mirror of
https://git.yoctoproject.org/poky
synced 2026-02-21 00:49:41 +01:00
Dmidecode before 3.5 allows -dump-bin to overwrite a local file. This has security relevance because, for example, execution of Dmidecode via Sudo is plausible. References: https://nvd.nist.gov/vuln/detail/CVE-2023-30630 https://lists.nongnu.org/archive/html/dmidecode-devel/2023-04/msg00016.html https://lists.nongnu.org/archive/html/dmidecode-devel/2023-04/msg00017.html Backport: fixes fuzz in the CVE-2023-30630_2.patch in kirkstone (From OE-Core rev: 4f83427a0a01e8285c9eb42d2a635d1ff7b23779) Signed-off-by: Yogita Urade <yogita.urade@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> (cherry picked from commit f92e59a0894145a828dc9ac74bf8c7a9355e0587) Signed-off-by: Dhairya Nagodra <dnagodra@cisco.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
81 lines
2.3 KiB
Diff
81 lines
2.3 KiB
Diff
From 47101389dd52b50123a3ec59fed4d2021752e489 Mon Sep 17 00:00:00 2001
|
|
From: Jean Delvare <jdelvare@suse.de>
|
|
Date: Tue, 27 Jun 2023 10:03:53 +0000
|
|
Subject: [PATCH] dmidecode: Do not let --dump-bin overwrite an existing file
|
|
|
|
Make sure that the file passed to option --dump-bin does not already
|
|
exist. In practice, it is rather unlikely that an honest user would
|
|
want to overwrite an existing dump file, while this possibility
|
|
could be used by a rogue user to corrupt a system file.
|
|
|
|
Signed-off-by: Jean Delvare <jdelvare@suse.de>
|
|
Reviewed-by: Jerry Hoemann <jerry.hoemann@hpe.com>
|
|
|
|
CVE: CVE-2023-30630
|
|
|
|
Upstream-Status: Backport
|
|
[https://github.com/mirror/dmidecode/commit/6ca381c1247c81f74e1ca4e7706f70bdda72e6f2]
|
|
|
|
Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
|
|
|
|
---
|
|
dmidecode.c | 14 ++++++++++++--
|
|
man/dmidecode.8 | 3 ++-
|
|
2 files changed, 14 insertions(+), 3 deletions(-)
|
|
|
|
diff --git a/dmidecode.c b/dmidecode.c
|
|
index ae461de..6446040 100644
|
|
--- a/dmidecode.c
|
|
+++ b/dmidecode.c
|
|
@@ -60,6 +60,7 @@
|
|
* https://www.dmtf.org/sites/default/files/DSP0270_1.0.1.pdf
|
|
*/
|
|
|
|
+#include <fcntl.h>
|
|
#include <stdio.h>
|
|
#include <string.h>
|
|
#include <strings.h>
|
|
@@ -5133,13 +5134,22 @@ static void dmi_table_string(const struct dmi_header *h, const u8 *data, u16 ver
|
|
static int dmi_table_dump(const u8 *ep, u32 ep_len, const u8 *table,
|
|
u32 table_len)
|
|
{
|
|
+ int fd;
|
|
FILE *f;
|
|
|
|
- f = fopen(opt.dumpfile, "wb");
|
|
+ fd = open(opt.dumpfile, O_WRONLY|O_CREAT|O_EXCL, 0666);
|
|
+ if (fd == -1)
|
|
+ {
|
|
+ fprintf(stderr, "%s: ", opt.dumpfile);
|
|
+ perror("open");
|
|
+ return -1;
|
|
+ }
|
|
+
|
|
+ f = fdopen(fd, "wb");
|
|
if (!f)
|
|
{
|
|
fprintf(stderr, "%s: ", opt.dumpfile);
|
|
- perror("fopen");
|
|
+ perror("fdopen");
|
|
return -1;
|
|
}
|
|
|
|
diff --git a/man/dmidecode.8 b/man/dmidecode.8
|
|
index 64dc7e7..d5b7f01 100644
|
|
--- a/man/dmidecode.8
|
|
+++ b/man/dmidecode.8
|
|
@@ -1,4 +1,4 @@
|
|
-.TH DMIDECODE 8 "January 2019" "dmidecode"
|
|
+.TH DMIDECODE 8 "February 2023" "dmidecode"
|
|
.\"
|
|
.SH NAME
|
|
dmidecode \- \s-1DMI\s0 table decoder
|
|
@@ -132,6 +132,7 @@ hexadecimal and \s-1ASCII\s0. This option is mainly useful for debugging.
|
|
Do not decode the entries, instead dump the DMI data to a file in binary
|
|
form. The generated file is suitable to pass to \fB--from-dump\fR
|
|
later.
|
|
+\fIFILE\fP must not exist.
|
|
.TP
|
|
.BR " " " " "--from-dump FILE"
|
|
Read the DMI data from a binary file previously generated using
|