mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-02-20 08:29:42 +01:00
Code Issues Packages Projects Releases Wiki Activity

dmidecode: fixup for CVE-2023-30630

Browse Source 
The previous CVE-2023-30630_1.patch picked only the patch
"dmidecode: Write the whole dump file at once" d8cfbc808f.
But there was a refactoring which does not allow to cherry-pick it fast
forward. Resolving this conflict was not correctly done. The patch was:

+    u32 len;
+    u8 *table;
...
-    if (!(opt.flags & FLAG_QUIET))
-        pr_comment("Writing %d bytes to %s.", crafted[0x05],
-                   opt.dumpfile);
-    write_dump(0, crafted[0x05], crafted, opt.dumpfile, 1);
+    dmi_table_dump(crafted, crafted[0x05], table, len);

It looks like the variables len and table have been added without
initialization.
Now this problem is solved by applying the previous refactoring as
well. Patch 1 gets replaced by Patch 1a and Patch 1b. Patch 2..4 are
rebased without changes.

This is basically the same patch as in kirkstone:
ea069a94a2 dmidecode: fixup for CVE-2023-30630

(From OE-Core rev: 0bc69dc078c39381a39789d3c5fff673d7da994c)

Signed-off-by: Sean Nyekjaer <sean@geanix.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
This commit is contained in:
Sean Nyekjaer
2023-10-16 14:21:58 +02:00
committed by Steve Sakoman
parent 9954a4df00
commit d4bc6a9374
6 changed files with 539 additions and 103 deletions
Download Patch File Download Diff File Expand all files Collapse all files

236
meta/recipes-devtools/dmidecode/dmidecode/CVE-2023-30630_1a.patch Normal file
View File

