From 2f77a50903403a9d83437286da24fee0200996eb Mon Sep 17 00:00:00 2001 From: Marcos Oviedo Date: Wed, 14 Dec 2022 15:17:58 -0300 Subject: [PATCH] Fixing size comparison in sanity check function - Check should consider optional strings (#9019) --- orbit/pkg/platform/platform_windows.go | 16 +++++++++------- orbit/pkg/platform/platform_windows_test.go | 7 +++++++ 2 files changed, 16 insertions(+), 7 deletions(-) diff --git a/orbit/pkg/platform/platform_windows.go b/orbit/pkg/platform/platform_windows.go index 757083d3ce..7bd03f61e8 100644 --- a/orbit/pkg/platform/platform_windows.go +++ b/orbit/pkg/platform/platform_windows.go @@ -197,13 +197,15 @@ func wmiGetSMBiosUUID() (string, error) { return strings.TrimSpace(outputByLines[1]), nil } -// It perform a UUID sanity check on a given byte array -func isValidUUID(uuidBytes []byte) (bool, error) { +// It performs a UUID sanity check on a given byte array +// The sectionPayloadBytes buffer contains the Smbios Structure Type 1 payload - This includes the actual UUID bytes + Optional section strings +func isValidUUID(sectionPayloadBytes []byte) (bool, error) { // SMBIOS constants from spec here - https://www.dmtf.org/sites/default/files/standards/documents/DSP0134_3.1.1.pdf - const uuidSize int = 0x10 // UUID size is calculated with field offset value (0xA) + node field length (6 bytes) + const uuidSize int = 0x10 // UUID size is calculated with field offset value (0xA) + node field length (6 bytes) - 16 bytes - 128bits long - // Sanity check on size - if len(uuidBytes) != uuidSize { + // Sanity check on min size of the input buffer + // Buffer should be long enough to contain an UUID + if len(sectionPayloadBytes) < uuidSize { return false, errors.New("Invalid input UUID size") } @@ -211,10 +213,10 @@ func isValidUUID(uuidBytes []byte) (bool, error) { // Logic is based on https://github.com/ContinuumLLC/godep-go-smbios/blob/ab7c733f1be8e55ed3e0587d1aa2d5883fe8801e/smbios/decoder.go#L135 only0xFF, only0x00 := true, true for i := 0; i < uuidSize && (only0x00 || only0xFF); i++ { - if uuidBytes[i] != 0x00 { + if sectionPayloadBytes[i] != 0x00 { only0x00 = false } - if uuidBytes[i] != 0xFF { + if sectionPayloadBytes[i] != 0xFF { only0xFF = false } } diff --git a/orbit/pkg/platform/platform_windows_test.go b/orbit/pkg/platform/platform_windows_test.go index 138a51474f..d02e190a64 100644 --- a/orbit/pkg/platform/platform_windows_test.go +++ b/orbit/pkg/platform/platform_windows_test.go @@ -36,3 +36,10 @@ func TestUUIDValid(t *testing.T) { assert.Nil(t, err, "UUID validation error: ") } + +func TestUUIDStringsIncludedInSectionPayload(t *testing.T) { + payloadWithUUIDAndStrings := []byte{0x11, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0x73, 0x6d, 0x62, 0x69, 0x6f, 0x73, 0x00} + _, err := isValidUUID(payloadWithUUIDAndStrings) + + assert.Nil(t, err, "UUID validation error: ") +}