mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-03-10 17:29:40 +01:00
Code Issues Packages Projects Releases Wiki Activity

dmidecode: fixup for CVE-2023-30630

Browse Source 
The previous CVE-2023-30630_1.patch picked only the patch
"dmidecode: Write the whole dump file at once" d8cfbc808f.
But there was a refactoring which does not allow to cherry-pick it fast
forward. Resolving this conflict was not correctly done. The patch was:

+    u32 len;
+    u8 *table;
...
-    if (!(opt.flags & FLAG_QUIET))
-        pr_comment("Writing %d bytes to %s.", crafted[0x05],
-                   opt.dumpfile);
-    write_dump(0, crafted[0x05], crafted, opt.dumpfile, 1);
+    dmi_table_dump(crafted, crafted[0x05], table, len);

It looks like the variables len and table have been added without
initialization.
Now this problem is solved by applying the previous refactoring as
well. Patch 1 gets replaced by Patch 1a and Patch 1b. Patch 2..4 are
rebased without changes.

(From OE-Core rev: ea069a94a213cc153528aebfc387f30215566cc7)

Signed-off-by: Adrian Freihofer <adrian.freihofer@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
This commit is contained in:
Adrian Freihofer
2023-08-16 12:58:20 +02:00
committed by Steve Sakoman
parent 5eab65275d
commit 3d4850b3ea
6 changed files with 394 additions and 191 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
meta/recipes-devtools/dmidecode/dmidecode/CVE-2023-30630_2.patch
View File

@@ -1,7 +1,8 @@
From 47101389dd52b50123a3ec59fed4d2021752e489 Mon Sep 17 00:00:00 2001
From 2d26f187c734635d072d24ea401255b84f03f4c4 Mon Sep 17 00:00:00 2001
From: Jean Delvare <jdelvare@suse.de>
Date: Tue, 27 Jun 2023 10:03:53 +0000
Subject: [PATCH] dmidecode: Do not let --dump-bin overwrite an existing file
Subject: [PATCH 3/5] dmidecode: Do not let --dump-bin overwrite an existing
file
Make sure that the file passed to option --dump-bin does not already
exist. In practice, it is rather unlikely that an honest user would
@@ -17,14 +18,13 @@ Upstream-Status: Backport
[https://github.com/mirror/dmidecode/commit/6ca381c1247c81f74e1ca4e7706f70bdda72e6f2]
Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
---
dmidecode.c | 14 ++++++++++++--
man/dmidecode.8 | 3 ++-
2 files changed, 14 insertions(+), 3 deletions(-)
diff --git a/dmidecode.c b/dmidecode.c
index ae461de..6446040 100644
index a80a140..32a77cc 100644
--- a/dmidecode.c
+++ b/dmidecode.c
@@ -60,6 +60,7 @@
@@ -78,3 +78,6 @@ index 64dc7e7..d5b7f01 100644
.TP
.BR " " " " "--from-dump FILE"
Read the DMI data from a binary file previously generated using
--
2.41.0