1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
|
From ac881f801b92b57fd8daac65fb16fff6d84fd366 Mon Sep 17 00:00:00 2001
From: Jean Delvare <jdelvare@suse.de>
Date: Tue, 27 Jun 2023 10:25:50 +0000
Subject: [PATCH 4/5] Consistently use read_file() when reading from a dump
file
Use read_file() instead of mem_chunk() to read the entry point from a
dump file. This is faster, and consistent with how we then read the
actual DMI table from that dump file.
This made no functional difference so far, which is why it went
unnoticed for years. But now that a file type check was added to the
mem_chunk() function, we must stop using it to read from regular
files.
This will again allow root to use the --from-dump option.
Signed-off-by: Jean Delvare <jdelvare@suse.de>
Tested-by: Jerry Hoemann <jerry.hoemann@hpe.com>
CVE: CVE-2023-30630
Upstream-Status: Backport [https://git.savannah.nongnu.org/cgit/dmidecode.git/commit/?id=c76ddda0ba0aa99a55945e3290095c2ec493c892]
Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
---
dmidecode.c | 11 +++++++++--
1 file changed, 9 insertions(+), 2 deletions(-)
diff --git a/dmidecode.c b/dmidecode.c
index 32a77cc..9a691e0 100644
--- a/dmidecode.c
+++ b/dmidecode.c
@@ -5693,17 +5693,25 @@ int main(int argc, char * const argv[])
pr_comment("dmidecode %s", VERSION);
/* Read from dump if so instructed */
+ size = 0x20;
if (opt.flags & FLAG_FROM_DUMP)
{
if (!(opt.flags & FLAG_QUIET))
pr_info("Reading SMBIOS/DMI data from file %s.",
opt.dumpfile);
- if ((buf = mem_chunk(0, 0x20, opt.dumpfile)) == NULL)
+ if ((buf = read_file(0, &size, opt.dumpfile)) == NULL)
{
ret = 1;
goto exit_free;
}
+ /* Truncated entry point can't be processed */
+ if (size < 0x20)
+ {
+ ret = 1;
+ goto done;
+ }
+
if (memcmp(buf, "_SM3_", 5) == 0)
{
if (smbios3_decode(buf, opt.dumpfile, 0))
@@ -5727,7 +5735,6 @@ int main(int argc, char * const argv[])
* contain one of several types of entry points, so read enough for
* the largest one, then determine what type it contains.
*/
- size = 0x20;
if (!(opt.flags & FLAG_NO_SYSFS)
&& (buf = read_file(0, &size, SYS_ENTRY_FILE)) != NULL)
{
--
2.41.0
|
