Apply GCC's tainted_args attribute to library entrypoints
The implementation applies `__attribute__((tainted_args))` by
integrating it into the existing ABI macro annotations.
In the process, quite a number of APIs were discovered to be unsafe in
ways that were not immediately fixable. Often this is because they lack
arguments that enable the appropriate bounds-checking to be applied.
Redesigning them is work beyond the scope of the immediate
effort. Instead, we also introduce a new annotation,
LIBPLDM_ABI_DEPRECATED_UNSAFE, that simply lacks
`__attribute__((tainted_args))` and therefore doesn't trigger the extra
analysis.
Change-Id: Ib8994eaa3907a5432d040426ad03687cbf4c2136
Signed-off-by: Andrew Jeffery <andrew@codeconstruct.com.au>
diff --git a/src/dsp/base.c b/src/dsp/base.c
index 7aca3c8..67c4e68 100644
--- a/src/dsp/base.c
+++ b/src/dsp/base.c
@@ -327,13 +327,13 @@
return PLDM_SUCCESS;
}
-LIBPLDM_ABI_STABLE
+LIBPLDM_ABI_DEPRECATED_UNSAFE
int encode_get_version_resp(uint8_t instance_id, uint8_t completion_code,
uint32_t next_transfer_handle,
uint8_t transfer_flag, const ver32_t *version_data,
size_t version_size, struct pldm_msg *msg)
{
- if (NULL == msg) {
+ if (NULL == msg || NULL == version_data) {
return PLDM_ERROR_INVALID_DATA;
}
diff --git a/src/dsp/bios.c b/src/dsp/bios.c
index 5ef5e99..9768e4b 100644
--- a/src/dsp/bios.c
+++ b/src/dsp/bios.c
@@ -210,7 +210,7 @@
return PLDM_SUCCESS;
}
-LIBPLDM_ABI_STABLE
+LIBPLDM_ABI_DEPRECATED_UNSAFE
int encode_get_bios_table_resp(uint8_t instance_id, uint8_t completion_code,
uint32_t next_transfer_handle,
uint8_t transfer_flag, uint8_t *table_data,
@@ -426,7 +426,7 @@
return PLDM_SUCCESS;
}
-LIBPLDM_ABI_STABLE
+LIBPLDM_ABI_DEPRECATED_UNSAFE
int encode_get_bios_current_value_by_handle_resp(uint8_t instance_id,
uint8_t completion_code,
uint32_t next_transfer_handle,
diff --git a/src/dsp/bios_table.c b/src/dsp/bios_table.c
index 7e91b87..436b7e3 100644
--- a/src/dsp/bios_table.c
+++ b/src/dsp/bios_table.c
@@ -198,7 +198,7 @@
def_num;
}
-LIBPLDM_ABI_STABLE
+LIBPLDM_ABI_DEPRECATED_UNSAFE
int pldm_bios_table_attr_entry_enum_encode(
void *entry, size_t entry_length,
const struct pldm_bios_table_attr_entry_enum_info *info)
@@ -248,7 +248,7 @@
return PLDM_SUCCESS;
}
-LIBPLDM_ABI_STABLE
+LIBPLDM_ABI_DEPRECATED_UNSAFE
int pldm_bios_table_attr_entry_enum_decode_def_num(
const struct pldm_bios_attr_table_entry *entry, uint8_t *def_num)
{
@@ -281,7 +281,7 @@
return PLDM_SUCCESS;
}
-LIBPLDM_ABI_STABLE
+LIBPLDM_ABI_DEPRECATED_UNSAFE
uint8_t pldm_bios_table_attr_entry_enum_decode_def_indices(
const struct pldm_bios_attr_table_entry *entry, uint8_t *def_indices,
uint8_t def_num)
@@ -961,7 +961,7 @@
ssize_t (*entry_length_handler)(const void *table_entry);
};
-LIBPLDM_ABI_STABLE
+LIBPLDM_ABI_DEPRECATED_UNSAFE
struct pldm_bios_table_iter *
pldm_bios_table_iter_create(const void *table, size_t length,
enum pldm_bios_table_types type)
@@ -997,7 +997,7 @@
}
#define pad_and_check_max 7
-LIBPLDM_ABI_STABLE
+LIBPLDM_ABI_DEPRECATED_UNSAFE
bool pldm_bios_table_iter_is_end(const struct pldm_bios_table_iter *iter)
{
ssize_t len;
@@ -1006,6 +1006,10 @@
return true;
}
+ if (iter->current_pos > iter->table_len) {
+ return true;
+ }
+
if (iter->table_len - iter->current_pos <= pad_and_check_max) {
return true;
}
@@ -1077,7 +1081,7 @@
return false;
}
-LIBPLDM_ABI_STABLE
+LIBPLDM_ABI_DEPRECATED_UNSAFE
const struct pldm_bios_string_table_entry *