@@ -0,0 +1,236 @@
From ee6db10dd70b8fdc7a93cffd7cf5bc7a28f9d3d7 Mon Sep 17 00:00:00 2001
From: Jean Delvare <jdelvare@suse.de>
Date: Mon, 20 Feb 2023 14:53:21 +0100
Subject: [PATCH 1/5] dmidecode: Split table fetching from decoding
Clean up function dmi_table so that it does only one thing:
* dmi_table() is renamed to dmi_table_get(). It now retrieves the
DMI table, but does not process it any longer.
* Decoding or dumping the table is now done in smbios3_decode(),
smbios_decode() and legacy_decode().
No functional change.
A side effect of this change is that writing the header and body of
dump files is now done in a single location. This is required to
further consolidate the writing of dump files.
Signed-off-by: Jean Delvare <jdelvare@suse.de>
Reviewed-by: Jerry Hoemann <jerry.hoemann@hpe.com>
CVE: CVE-2023-30630
Upstream-Status: Backport [https://git.savannah.nongnu.org/cgit/dmidecode.git/commit/?id=39b2dd7b6ab719b920e96ed832cfb4bdd664e808]
Signed-off-by: Adrian Freihofer <adrian.freihofer@siemens.com>
---
dmidecode.c | 86 ++++++++++++++++++++++++++++++++++++++---------------
1 file changed, 62 insertions(+), 24 deletions(-)
diff --git a/dmidecode.c b/dmidecode.c
index cd2b5c9..b082c03 100644
--- a/dmidecode.c
+++ b/dmidecode.c
@@ -5247,8 +5247,9 @@ static void dmi_table_decode(u8 *buf, u32 len, u16 num, u16 ver, u32 flags)
}
}
-static void dmi_table(off_t base, u32 len, u16 num, u32 ver, const char *devmem,
- u32 flags)
+/* Allocates a buffer for the table, must be freed by the caller */
+static u8 *dmi_table_get(off_t base, u32 *len, u16 num, u32 ver,
+ const char *devmem, u32 flags)
{
u8 *buf;
@@ -5267,7 +5268,7 @@ static void dmi_table(off_t base, u32 len, u16 num, u32 ver, const char *devmem,
{
if (num)
pr_info("%u structures occupying %u bytes.",
- num, len);
+ num, *len);
if (!(opt.flags & FLAG_FROM_DUMP))
pr_info("Table at 0x%08llX.",
(unsigned long long)base);
@@ -5285,19 +5286,19 @@ static void dmi_table(off_t base, u32 len, u16 num, u32 ver, const char *devmem,
* would be the result of the kernel truncating the table on
* parse error.
*/
- size_t size = len;
+ size_t size = *len;
buf = read_file(flags & FLAG_NO_FILE_OFFSET ? 0 : base,
&size, devmem);
- if (!(opt.flags & FLAG_QUIET) && num && size != (size_t)len)
+ if (!(opt.flags & FLAG_QUIET) && num && size != (size_t)*len)
{
fprintf(stderr, "Wrong DMI structures length: %u bytes "
"announced, only %lu bytes available.\n",
- len, (unsigned long)size);
+ *len, (unsigned long)size);
}
- len = size;
+ *len = size;
}
else
- buf = mem_chunk(base, len, devmem);
+ buf = mem_chunk(base, *len, devmem);
if (buf == NULL)
{
@@ -5307,15 +5308,9 @@ static void dmi_table(off_t base, u32 len, u16 num, u32 ver, const char *devmem,
fprintf(stderr,
"Try compiling dmidecode with -DUSE_MMAP.\n");
#endif
- return;
}
- if (opt.flags & FLAG_DUMP_BIN)
- dmi_table_dump(buf, len);
- else
- dmi_table_decode(buf, len, num, ver >> 8, flags);
-
- free(buf);
+ return buf;
}
@@ -5350,8 +5345,9 @@ static void overwrite_smbios3_address(u8 *buf)
static int smbios3_decode(u8 *buf, const char *devmem, u32 flags)
{
- u32 ver;
+ u32 ver, len;
u64 offset;
+ u8 *table;
