diff options
author | Sean Nyekjaer <sean@geanix.com> | 2023-10-16 14:21:58 +0200 |
---|---|---|
committer | Steve Sakoman <steve@sakoman.com> | 2023-10-25 04:51:00 -1000 |
commit | d4bc6a9374cedfe6e1e1ed0aa14985548d524819 (patch) | |
tree | 69782127fd3e16dd80931d45e81112bde9b453bf /meta/recipes-devtools/dmidecode/dmidecode/CVE-2023-30630_2.patch | |
parent | 9954a4df00884fcd76e60bb0a809670625c92454 (diff) | |
download | poky-d4bc6a9374cedfe6e1e1ed0aa14985548d524819.tar.gz |
dmidecode: fixup for CVE-2023-30630
The previous CVE-2023-30630_1.patch picked only the patch
"dmidecode: Write the whole dump file at once" d8cfbc808f.
But there was a refactoring which does not allow to cherry-pick it fast
forward. Resolving this conflict was not correctly done. The patch was:
+ u32 len;
+ u8 *table;
...
- if (!(opt.flags & FLAG_QUIET))
- pr_comment("Writing %d bytes to %s.", crafted[0x05],
- opt.dumpfile);
- write_dump(0, crafted[0x05], crafted, opt.dumpfile, 1);
+ dmi_table_dump(crafted, crafted[0x05], table, len);
It looks like the variables len and table have been added without
initialization.
Now this problem is solved by applying the previous refactoring as
well. Patch 1 gets replaced by Patch 1a and Patch 1b. Patch 2..4 are
rebased without changes.
This is basically the same patch as in kirkstone:
ea069a94a2 dmidecode: fixup for CVE-2023-30630
(From OE-Core rev: 0bc69dc078c39381a39789d3c5fff673d7da994c)
Signed-off-by: Sean Nyekjaer <sean@geanix.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Diffstat (limited to 'meta/recipes-devtools/dmidecode/dmidecode/CVE-2023-30630_2.patch')
-rw-r--r-- | meta/recipes-devtools/dmidecode/dmidecode/CVE-2023-30630_2.patch | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/meta/recipes-devtools/dmidecode/dmidecode/CVE-2023-30630_2.patch b/meta/recipes-devtools/dmidecode/dmidecode/CVE-2023-30630_2.patch index dcc87d2326..971c8c0126 100644 --- a/meta/recipes-devtools/dmidecode/dmidecode/CVE-2023-30630_2.patch +++ b/meta/recipes-devtools/dmidecode/dmidecode/CVE-2023-30630_2.patch | |||
@@ -29,18 +29,18 @@ index 5477309..98f9692 100644 | |||
29 | @@ -60,6 +60,7 @@ | 29 | @@ -60,6 +60,7 @@ |
30 | * https://www.dmtf.org/sites/default/files/DSP0270_1.0.1.pdf | 30 | * https://www.dmtf.org/sites/default/files/DSP0270_1.0.1.pdf |
31 | */ | 31 | */ |
32 | 32 | ||
33 | +#include <fcntl.h> | 33 | +#include <fcntl.h> |
34 | #include <stdio.h> | 34 | #include <stdio.h> |
35 | #include <string.h> | 35 | #include <string.h> |
36 | #include <strings.h> | 36 | #include <strings.h> |
37 | @@ -5430,13 +5431,22 @@ static void dmi_table_string(const struct dmi_header *h, const u8 *data, u16 ver | 37 | @@ -5430,13 +5431,22 @@ static void dmi_table_string(const struct dmi_header *h, const u8 *data, u16 ver |
38 | static int dmi_table_dump(const u8 *ep, u32 ep_len, const u8 *table, | 38 | static int dmi_table_dump(const u8 *ep, u32 ep_len, const u8 *table, |
39 | u32 table_len) | 39 | u32 table_len) |
40 | { | 40 | { |
41 | + int fd; | 41 | + int fd; |
42 | FILE *f; | 42 | FILE *f; |
43 | 43 | ||
44 | - f = fopen(opt.dumpfile, "wb"); | 44 | - f = fopen(opt.dumpfile, "wb"); |
45 | + fd = open(opt.dumpfile, O_WRONLY|O_CREAT|O_EXCL, 0666); | 45 | + fd = open(opt.dumpfile, O_WRONLY|O_CREAT|O_EXCL, 0666); |
46 | + if (fd == -1) | 46 | + if (fd == -1) |