mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-02-21 17:09:42 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
dbe19706ec01c1eaa1d377a792e7d825054050b0
poky/meta/recipes-devtools/dmidecode/dmidecode/CVE-2023-30630-dependent_p2.patch
Dhairya Nagodra 3c6a02f04a dmidecode 3.2: Fix CVE-2023-30630 
Upstream Repository: https://git.savannah.gnu.org/git/dmidecode.git

Bug Details: https://nvd.nist.gov/vuln/detail/CVE-2023-30630
Type: Security Fix
CVE: CVE-2023-30630
Score: 7.8
Patch: https://git.savannah.nongnu.org/cgit/dmidecode.git/commit/?id=6ca381c1247c

(From OE-Core rev: f3def5af120355a2454c088724e147bbce785d1b)

Signed-off-by: Dhairya Nagodra <dnagodra@cisco.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
2023-08-16 03:55:12 -10:00

199 lines
5.1 KiB
Diff
Raw Blame History

From 58e8a07b1aef0e53af1642b30248255e53e42790 Mon Sep 17 00:00:00 2001
From: Jean Delvare <jdelvare@suse.de>
Date: Mon, 20 Feb 2023 14:53:25 +0100
Subject: [PATCH] dmidecode: Write the whole dump file at once
When option --dump-bin is used, write the whole dump file at once,
instead of opening and closing the file separately for the table
and then for the entry point.
As the file writing function is no longer generic, it gets moved
from util.c to dmidecode.c.
One minor functional change resulting from the new implementation is
that the entry point is written first now, so the messages printed
are swapped.
CVE: CVE-2023-30630
Upstream-Status: Backport [https://git.savannah.nongnu.org/cgit/dmidecode.git/commit/?id=d8cfbc808f38]
Backport Changes:
- In the file dmidecode.c, the commit [2241f1d] in v3.3 introduces
pr_info(). This is backported to printf() as per v3.2.
Signed-off-by: Jean Delvare <jdelvare@suse.de>
Reviewed-by: Jerry Hoemann <jerry.hoemann@hpe.com>
(cherry picked from commit d8cfbc808f387e87091c25e7d5b8c2bb348bb206)
Signed-off-by: Dhairya Nagodra <dnagodra@cisco.com>
---
dmidecode.c | 69 +++++++++++++++++++++++++++++++++++++++--------------
util.c | 40 -------------------------------
util.h | 1 -
3 files changed, 51 insertions(+), 59 deletions(-)
diff --git a/dmidecode.c b/dmidecode.c
index d6eedd1..b91e53b 100644
--- a/dmidecode.c
+++ b/dmidecode.c
@@ -5094,11 +5094,56 @@ static void dmi_table_string(const struct dmi_header *h, const u8 *data, u16 ver
}
}
-static void dmi_table_dump(const u8 *buf, u32 len)
+static int dmi_table_dump(const u8 *ep, u32 ep_len, const u8 *table,
+ u32 table_len)
{
+ FILE *f;
+
+ f = fopen(opt.dumpfile, "wb");
+ if (!f)
+ {
+ fprintf(stderr, "%s: ", opt.dumpfile);
+ perror("fopen");
+ return -1;
+ }
+
+ if (!(opt.flags & FLAG_QUIET))
+ printf("# Writing %d bytes to %s.\n", ep_len, opt.dumpfile);
+ if (fwrite(ep, ep_len, 1, f) != 1)
+ {
+ fprintf(stderr, "%s: ", opt.dumpfile);
+ perror("fwrite");
+ goto err_close;
+ }
+
+ if (fseek(f, 32, SEEK_SET) != 0)
+ {
+ fprintf(stderr, "%s: ", opt.dumpfile);
+ perror("fseek");
+ goto err_close;
+ }
+
if (!(opt.flags & FLAG_QUIET))
- printf("# Writing %d bytes to %s.\n", len, opt.dumpfile);