/* Don't let checksum run beyond the buffer */
if (buf[0x06] > 0x20)
@@ -5377,8 +5373,12 @@ static int smbios3_decode(u8 *buf, const char *devmem, u32 flags)
return 0;
}
- dmi_table(((off_t)offset.h << 32) | offset.l,
- DWORD(buf + 0x0C), 0, ver, devmem, flags | FLAG_STOP_AT_EOT);
+ /* Maximum length, may get trimmed */
+ len = DWORD(buf + 0x0C);
+ table = dmi_table_get(((off_t)offset.h << 32) | offset.l, &len, 0, ver,
+ devmem, flags | FLAG_STOP_AT_EOT);
+ if (table == NULL)
+ return 1;
if (opt.flags & FLAG_DUMP_BIN)
{
@@ -5387,18 +5387,28 @@ static int smbios3_decode(u8 *buf, const char *devmem, u32 flags)
memcpy(crafted, buf, 32);
overwrite_smbios3_address(crafted);
+ dmi_table_dump(table, len);
if (!(opt.flags & FLAG_QUIET))
pr_comment("Writing %d bytes to %s.", crafted[0x06],
opt.dumpfile);
write_dump(0, crafted[0x06], crafted, opt.dumpfile, 1);
}
+ else
+ {
+ dmi_table_decode(table, len, 0, ver >> 8,
+ flags | FLAG_STOP_AT_EOT);
+ }
+
+ free(table);
return 1;
}
static int smbios_decode(u8 *buf, const char *devmem, u32 flags)
{
- u16 ver;
+ u16 ver, num;
+ u32 len;
+ u8 *table;
/* Don't let checksum run beyond the buffer */
if (buf[0x05] > 0x20)
@@ -5438,8 +5448,13 @@ static int smbios_decode(u8 *buf, const char *devmem, u32 flags)
pr_info("SMBIOS %u.%u present.",
ver >> 8, ver & 0xFF);
- dmi_table(DWORD(buf + 0x18), WORD(buf + 0x16), WORD(buf + 0x1C),
- ver << 8, devmem, flags);
+ /* Maximum length, may get trimmed */
+ len = WORD(buf + 0x16);
+ num = WORD(buf + 0x1C);
+ table = dmi_table_get(DWORD(buf + 0x18), &len, num, ver << 8,
+ devmem, flags);
+ if (table == NULL)
+ return 1;
if (opt.flags & FLAG_DUMP_BIN)
{
@@ -5448,27 +5463,43 @@ static int smbios_decode(u8 *buf, const char *devmem, u32 flags)
memcpy(crafted, buf, 32);
overwrite_dmi_address(crafted + 0x10);
+ dmi_table_dump(table, len);
if (!(opt.flags & FLAG_QUIET))
pr_comment("Writing %d bytes to %s.", crafted[0x05],
opt.dumpfile);
write_dump(0, crafted[0x05], crafted, opt.dumpfile, 1);
}
+ else
+ {
+ dmi_table_decode(table, len, num, ver, flags);
+ }
+
+ free(table);
return 1;
}
static int legacy_decode(u8 *buf, const char *devmem, u32 flags)
{
+ u16 ver, num;
+ u32 len;
+ u8 *table;
+
if (!checksum(buf, 0x0F))
return 0;
+ ver = ((buf[0x0E] & 0xF0) << 4) + (buf[0x0E] & 0x0F);
if (!(opt.flags & FLAG_QUIET))
pr_info("Legacy DMI %u.%u present.",
buf[0x0E] >> 4, buf[0x0E] & 0x0F);
- dmi_table(DWORD(buf + 0x08), WORD(buf + 0x06), WORD(buf + 0x0C),
- ((buf[0x0E] & 0xF0) << 12) + ((buf[0x0E] & 0x0F) << 8),
- devmem, flags);
+ /* Maximum length, may get trimmed */
+ len = WORD(buf + 0x06);
+ num = WORD(buf + 0x0C);
+ table = dmi_table_get(DWORD(buf + 0x08), &len, num, ver << 8,
+ devmem, flags);
+ if (table == NULL)
+ return 1;
if (opt.flags & FLAG_DUMP_BIN)
{
@@ -5477,11 +5508,18 @@ static int legacy_decode(u8 *buf, const char *devmem, u32 flags)
memcpy(crafted, buf, 16);
overwrite_dmi_address(crafted);
+ dmi_table_dump(table, len);
if (!(opt.flags & FLAG_QUIET))
pr_comment("Writing %d bytes to %s.", 0x0F,
opt.dumpfile);
write_dump(0, 0x0F, crafted, opt.dumpfile, 1);
}
+ else
+ {
+ dmi_table_decode(table, len, num, ver, flags);
+ }
+
+ free(table);
return 1;
}
--
2.41.0

