Gitiles
Code Review Sign In
gerrit.openbmc.org / openbmc / libpldm / 3b5ab929eec37a8ecae98cbf85bed887f7fb6bce^! / .
commit3b5ab929eec37a8ecae98cbf85bed887f7fb6bce[log] [tgz]
authorAndrew Jeffery <andrew@codeconstruct.com.au>Sun Sep 22 15:20:50 2024 +0930
committerAndrew Jeffery <andrew@codeconstruct.com.au>Mon Sep 23 21:46:34 2024 +0930
tree81106475a62e7f8a528636c4d849ed50abbf0d6e
parent5c49f162bab068e988736880b18e0fa4be6489d7 [diff]
dsp: bios_table: Null check for pldm_bios_table_iter_is_end()

GCC's -fanalyzer identified the following:

```
In file included from ../tests/dsp/bios_table_iter.c:15:
../src/dsp/bios_table.c: In function ‘pldm_bios_table_iter_is_end’:
../src/dsp/bios_table.c:991:17: error: dereference of NULL ‘iter’ [CWE-476] [-Werror=analyzer-null-dereference]
  991 |         if (iter->table_len - iter->current_pos <= pad_and_check_max) {
      |             ~~~~^~~~~~~~~~~
```

As a safety measure, return true to indicate the end of the iterator if
the iterator is null.

Fixes: 9c76679224cf ("libpldm: Migrate to subproject")
Change-Id: I18eec144120054de33eb351f9a80dee936118126
Signed-off-by: Andrew Jeffery <andrew@codeconstruct.com.au>

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 55a18e7..9f6d0b8 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md

@@ -25,6 +25,13 @@
 4. pdr: Add pldm_entity_association_pdr_remove_contained_entity()
 5. pdr: Add pldm_pdr_remove_fru_record_set_by_rsi()
 
+### Changed
+
+1. dsp: bios_table: Null check for pldm_bios_table_iter_is_end()
+
+   pldm_bios_table_iter_is_end() now returns true if the provided argument is
+   NULL.
+
 ### Deprecated
 
 1. oem: meta: Deprecate `decode_oem_meta_file_io_req()`
@@ -61,6 +68,13 @@
    - `pldm_pdr_add_check()`
    - `pldm_pdr_add_fru_record_set_check()`
 
+### Fixed
+
+1. dsp: bios_table: Null check for pldm_bios_table_iter_is_end()
+
+   Avoid a caller-controlled NULL pointer dereference in the library
+   implementation.
+
 ## [0.9.1] - 2024-09-07
 
 ### Changed

diff --git a/include/libpldm/bios_table.h b/include/libpldm/bios_table.h
index 8d92166..288a984 100644
--- a/include/libpldm/bios_table.h
+++ b/include/libpldm/bios_table.h

@@ -35,7 +35,8 @@
 
 /** @brief Check if the iterator reaches the end of the bios table
  *  @param[in] iter - Pointer to the bios table iterator
- *  @return true if iterator reaches the end
+ *  @return true if either the iterator reaches the end or @p iter is NULL,
+ *          otherwise false.
  *  @note *end* is a position after the last entry.
  */
 bool pldm_bios_table_iter_is_end(const struct pldm_bios_table_iter *iter);

diff --git a/src/dsp/bios_table.c b/src/dsp/bios_table.c
index 34258af..e595c00 100644
--- a/src/dsp/bios_table.c
+++ b/src/dsp/bios_table.c

@@ -988,6 +988,10 @@
 {
 	ssize_t len;
 
+	if (!iter) {
+		return true;
+	}
+
 	if (iter->table_len - iter->current_pos <= pad_and_check_max) {
 		return true;
 	}

diff --git a/tests/dsp/bios_table.cpp b/tests/dsp/bios_table.cpp
index c2b73ea..99e17ba 100644
--- a/tests/dsp/bios_table.cpp
+++ b/tests/dsp/bios_table.cpp

@@ -484,6 +484,8 @@
     pldm_bios_table_iter_next(iter);
     EXPECT_TRUE(pldm_bios_table_iter_is_end(iter));
     pldm_bios_table_iter_free(iter);
+
+    EXPECT_TRUE(pldm_bios_table_iter_is_end(nullptr));
 }
 
 TEST(AttrTable, FindTest)