- write_dump(32, len, buf, opt.dumpfile, 0);
+ printf("# Writing %d bytes to %s.\n", table_len, opt.dumpfile);
+ if (fwrite(table, table_len, 1, f) != 1)
+ {
+ fprintf(stderr, "%s: ", opt.dumpfile);
+ perror("fwrite");
+ goto err_close;
+ }
+
+ if (fclose(f))
+ {
+ fprintf(stderr, "%s: ", opt.dumpfile);
+ perror("fclose");
+ return -1;
+ }
+
+ return 0;
+
+err_close:
+ fclose(f);
+ return -1;
}
static void dmi_table_decode(u8 *buf, u32 len, u16 num, u16 ver, u32 flags)
@@ -5351,11 +5396,7 @@ static int smbios3_decode(u8 *buf, const char *devmem, u32 flags)
memcpy(crafted, buf, 32);
overwrite_smbios3_address(crafted);
- dmi_table_dump(table, len);
- if (!(opt.flags & FLAG_QUIET))
- printf("# Writing %d bytes to %s.\n", crafted[0x06],
- opt.dumpfile);
- write_dump(0, crafted[0x06], crafted, opt.dumpfile, 1);
+ dmi_table_dump(crafted, crafted[0x06], table, len);
}
else
{
@@ -5427,11 +5468,7 @@ static int smbios_decode(u8 *buf, const char *devmem, u32 flags)
memcpy(crafted, buf, 32);
overwrite_dmi_address(crafted + 0x10);
- dmi_table_dump(table, len);
- if (!(opt.flags & FLAG_QUIET))
- printf("# Writing %d bytes to %s.\n", crafted[0x05],
- opt.dumpfile);
- write_dump(0, crafted[0x05], crafted, opt.dumpfile, 1);
+ dmi_table_dump(crafted, crafted[0x05], table, len);
}
else
{
@@ -5472,11 +5509,7 @@ static int legacy_decode(u8 *buf, const char *devmem, u32 flags)
memcpy(crafted, buf, 16);
overwrite_dmi_address(crafted);
- dmi_table_dump(table, len);
- if (!(opt.flags & FLAG_QUIET))
- printf("# Writing %d bytes to %s.\n", 0x0F,
- opt.dumpfile);
- write_dump(0, 0x0F, crafted, opt.dumpfile, 1);
+ dmi_table_dump(crafted, 0x0F, table, len);
}
else
{
diff --git a/util.c b/util.c
index eeffdae..2e1931c 100644
--- a/util.c
+++ b/util.c
@@ -247,46 +247,6 @@ out:
return p;
}
-int write_dump(size_t base, size_t len, const void *data, const char *dumpfile, int add)
-{
- FILE *f;
-
- f = fopen(dumpfile, add ? "r+b" : "wb");
- if (!f)
- {
- fprintf(stderr, "%s: ", dumpfile);
- perror("fopen");
- return -1;
- }
-
- if (fseek(f, base, SEEK_SET) != 0)
- {
- fprintf(stderr, "%s: ", dumpfile);
- perror("fseek");
- goto err_close;
- }
-
- if (fwrite(data, len, 1, f) != 1)
- {
- fprintf(stderr, "%s: ", dumpfile);
- perror("fwrite");
- goto err_close;
- }
-
- if (fclose(f))
- {
- fprintf(stderr, "%s: ", dumpfile);
- perror("fclose");
- return -1;
- }
-
- return 0;
-
-err_close:
- fclose(f);
- return -1;
-}
-
/* Returns end - start + 1, assuming start < end */
u64 u64_range(u64 start, u64 end)
{
diff --git a/util.h b/util.h
index 3094cf8..ef24eb9 100644
--- a/util.h
+++ b/util.h
@@ -27,5 +27,4 @@
int checksum(const u8 *buf, size_t len);
void *read_file(off_t base, size_t *len, const char *filename);
void *mem_chunk(off_t base, size_t len, const char *devmem);
-int write_dump(size_t base, size_t len, const void *data, const char *dumpfile, int add);
u64 u64_range(u64 start, u64 end);
Reference in New Issue View Git Blame Copy Permalink