197
meta/recipes-devtools/dmidecode/dmidecode/CVE-2023-30630_1b.patch Normal file
View File

@@ -0,0 +1,197 @@
From d362549bce92ac22860cda8cad4532c1a3fe6928 Mon Sep 17 00:00:00 2001
From: Jean Delvare <jdelvare@suse.de>
Date: Mon, 20 Feb 2023 14:53:25 +0100
Subject: [PATCH 2/5] dmidecode: Write the whole dump file at once
When option --dump-bin is used, write the whole dump file at once,
instead of opening and closing the file separately for the table
and then for the entry point.
As the file writing function is no longer generic, it gets moved
from util.c to dmidecode.c.
One minor functional change resulting from the new implementation is
that the entry point is written first now, so the messages printed
are swapped.
Signed-off-by: Jean Delvare <jdelvare@suse.de>
Reviewed-by: Jerry Hoemann <jerry.hoemann@hpe.com>
CVE: CVE-2023-30630
Upstream-Status: Backport [https://git.savannah.nongnu.org/cgit/dmidecode.git/commit/?id=d8cfbc808f387e87091c25e7d5b8c2bb348bb206]
Signed-off-by: Adrian Freihofer <adrian.freihofer@siemens.com>
---
dmidecode.c | 69 +++++++++++++++++++++++++++++++++++++++--------------
util.c | 40 -------------------------------
util.h | 1 -
3 files changed, 51 insertions(+), 59 deletions(-)
diff --git a/dmidecode.c b/dmidecode.c
index b082c03..a80a140 100644
--- a/dmidecode.c
+++ b/dmidecode.c
@@ -5130,11 +5130,56 @@ static void dmi_table_string(const struct dmi_header *h, const u8 *data, u16 ver
}
}
-static void dmi_table_dump(const u8 *buf, u32 len)
+static int dmi_table_dump(const u8 *ep, u32 ep_len, const u8 *table,
+ u32 table_len)
{
+ FILE *f;
+
+ f = fopen(opt.dumpfile, "wb");
+ if (!f)
+ {
+ fprintf(stderr, "%s: ", opt.dumpfile);
+ perror("fopen");
+ return -1;
+ }
+
+ if (!(opt.flags & FLAG_QUIET))
+ pr_comment("Writing %d bytes to %s.", ep_len, opt.dumpfile);
+ if (fwrite(ep, ep_len, 1, f) != 1)
+ {
+ fprintf(stderr, "%s: ", opt.dumpfile);
+ perror("fwrite");
+ goto err_close;
+ }
+
+ if (fseek(f, 32, SEEK_SET) != 0)
+ {
+ fprintf(stderr, "%s: ", opt.dumpfile);
+ perror("fseek");
+ goto err_close;
+ }
+
if (!(opt.flags & FLAG_QUIET))
- pr_comment("Writing %d bytes to %s.", len, opt.dumpfile);
- write_dump(32, len, buf, opt.dumpfile, 0);
+ pr_comment("Writing %d bytes to %s.", table_len, opt.dumpfile);
+ if (fwrite(table, table_len, 1, f) != 1)
+ {
+ fprintf(stderr, "%s: ", opt.dumpfile);
+ perror("fwrite");
+ goto err_close;
+ }
+
+ if (fclose(f))
+ {
+ fprintf(stderr, "%s: ", opt.dumpfile);
+ perror("fclose");
+ return -1;
+ }
+
+ return 0;
+
+err_close:
+ fclose(f);
+ return -1;
}
static void dmi_table_decode(u8 *buf, u32 len, u16 num, u16 ver, u32 flags)
@@ -5387,11 +5432,7 @@ static int smbios3_decode(u8 *buf, const char *devmem, u32 flags)
memcpy(crafted, buf, 32);
overwrite_smbios3_address(crafted);
- dmi_table_dump(table, len);
- if (!(opt.flags & FLAG_QUIET))
- pr_comment("Writing %d bytes to %s.", crafted[0x06],
- opt.dumpfile);
- write_dump(0, crafted[0x06], crafted, opt.dumpfile, 1);
+ dmi_table_dump(crafted, crafted[0x06], table, len);
}
else
{
@@ -5463,11 +5504,7 @@ static int smbios_decode(u8 *buf, const char *devmem, u32 flags)
memcpy(crafted, buf, 32);
overwrite_dmi_address(crafted + 0x10);
- dmi_table_dump(table, len);
- if (!(opt.flags & FLAG_QUIET))
- pr_comment("Writing %d bytes to %s.", crafted[0x05],
- opt.dumpfile);
- write_dump(0, crafted[0x05], crafted, opt.dumpfile, 1);
+ dmi_table_dump(crafted, crafted[0x05], table, len);
}
else
{
@@ -5508,11 +5545,7 @@ static int legacy_decode(u8 *buf, const char *devmem, u32 flags)
memcpy(crafted, buf, 16);
overwrite_dmi_address(crafted);
- dmi_table_dump(table, len);
- if (!(opt.flags & FLAG_QUIET))
- pr_comment("Writing %d bytes to %s.", 0x0F,
- opt.dumpfile);
- write_dump(0, 0x0F, crafted, opt.dumpfile, 1);
+ dmi_table_dump(crafted, 0x0F, table, len);
}
else
{
diff --git a/util.c b/util.c
index 04aaadd..1547096 100644
--- a/util.c
+++ b/util.c
@@ -259,46 +259,6 @@ out:
return p;
}
-int write_dump(size_t base, size_t len, const void *data, const char *dumpfile, int add)
-{
- FILE *f;
-
- f = fopen(dumpfile, add ? "r+b" : "wb");
- if (!f)
- {
- fprintf(stderr, "%s: ", dumpfile);
- perror("fopen");
- return -1;
- }
-
- if (fseek(f, base, SEEK_SET) != 0)
- {
- fprintf(stderr, "%s: ", dumpfile);
- perror("fseek");
- goto err_close;
- }
-
- if (fwrite(data, len, 1, f) != 1)
- {
- fprintf(stderr, "%s: ", dumpfile);
- perror("fwrite");
- goto err_close;
- }
-
- if (fclose(f))
- {
- fprintf(stderr, "%s: ", dumpfile);
- perror("fclose");
- return -1;
- }
-
- return 0;
-
-err_close:
- fclose(f);
- return -1;
-}
-
/* Returns end - start + 1, assuming start < end */
u64 u64_range(u64 start, u64 end)
{
diff --git a/util.h b/util.h
index 3094cf8..ef24eb9 100644
--- a/util.h
+++ b/util.h
@@ -27,5 +27,4 @@
int checksum(const u8 *buf, size_t len);
void *read_file(off_t base, size_t *len, const char *filename);
void *mem_chunk(off_t base, size_t len, const char *devmem);
-int write_dump(size_t base, size_t len, const void *data, const char *dumpfile, int add);
u64 u64_range(u64 start, u64 end);
--
2.41.0

