mirror of
https://git.yoctoproject.org/poky
synced 2026-02-13 12:13:02 +01:00
3d4850b3ea
The previous CVE-2023-30630_1.patch picked only the patch
"dmidecode: Write the whole dump file at once" d8cfbc808f.
But there was a refactoring which does not allow to cherry-pick it fast
forward. Resolving this conflict was not correctly done. The patch was:
+ u32 len;
+ u8 *table;
...
- if (!(opt.flags & FLAG_QUIET))
- pr_comment("Writing %d bytes to %s.", crafted[0x05],
- opt.dumpfile);
- write_dump(0, crafted[0x05], crafted, opt.dumpfile, 1);
+ dmi_table_dump(crafted, crafted[0x05], table, len);
It looks like the variables len and table have been added without
initialization.
Now this problem is solved by applying the previous refactoring as
well. Patch 1 gets replaced by Patch 1a and Patch 1b. Patch 2..4 are
rebased without changes.
(From OE-Core rev: ea069a94a213cc153528aebfc387f30215566cc7)
Signed-off-by: Adrian Freihofer <adrian.freihofer@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
84 lines
2.3 KiB
Diff
84 lines
2.3 KiB
Diff
From 2d26f187c734635d072d24ea401255b84f03f4c4 Mon Sep 17 00:00:00 2001
|
|
From: Jean Delvare <jdelvare@suse.de>
|
|
Date: Tue, 27 Jun 2023 10:03:53 +0000
|
|
Subject: [PATCH 3/5] dmidecode: Do not let --dump-bin overwrite an existing
|
|
file
|
|
|
|
Make sure that the file passed to option --dump-bin does not already
|
|
exist. In practice, it is rather unlikely that an honest user would
|
|
want to overwrite an existing dump file, while this possibility
|
|
could be used by a rogue user to corrupt a system file.
|
|
|
|
Signed-off-by: Jean Delvare <jdelvare@suse.de>
|
|
Reviewed-by: Jerry Hoemann <jerry.hoemann@hpe.com>
|
|
|
|
CVE: CVE-2023-30630
|
|
|
|
Upstream-Status: Backport
|
|
[https://github.com/mirror/dmidecode/commit/6ca381c1247c81f74e1ca4e7706f70bdda72e6f2]
|
|
|
|
Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
|
|
---
|
|
dmidecode.c | 14 ++++++++++++--
|
|
man/dmidecode.8 | 3 ++-
|
|
2 files changed, 14 insertions(+), 3 deletions(-)
|
|
|
|
diff --git a/dmidecode.c b/dmidecode.c
|
|
index a80a140..32a77cc 100644
|
|
--- a/dmidecode.c
|
|
+++ b/dmidecode.c
|
|
@@ -60,6 +60,7 @@
|
|
* https://www.dmtf.org/sites/default/files/DSP0270_1.0.1.pdf
|
|
*/
|
|
|
|
+#include <fcntl.h>
|
|
#include <stdio.h>
|
|
#include <string.h>
|
|
#include <strings.h>
|
|
@@ -5133,13 +5134,22 @@ static void dmi_table_string(const struct dmi_header *h, const u8 *data, u16 ver
|
|
static int dmi_table_dump(const u8 *ep, u32 ep_len, const u8 *table,
|
|
u32 table_len)
|
|
{
|
|
+ int fd;
|
|
FILE *f;
|
|
|
|
- f = fopen(opt.dumpfile, "wb");
|
|
+ fd = open(opt.dumpfile, O_WRONLY|O_CREAT|O_EXCL, 0666);
|
|
+ if (fd == -1)
|
|
+ {
|
|
+ fprintf(stderr, "%s: ", opt.dumpfile);
|
|
+ perror("open");
|
|
+ return -1;
|
|
+ }
|
|
+
|
|
+ f = fdopen(fd, "wb");
|
|
if (!f)
|
|
{
|
|
fprintf(stderr, "%s: ", opt.dumpfile);
|
|
- perror("fopen");
|
|
+ perror("fdopen");
|
|
return -1;
|
|
}
|
|
|
|
diff --git a/man/dmidecode.8 b/man/dmidecode.8
|
|
index 64dc7e7..d5b7f01 100644
|
|
--- a/man/dmidecode.8
|
|
+++ b/man/dmidecode.8
|
|
@@ -1,4 +1,4 @@
|
|
-.TH DMIDECODE 8 "January 2019" "dmidecode"
|
|
+.TH DMIDECODE 8 "February 2023" "dmidecode"
|
|
.\"
|
|
.SH NAME
|
|
dmidecode \- \s-1DMI\s0 table decoder
|
|
@@ -132,6 +132,7 @@ hexadecimal and \s-1ASCII\s0. This option is mainly useful for debugging.
|
|
Do not decode the entries, instead dump the DMI data to a file in binary
|
|
form. The generated file is suitable to pass to \fB--from-dump\fR
|
|
later.
|
|
+\fIFILE\fP must not exist.
|
|
.TP
|
|
.BR " " " " "--from-dump FILE"
|
|
Read the DMI data from a binary file previously generated using
|
|
--
|
|
2.41.0
|
|
|