diff options
Diffstat (limited to 'meta/recipes-devtools/dmidecode/dmidecode/CVE-2023-30630.patch')
-rw-r--r-- | meta/recipes-devtools/dmidecode/dmidecode/CVE-2023-30630.patch | 62 |
1 files changed, 62 insertions, 0 deletions
diff --git a/meta/recipes-devtools/dmidecode/dmidecode/CVE-2023-30630.patch b/meta/recipes-devtools/dmidecode/dmidecode/CVE-2023-30630.patch new file mode 100644 index 0000000000..bf4d060c8c --- /dev/null +++ b/meta/recipes-devtools/dmidecode/dmidecode/CVE-2023-30630.patch | |||
@@ -0,0 +1,62 @@ | |||
1 | From b7dacccff32294ea522df32a9391d0218e7600ea Mon Sep 17 00:00:00 2001 | ||
2 | From: Jean Delvare <jdelvare@suse.de> | ||
3 | Date: Mon, 20 Feb 2023 14:53:31 +0100 | ||
4 | Subject: [PATCH] dmidecode: Do not let --dump-bin overwrite an existing file | ||
5 | |||
6 | Make sure that the file passed to option --dump-bin does not already | ||
7 | exist. In practice, it is rather unlikely that an honest user would | ||
8 | want to overwrite an existing dump file, while this possibility | ||
9 | could be used by a rogue user to corrupt a system file. | ||
10 | |||
11 | CVE: CVE-2023-30630 | ||
12 | Upstream-Status: Backport [https://git.savannah.nongnu.org/cgit/dmidecode.git/commit/?id=6ca381c1247c] | ||
13 | |||
14 | Backport Changes: | ||
15 | - Ignored changes in man/dmidecode.8 file. | ||
16 | |||
17 | Signed-off-by: Jean Delvare <jdelvare@suse.de> | ||
18 | Reviewed-by: Jerry Hoemann <jerry.hoemann@hpe.com> | ||
19 | (cherry picked from commit 6ca381c1247c81f74e1ca4e7706f70bdda72e6f2) | ||
20 | Signed-off-by: Dhairya Nagodra <dnagodra@cisco.com> | ||
21 | |||
22 | --- | ||
23 | dmidecode.c | 14 ++++++++++++-- | ||
24 | 1 file changed, 12 insertions(+), 2 deletions(-) | ||
25 | |||
26 | diff --git a/dmidecode.c b/dmidecode.c | ||
27 | index b91e53b..846d9a1 100644 | ||
28 | --- a/dmidecode.c | ||
29 | +++ b/dmidecode.c | ||
30 | @@ -60,6 +60,7 @@ | ||
31 | * https://www.dmtf.org/sites/default/files/DSP0270_1.0.1.pdf | ||
32 | */ | ||
33 | |||
34 | +#include <fcntl.h> | ||
35 | #include <stdio.h> | ||
36 | #include <string.h> | ||
37 | #include <strings.h> | ||
38 | @@ -5097,13 +5098,22 @@ static void dmi_table_string(const struct dmi_header *h, const u8 *data, u16 ver | ||
39 | static int dmi_table_dump(const u8 *ep, u32 ep_len, const u8 *table, | ||
40 | u32 table_len) | ||
41 | { | ||
42 | + int fd; | ||
43 | FILE *f; | ||
44 | |||
45 | - f = fopen(opt.dumpfile, "wb"); | ||
46 | + fd = open(opt.dumpfile, O_WRONLY|O_CREAT|O_EXCL, 0666); | ||
47 | + if (fd == -1) | ||
48 | + { | ||
49 | + fprintf(stderr, "%s: ", opt.dumpfile); | ||
50 | + perror("open"); | ||
51 | + return -1; | ||
52 | + } | ||
53 | + | ||
54 | + f = fdopen(fd, "wb"); | ||
55 | if (!f) | ||
56 | { | ||
57 | fprintf(stderr, "%s: ", opt.dumpfile); | ||
58 | - perror("fopen"); | ||
59 | + perror("fdopen"); | ||
60 | return -1; | ||
61 | } | ||
62 | |||