8
meta/recipes-devtools/dmidecode/dmidecode/CVE-2023-30630_2.patch
View File

@@ -29,18 +29,18 @@ index 5477309..98f9692 100644
@@ -60,6 +60,7 @@
* https://www.dmtf.org/sites/default/files/DSP0270_1.0.1.pdf
*/
+#include <fcntl.h>
#include <stdio.h>
#include <string.h>
#include <strings.h>
@@ -5430,13 +5431,22 @@ static void dmi_table_string(const struct dmi_header *h, const u8 *data, u16 ver
static int dmi_table_dump(const u8 *ep, u32 ep_len, const u8 *table,
u32 table_len)
u32 table_len)
{
+ int fd;
FILE *f;
FILE *f;
- f = fopen(opt.dumpfile, "wb");
+ fd = open(opt.dumpfile, O_WRONLY|O_CREAT|O_EXCL, 0666);
+ if (fd == -1)

55
meta/recipes-devtools/dmidecode/dmidecode/CVE-2023-30630_3.patch
View File

@@ -27,26 +27,26 @@ Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
1 file changed, 9 insertions(+), 2 deletions(-)
diff --git a/dmidecode.c b/dmidecode.c
index 98f9692..b4dbc9d 100644
index d339577..1ecdf85 100644
--- a/dmidecode.c
+++ b/dmidecode.c
@@ -5997,17 +5997,25 @@ int main(int argc, char * const argv[])
pr_comment("dmidecode %s", VERSION);
/* Read from dump if so instructed */
@@ -6031,17 +6031,25 @@ int main(int argc, char * const argv[])
pr_comment("dmidecode %s", VERSION);
/* Read from dump if so instructed */
+ size = 0x20;
if (opt.flags & FLAG_FROM_DUMP)
{
if (!(opt.flags & FLAG_QUIET))
pr_info("Reading SMBIOS/DMI data from file %s.",
opt.dumpfile);
if (opt.flags & FLAG_FROM_DUMP)
{
if (!(opt.flags & FLAG_QUIET))
pr_info("Reading SMBIOS/DMI data from file %s.",
opt.dumpfile);
- if ((buf = mem_chunk(0, 0x20, opt.dumpfile)) == NULL)
+ if ((buf = read_file(0, &size, opt.dumpfile)) == NULL)
{
ret = 1;
goto exit_free;
}
{
ret = 1;
goto exit_free;
}
+ /* Truncated entry point can't be processed */
+ if (size < 0x20)
+ {
@@ -54,16 +54,17 @@ index 98f9692..b4dbc9d 100644
+ goto done;
+ }
+
if (memcmp(buf, "_SM3_", 5) == 0)
{
if (smbios3_decode(buf, opt.dumpfile, 0))
@@ -6031,7 +6039,6 @@ int main(int argc, char * const argv[])
* contain one of several types of entry points, so read enough for
* the largest one, then determine what type it contains.
*/
if (memcmp(buf, "_SM3_", 5) == 0)
{
if (smbios3_decode(buf, opt.dumpfile, 0))
@@ -6065,7 +6073,6 @@ int main(int argc, char * const argv[])
* contain one of several types of entry points, so read enough for
* the largest one, then determine what type it contains.
*/
- size = 0x20;
if (!(opt.flags & FLAG_NO_SYSFS)
&& (buf = read_file(0, &size, SYS_ENTRY_FILE)) != NULL)
{
--
2.40.0
if (!(opt.flags & FLAG_NO_SYSFS)
&& (buf = read_file(0, &size, SYS_ENTRY_FILE)) != NULL)
{
--
2.42.0

