mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-03-12 10:19:44 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
31176477ce76428a45dd3e0d31546c09cd389e5e
poky/meta/recipes-devtools/dmidecode/dmidecode/CVE-2023-30630_3.patch
Yogita Urade 4c0213759a dmidecode: fix CVE-2023-30630 
Dmidecode before 3.5 allows -dump-bin to overwrite a local file.
This has security relevance because, for example, execution of
Dmidecode via Sudo is plausible.

References:
https://nvd.nist.gov/vuln/detail/CVE-2023-30630
https://lists.nongnu.org/archive/html/dmidecode-devel/2023-04/msg00016.html
https://lists.nongnu.org/archive/html/dmidecode-devel/2023-04/msg00017.html

(From OE-Core rev: f92e59a0894145a828dc9ac74bf8c7a9355e0587)

Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
2023-07-20 12:10:40 -10:00

70 lines
2.2 KiB
Diff
Raw Blame History

From c76ddda0ba0aa99a55945e3290095c2ec493c892 Mon Sep 17 00:00:00 2001
From: Jean Delvare <jdelvare@suse.de>
Date: Tue, 27 Jun 2023 10:25:50 +0000
Subject: [PATCH] Consistently use read_file() when reading from a dump file
Use read_file() instead of mem_chunk() to read the entry point from a
dump file. This is faster, and consistent with how we then read the
actual DMI table from that dump file.
This made no functional difference so far, which is why it went
unnoticed for years. But now that a file type check was added to the
mem_chunk() function, we must stop using it to read from regular
files.
This will again allow root to use the --from-dump option.
Signed-off-by: Jean Delvare <jdelvare@suse.de>
Tested-by: Jerry Hoemann <jerry.hoemann@hpe.com>
CVE: CVE-2023-30630
Upstream-Status: Backport [https://git.savannah.nongnu.org/cgit/dmidecode.git/commit/?id=c76ddda0ba0aa99a55945e3290095c2ec493c892]
Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
---
dmidecode.c | 11 +++++++++--
1 file changed, 9 insertions(+), 2 deletions(-)
diff --git a/dmidecode.c b/dmidecode.c
index 98f9692..b4dbc9d 100644
--- a/dmidecode.c
+++ b/dmidecode.c
@@ -5997,17 +5997,25 @@ int main(int argc, char * const argv[])
pr_comment("dmidecode %s", VERSION);
/* Read from dump if so instructed */
+ size = 0x20;
if (opt.flags & FLAG_FROM_DUMP)
{
if (!(opt.flags & FLAG_QUIET))
pr_info("Reading SMBIOS/DMI data from file %s.",
opt.dumpfile);
- if ((buf = mem_chunk(0, 0x20, opt.dumpfile)) == NULL)
+ if ((buf = read_file(0, &size, opt.dumpfile)) == NULL)
{
ret = 1;
goto exit_free;
}
+ /* Truncated entry point can't be processed */
+ if (size < 0x20)
+ {
+ ret = 1;
+ goto done;
+ }
+
if (memcmp(buf, "_SM3_", 5) == 0)
{
if (smbios3_decode(buf, opt.dumpfile, 0))
@@ -6031,7 +6039,6 @@ int main(int argc, char * const argv[])
* contain one of several types of entry points, so read enough for
* the largest one, then determine what type it contains.
*/
- size = 0x20;
if (!(opt.flags & FLAG_NO_SYSFS)
&& (buf = read_file(0, &size, SYS_ENTRY_FILE)) != NULL)
{
--
2.40.0
Reference in New Issue View Git Blame Copy Permalink