mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-02-21 08:59:41 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
e8aec82955d124f92cc1e0abc633ab41ac70a2ba
poky/meta/recipes-devtools/dmidecode/dmidecode/CVE-2023-30630_3.patch
Adrian Freihofer 3d4850b3ea dmidecode: fixup for CVE-2023-30630 
The previous CVE-2023-30630_1.patch picked only the patch
"dmidecode: Write the whole dump file at once" d8cfbc808f.
But there was a refactoring which does not allow to cherry-pick it fast
forward. Resolving this conflict was not correctly done. The patch was:

+    u32 len;
+    u8 *table;
...
-    if (!(opt.flags & FLAG_QUIET))
-        pr_comment("Writing %d bytes to %s.", crafted[0x05],
-                   opt.dumpfile);
-    write_dump(0, crafted[0x05], crafted, opt.dumpfile, 1);
+    dmi_table_dump(crafted, crafted[0x05], table, len);

It looks like the variables len and table have been added without
initialization.
Now this problem is solved by applying the previous refactoring as
well. Patch 1 gets replaced by Patch 1a and Patch 1b. Patch 2..4 are
rebased without changes.

(From OE-Core rev: ea069a94a213cc153528aebfc387f30215566cc7)

Signed-off-by: Adrian Freihofer <adrian.freihofer@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
2023-08-19 05:56:58 -10:00

72 lines
2.2 KiB
Diff
Raw Blame History

From ac881f801b92b57fd8daac65fb16fff6d84fd366 Mon Sep 17 00:00:00 2001
From: Jean Delvare <jdelvare@suse.de>
Date: Tue, 27 Jun 2023 10:25:50 +0000
Subject: [PATCH 4/5] Consistently use read_file() when reading from a dump
file
Use read_file() instead of mem_chunk() to read the entry point from a
dump file. This is faster, and consistent with how we then read the
actual DMI table from that dump file.
This made no functional difference so far, which is why it went
unnoticed for years. But now that a file type check was added to the
mem_chunk() function, we must stop using it to read from regular
files.
This will again allow root to use the --from-dump option.
Signed-off-by: Jean Delvare <jdelvare@suse.de>
Tested-by: Jerry Hoemann <jerry.hoemann@hpe.com>
CVE: CVE-2023-30630
Upstream-Status: Backport [https://git.savannah.nongnu.org/cgit/dmidecode.git/commit/?id=c76ddda0ba0aa99a55945e3290095c2ec493c892]
Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
---
dmidecode.c | 11 +++++++++--
1 file changed, 9 insertions(+), 2 deletions(-)
diff --git a/dmidecode.c b/dmidecode.c
index 32a77cc..9a691e0 100644
--- a/dmidecode.c
+++ b/dmidecode.c
@@ -5693,17 +5693,25 @@ int main(int argc, char * const argv[])
pr_comment("dmidecode %s", VERSION);
/* Read from dump if so instructed */
+ size = 0x20;
if (opt.flags & FLAG_FROM_DUMP)
{
if (!(opt.flags & FLAG_QUIET))
pr_info("Reading SMBIOS/DMI data from file %s.",
opt.dumpfile);
- if ((buf = mem_chunk(0, 0x20, opt.dumpfile)) == NULL)
+ if ((buf = read_file(0, &size, opt.dumpfile)) == NULL)
{
ret = 1;
goto exit_free;
}
+ /* Truncated entry point can't be processed */
+ if (size < 0x20)
+ {
+ ret = 1;
+ goto done;
+ }
+
if (memcmp(buf, "_SM3_", 5) == 0)
{
if (smbios3_decode(buf, opt.dumpfile, 0))
@@ -5727,7 +5735,6 @@ int main(int argc, char * const argv[])
* contain one of several types of entry points, so read enough for
* the largest one, then determine what type it contains.
*/
- size = 0x20;
if (!(opt.flags & FLAG_NO_SYSFS)
&& (buf = read_file(0, &size, SYS_ENTRY_FILE)) != NULL)
{
--
2.41.0
Reference in New Issue View Git Blame Copy Permalink