Re: [PATCH] firmware: dmi: Fortify entry point length checks

[Jean Delvare]

Hi Andy,

On Wed, 7 Sep 2022 17:52:10 +0300, Andy Shevchenko wrote:
> On Wed, Sep 7, 2022 at 11:30 AM Jean Delvare <jdelvare@xxxxxxx> wrote:
> >
> > Ensure that the SMBIOS entry point is long enough to include all the
> > fields we need. Otherwise it is pointless to even attempt to verify
> > its checksum.
> >
> > Also fix the maximum length check, which is technically 32, not 31.
> > It does not matter in practice as the only valid values are 31 (for
> > SMBIOS 2.x)  
> 
> "NOTE: This value was incorrectly stated in version 2.1 of this specification as
> 1Eh. Because of this, there might be version 2.1 implementations that
> use either the 1Eh or the 1Fh value, but version 2.2 or later
> implementations must use the 1Fh value."

Good point, so maybe we should accept 0x1E and treat is silently as
0x1F (which is what we have been doing implicitly so far) for maximum
compatibility?

> > and 24 (for SMBIOS 3.x), but let's still have the check
> > right in case new fields are added to either structure in the
> > future.  
> 
> Thanks, makes sense to me. But probably needs more work :-)

Of course more work would presumably be needed there, but I assume such
changes would have to be compatible with previous implementations, so
we don't want to choke on a length check for no reason.

-- 
Jean Delvare
SUSE L3 Support