143
meta/recipes-devtools/dmidecode/dmidecode/CVE-2023-30630_4.patch
View File

@@ -33,105 +33,106 @@ Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
1 file changed, 12 insertions(+), 12 deletions(-)
diff --git a/dmidecode.c b/dmidecode.c
index b4dbc9d..870d94e 100644
index 1ecdf85..640c079 100644
--- a/dmidecode.c
+++ b/dmidecode.c
@@ -5736,14 +5736,14 @@ static void overwrite_smbios3_address(u8 *buf)
buf[0x17] = 0;
buf[0x17] = 0;
}
-static int smbios3_decode(u8 *buf, const char *devmem, u32 flags)
+static int smbios3_decode(u8 *buf, size_t buf_len, const char *devmem, u32 flags)
{
u32 ver, len;
u64 offset;
u8 *table;
/* Don't let checksum run beyond the buffer */
u32 ver, len;
u64 offset;
u8 *table;
/* Don't let checksum run beyond the buffer */
- if (buf[0x06] > 0x20)
+ if (buf[0x06] > buf_len)
{
fprintf(stderr,
"Entry point length too large (%u bytes, expected %u).\n",
@@ -5782,14 +5782,14 @@ static int smbios3_decode(u8 *buf, const char *devmem, u32 flags)
return 1;
{
fprintf(stderr,
"Entry point length too large (%u bytes, expected %u).\n",
@@ -5793,14 +5793,14 @@ static int smbios3_decode(u8 *buf, const char *devmem, u32 flags)
return 1;
}
-static int smbios_decode(u8 *buf, const char *devmem, u32 flags)
+static int smbios_decode(u8 *buf, size_t buf_len, const char *devmem, u32 flags)
{
u16 ver;
u32 len;
u8 *table;
/* Don't let checksum run beyond the buffer */
u16 ver, num;
u32 len;
u8 *table;
/* Don't let checksum run beyond the buffer */
- if (buf[0x05] > 0x20)
+ if (buf[0x05] > buf_len)
{
fprintf(stderr,
"Entry point length too large (%u bytes, expected %u).\n",
@@ -6018,12 +6018,12 @@ int main(int argc, char * const argv[])
if (memcmp(buf, "_SM3_", 5) == 0)
{
{
fprintf(stderr,
"Entry point length too large (%u bytes, expected %u).\n",
@@ -6052,12 +6052,12 @@ int main(int argc, char * const argv[])
if (memcmp(buf, "_SM3_", 5) == 0)
{
- if (smbios3_decode(buf, opt.dumpfile, 0))
+ if (smbios3_decode(buf, size, opt.dumpfile, 0))
found++;
}
else if (memcmp(buf, "_SM_", 4) == 0)
{
found++;
}
else if (memcmp(buf, "_SM_", 4) == 0)
{
- if (smbios_decode(buf, opt.dumpfile, 0))
+ if (smbios_decode(buf, size, opt.dumpfile, 0))
found++;
}
else if (memcmp(buf, "_DMI_", 5) == 0)
@@ -6046,12 +6046,12 @@ int main(int argc, char * const argv[])
pr_info("Getting SMBIOS data from sysfs.");
if (size >= 24 && memcmp(buf, "_SM3_", 5) == 0)
{
found++;
}
