kern/148546: [ipmi] Buffer overrun in the impi driver while
processing smbios date
John Baldwin
jhb at FreeBSD.org
Tue Jul 13 19:10:04 UTC 2010
The following reply was made to PR kern/148546; it has been noted by GNATS.
From: John Baldwin <jhb at FreeBSD.org>
To: bug-followup at FreeBSD.org, spencer_minear at mcafee.com
Cc:
Subject: Re: kern/148546: [ipmi] Buffer overrun in the impi driver while processing
smbios date
Date: Tue, 13 Jul 2010 15:06:02 -0400
Hmm, the smbios table parser in ipmi_smbios.c is a bit broken. :( I
think it was derived from a more generic parser. At some point it might
be useful to write a more generic smbios table parser that this code
could use, but the simplest fix might be to just simplify this code to
be more IPMI specific. For example, the IPMI table entry doesn't use
the strings at all, so the table of strings could just be dropped. We
could also remove the dispatch table and instead check the table entry
type in the the smbios_t38_proc_info() function. This is more like what
other places in the kernel do when walking tables e.g. the MADT or MP Table.
--
John Baldwin
More information about the freebsd-bugs
mailing list