On Mon, Mar 30, 2015 at 05:06:30PM -0600, Bruce Rogers wrote:
The SMBIOS anchor string _SM_ is stored within SeaBIOS to validate an SMBIOS entry point structure. There is the possibility (observed) that this comparison string ends up paragraph aligned and mistakenly found during a search for the real SMBIOS entry point. Ensure it will never end up on a paragraph boundary by storing it at odd alignment.
Thanks.
What OS was this on? It's really an OS bug as the OS needs to check both the signature and the checksum.
My preferred approach to addressing this would be to turn p->anchor_string into a u32 and do an integer compare instead of a string compare. Although technically this can lead to the same potential issue, in practice it should not happen because SeaBIOS' init code is relocated out of the f-segment during startup (while static strings are generally not).
-Kevin