcmp(eps3->anchor_string,
-		    SMBIOS3_SIG, SMBIOS3_LEN) != 0) {
-			printf("smbios3: corrupt sig %s found\n",
-			    eps3->anchor_string);
-			goto unmap_return;
-		}
+		if (memcmp(eps3->anchor_string, SMBIOS3_SIG, SMBIOS3_LEN) != 0)
+			goto corrupt_sig;
 	} else {
 		eps = ptr;
 		length = eps->length;
-		if (memcmp(eps->anchor_string,
-		    SMBIOS_SIG, SMBIOS_LEN) != 0) {
-			printf("smbios: corrupt sig %s found\n",
-			    eps->anchor_string);
-			goto unmap_return;
-		}
+		if (memcmp(eps->anchor_string, SMBIOS_SIG, SMBIOS_LEN) != 0)
+			goto corrupt_sig;
 	}
 	if (length != map_size) {
 		/*
@@ -167,6 +159,31 @@ smbios_identify (driver_t *driver, device_t parent)
 unmap_return:
 	pmap_unmapbios(ptr, map_size);
 	return;
+
+corrupt_sig:
+	{
+		const char *sig;
+	        const char *table_ver_str;
+		size_t i, end;
+
+		if (map_size == sizeof(*eps3)) {
+			sig = eps3->anchor_string;
+			table_ver_str = "64";
+			end = SMBIOS3_LEN;
+		} else {
+			sig = eps->anchor_string;
+			table_ver_str = "32";
+			end = SMBIOS_LEN;
+		}
+
+		/* Space after ':' printed by the loop. */
+		printf("smbios: %s-bit Entry Point: Corrupt signature (hex):",
+		    table_ver_str);
+		for (i = 0; i < end; ++i)
+			printf(" %02hhx", sig[i]);
+		printf("\n");
+	}
+	goto unmap_return;
 }
 
 static int