else if (memcmp(buf, "_DMI_", 5) == 0)
@@ -6080,12 +6080,12 @@ int main(int argc, char * const argv[])
pr_info("Getting SMBIOS data from sysfs.");
if (size >= 24 && memcmp(buf, "_SM3_", 5) == 0)
{
- if (smbios3_decode(buf, SYS_TABLE_FILE, FLAG_NO_FILE_OFFSET))
+ if (smbios3_decode(buf, size, SYS_TABLE_FILE, FLAG_NO_FILE_OFFSET))
found++;
}
else if (size >= 31 && memcmp(buf, "_SM_", 4) == 0)
{
found++;
}
else if (size >= 31 && memcmp(buf, "_SM_", 4) == 0)
{
- if (smbios_decode(buf, SYS_TABLE_FILE, FLAG_NO_FILE_OFFSET))
+ if (smbios_decode(buf, size, SYS_TABLE_FILE, FLAG_NO_FILE_OFFSET))
found++;
}
else if (size >= 15 && memcmp(buf, "_DMI_", 5) == 0)
@@ -6088,12 +6088,12 @@ int main(int argc, char * const argv[])
if (memcmp(buf, "_SM3_", 5) == 0)
{
found++;
}
else if (size >= 15 && memcmp(buf, "_DMI_", 5) == 0)
@@ -6122,12 +6122,12 @@ int main(int argc, char * const argv[])
if (memcmp(buf, "_SM3_", 5) == 0)
{
- if (smbios3_decode(buf, opt.devmem, 0))
+ if (smbios3_decode(buf, 0x20, opt.devmem, 0))
found++;
}
else if (memcmp(buf, "_SM_", 4) == 0)
{
found++;
}
else if (memcmp(buf, "_SM_", 4) == 0)
{
- if (smbios_decode(buf, opt.devmem, 0))
+ if (smbios_decode(buf, 0x20, opt.devmem, 0))
found++;
}
goto done;
@@ -6114,7 +6114,7 @@ memory_scan:
{
if (memcmp(buf + fp, "_SM3_", 5) == 0)
{
found++;
}
goto done;
@@ -6148,7 +6148,7 @@ int main(int argc, char * const argv[])
{
if (memcmp(buf + fp, "_SM3_", 5) == 0)
{
- if (smbios3_decode(buf + fp, opt.devmem, 0))
+ if (smbios3_decode(buf + fp, 0x20, opt.devmem, 0))
{
found++;
goto done;
@@ -6127,7 +6127,7 @@ memory_scan:
{
if (memcmp(buf + fp, "_SM_", 4) == 0 && fp <= 0xFFE0)
{
{
found++;
goto done;
@@ -6161,7 +6161,7 @@ int main(int argc, char * const argv[])
{
if (memcmp(buf + fp, "_SM_", 4) == 0 && fp <= 0xFFE0)
{
- if (smbios_decode(buf + fp, opt.devmem, 0))
+ if (smbios_decode(buf + fp, 0x20, opt.devmem, 0))
{
found++;
goto done;
--
2.35.5
{
found++;
goto done;
--
2.42.0

3
meta/recipes-devtools/dmidecode/dmidecode_3.4.bb
View File

@@ -6,7 +6,8 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=b234ee4d69f5fce4486a80fdaf4a4263"
SRC_URI = "${SAVANNAH_NONGNU_MIRROR}/dmidecode/${BP}.tar.xz \
file://0001-Committing-changes-from-do_unpack_extra.patch \
file://CVE-2023-30630_1.patch \
file://CVE-2023-30630_1a.patch \
file://CVE-2023-30630_1b.patch \
file://CVE-2023-30630_2.patch \
file://CVE-2023-30630_3.patch \
file://CVE-2023-30630_4.patch \