pldm_bios_table_string_find_by_handle(const void *table, size_t length,
uint16_t handle)
@@ -1107,7 +1111,7 @@
return true;
}
-LIBPLDM_ABI_STABLE
+LIBPLDM_ABI_DEPRECATED_UNSAFE
const struct pldm_bios_string_table_entry *
pldm_bios_table_string_find_by_string(const void *table, size_t length,
const char *str)
@@ -1127,7 +1131,7 @@
handle;
}
-LIBPLDM_ABI_STABLE
+LIBPLDM_ABI_DEPRECATED_UNSAFE
const struct pldm_bios_attr_table_entry *
pldm_bios_table_attr_find_by_handle(const void *table, size_t length,
uint16_t handle)
@@ -1144,7 +1148,7 @@
return pldm_bios_table_attr_entry_decode_string_handle(entry) == handle;
}
-LIBPLDM_ABI_STABLE
+LIBPLDM_ABI_DEPRECATED_UNSAFE
const struct pldm_bios_attr_table_entry *
pldm_bios_table_attr_find_by_string_handle(const void *table, size_t length,
uint16_t handle)
@@ -1160,7 +1164,7 @@
return pldm_bios_table_attr_value_entry_decode_handle(entry) == handle;
}
-LIBPLDM_ABI_STABLE
+LIBPLDM_ABI_DEPRECATED_UNSAFE
const struct pldm_bios_attr_val_table_entry *
pldm_bios_table_attr_value_find_by_handle(const void *table, size_t length,
uint16_t handle)
diff --git a/src/dsp/fru.c b/src/dsp/fru.c
index 6de41b4..9e450ce 100644
--- a/src/dsp/fru.c
+++ b/src/dsp/fru.c
@@ -172,7 +172,7 @@
return PLDM_SUCCESS;
}
-LIBPLDM_ABI_STABLE
+LIBPLDM_ABI_DEPRECATED_UNSAFE
int encode_fru_record(uint8_t *fru_table, size_t total_size, size_t *curr_size,
uint16_t record_set_id, uint8_t record_type,
uint8_t num_frus, uint8_t encoding, uint8_t *tlvs,
diff --git a/src/dsp/pdr.c b/src/dsp/pdr.c
index 326233c..3a132a3 100644
--- a/src/dsp/pdr.c
+++ b/src/dsp/pdr.c
@@ -1255,7 +1255,7 @@
return rc;
}
-LIBPLDM_ABI_DEPRECATED
+LIBPLDM_ABI_DEPRECATED_UNSAFE
void pldm_entity_association_tree_copy_root(
pldm_entity_association_tree *org_tree,
pldm_entity_association_tree *new_tree)
diff --git a/src/dsp/platform.c b/src/dsp/platform.c
index 79eff6d..065b113 100644
--- a/src/dsp/platform.c
+++ b/src/dsp/platform.c
@@ -346,7 +346,7 @@
return PLDM_SUCCESS;
}
-LIBPLDM_ABI_STABLE
+LIBPLDM_ABI_DEPRECATED_UNSAFE
int encode_get_pdr_resp(uint8_t instance_id, uint8_t completion_code,
uint32_t next_record_hndl,
uint32_t next_data_transfer_hndl, uint8_t transfer_flag,
diff --git a/src/oem/ibm/file_io.c b/src/oem/ibm/file_io.c
index 71acf72..d8960fa 100644
--- a/src/oem/ibm/file_io.c
+++ b/src/oem/ibm/file_io.c
@@ -135,13 +135,14 @@
return PLDM_SUCCESS;
}
-LIBPLDM_ABI_STABLE
+LIBPLDM_ABI_DEPRECATED_UNSAFE
int encode_get_file_table_resp(uint8_t instance_id, uint8_t completion_code,
uint32_t next_transfer_handle,
uint8_t transfer_flag, const uint8_t *table_data,
size_t table_size, struct pldm_msg *msg)
{
- if (msg == NULL) {
+ if ((completion_code == PLDM_SUCCESS && table_data == NULL) ||
+ msg == NULL) {
return PLDM_ERROR_INVALID_LENGTH;
}
diff --git a/src/oem/meta/file_io.c b/src/oem/meta/file_io.c
index 966a262..db9407b 100644
--- a/src/oem/meta/file_io.c
+++ b/src/oem/meta/file_io.c
@@ -55,7 +55,7 @@
return pldm_msgbuf_destroy_consumed(buf);
}
-LIBPLDM_ABI_DEPRECATED
+LIBPLDM_ABI_DEPRECATED_UNSAFE
int decode_oem_meta_file_io_req(const struct pldm_msg *msg,
size_t payload_length, uint8_t *file_handle,
uint32_t *length, uint8_t *data)
@@ -69,6 +69,10 @@
return pldm_xlate_errno(-EINVAL);
}
+ if (SIZE_MAX - sizeof(*request_msg) < payload_length) {
+ return pldm_xlate_errno(-EOVERFLOW);
+ }
+
request_msg_len = sizeof(*request_msg) + payload_length;
request_msg = malloc(request_msg_len);