1 files changed, 62 insertions, 0 deletions
diff --git a/meta/recipes-devtools/dmidecode/dmidecode/CVE-2023-30630.patch b/meta/recipes-devtools/dmidecode/dmidecode/CVE-2023-30630.patch
new file mode 100644
index 0000000000..bf4d060c8c
--- /dev/null
+++ b/meta/recipes-devtools/dmidecode/dmidecode/CVE-2023-30630.patch
@@ -0,0 +1,62 @@
+From b7dacccff32294ea522df32a9391d0218e7600ea Mon Sep 17 00:00:00 2001
+From: Jean Delvare <jdelvare@suse.de>
+Date: Mon, 20 Feb 2023 14:53:31 +0100
+Subject: [PATCH] dmidecode: Do not let --dump-bin overwrite an existing file
+Make sure that the file passed to option --dump-bin does not already
+exist. In practice, it is rather unlikely that an honest user would
+want to overwrite an existing dump file, while this possibility
+could be used by a rogue user to corrupt a system file.
+CVE: CVE-2023-30630
+Upstream-Status: Backport [https://git.savannah.nongnu.org/cgit/dmidecode.git/commit/?id=6ca381c1247c]
+Backport Changes:
+- Ignored changes in man/dmidecode.8 file.
+Signed-off-by: Jean Delvare <jdelvare@suse.de>
+Reviewed-by: Jerry Hoemann <jerry.hoemann@hpe.com>
+(cherry picked from commit 6ca381c1247c81f74e1ca4e7706f70bdda72e6f2)
+Signed-off-by: Dhairya Nagodra <dnagodra@cisco.com>
+---
+ dmidecode.c | 14 ++++++++++++--
+ 1 file changed, 12 insertions(+), 2 deletions(-)
+diff --git a/dmidecode.c b/dmidecode.c
+index b91e53b..846d9a1 100644
+--- a/dmidecode.c
+++ b/dmidecode.c
+@@ -60,6 +60,7 @@
+  *    https://www.dmtf.org/sites/default/files/DSP0270_1.0.1.pdf
+  */
+ 
+#include <fcntl.h>
+ #include <stdio.h>
+ #include <string.h>
+ #include <strings.h>
+@@ -5097,13 +5098,22 @@ static void dmi_table_string(const struct dmi_header *h, const u8 *data, u16 ver
+ static int dmi_table_dump(const u8 *ep, u32 ep_len, const u8 *table,
+                          u32 table_len)
+ {
+       int fd;
+        FILE *f;
+ 
+-       f = fopen(opt.dumpfile, "wb");
+       fd = open(opt.dumpfile, O_WRONLY|O_CREAT|O_EXCL, 0666);
+       if (fd == -1)
+       {
+               fprintf(stderr, "%s: ", opt.dumpfile);
+               perror("open");
+               return -1;
+       }
+
+       f = fdopen(fd, "wb");
+        if (!f)
+        {
+                fprintf(stderr, "%s: ", opt.dumpfile);
+-               perror("fopen");
+               perror("fdopen");
+                return -1;
+        }
+

diff --git a/meta/recipes-devtools/dmidecode/dmidecode/CVE-2023-30630.patch b/meta/recipes-devtools/dmidecode/dmidecode/CVE-2023-30630.patch new file mode 100644 index 0000000000..bf4d060c8c --- /dev/null +++ b/meta/recipes-devtools/dmidecode/dmidecode/CVE-2023-30630.patch
@@ -0,0 +1,62 @@
	1	From b7dacccff32294ea522df32a9391d0218e7600ea Mon Sep 17 00:00:00 2001
	2	From: Jean Delvare <jdelvare@suse.de>
	3	Date: Mon, 20 Feb 2023 14:53:31 +0100
	4	Subject: [PATCH] dmidecode: Do not let --dump-bin overwrite an existing file
	5
	6	Make sure that the file passed to option --dump-bin does not already
	7	exist. In practice, it is rather unlikely that an honest user would
	8	want to overwrite an existing dump file, while this possibility
	9	could be used by a rogue user to corrupt a system file.
	10
	11	CVE: CVE-2023-30630
	12	Upstream-Status: Backport [https://git.savannah.nongnu.org/cgit/dmidecode.git/commit/?id=6ca381c1247c]
	13
	14	Backport Changes:
	15	- Ignored changes in man/dmidecode.8 file.
	16
	17	Signed-off-by: Jean Delvare <jdelvare@suse.de>
	18	Reviewed-by: Jerry Hoemann <jerry.hoemann@hpe.com>
	19	(cherry picked from commit 6ca381c1247c81f74e1ca4e7706f70bdda72e6f2)
	20	Signed-off-by: Dhairya Nagodra <dnagodra@cisco.com>
	21
	22	---
	23	dmidecode.c \| 14 ++++++++++++--
	24	1 file changed, 12 insertions(+), 2 deletions(-)
	25
	26	diff --git a/dmidecode.c b/dmidecode.c
	27	index b91e53b..846d9a1 100644
	28	--- a/dmidecode.c
	29	+++ b/dmidecode.c
	30	@@ -60,6 +60,7 @@
	31	* https://www.dmtf.org/sites/default/files/DSP0270_1.0.1.pdf
	32	*/
	33
	34	+#include <fcntl.h>
	35	#include <stdio.h>
	36	#include <string.h>
	37	#include <strings.h>
	38	@@ -5097,13 +5098,22 @@ static void dmi_table_string(const struct dmi_header h, const u8 data, u16 ver
	39	static int dmi_table_dump(const u8 ep, u32 ep_len, const u8 table,
	40	u32 table_len)
	41	{
	42	+ int fd;
	43	FILE *f;
	44
	45	- f = fopen(opt.dumpfile, "wb");
	46	+ fd = open(opt.dumpfile, O_WRONLY\|O_CREAT\|O_EXCL, 0666);
	47	+ if (fd == -1)
	48	+ {
	49	+ fprintf(stderr, "%s: ", opt.dumpfile);
	50	+ perror("open");
	51	+ return -1;
	52	+ }
	53	+
	54	+ f = fdopen(fd, "wb");
	55	if (!f)
	56	{
	57	fprintf(stderr, "%s: ", opt.dumpfile);
	58	- perror("fopen");
	59	+ perror("fdopen");
	60	return -1;
	61	}
	62