diff options
Diffstat (limited to 'meta/recipes-devtools/dmidecode/dmidecode/CVE-2023-30630_4.patch')
-rw-r--r-- | meta/recipes-devtools/dmidecode/dmidecode/CVE-2023-30630_4.patch | 143 |
1 files changed, 72 insertions, 71 deletions
diff --git a/meta/recipes-devtools/dmidecode/dmidecode/CVE-2023-30630_4.patch b/meta/recipes-devtools/dmidecode/dmidecode/CVE-2023-30630_4.patch index 5fa72b4f9b..a3c5af2f1c 100644 --- a/meta/recipes-devtools/dmidecode/dmidecode/CVE-2023-30630_4.patch +++ b/meta/recipes-devtools/dmidecode/dmidecode/CVE-2023-30630_4.patch | |||
@@ -33,105 +33,106 @@ Signed-off-by: Yogita Urade <yogita.urade@windriver.com> | |||
33 | 1 file changed, 12 insertions(+), 12 deletions(-) | 33 | 1 file changed, 12 insertions(+), 12 deletions(-) |
34 | 34 | ||
35 | diff --git a/dmidecode.c b/dmidecode.c | 35 | diff --git a/dmidecode.c b/dmidecode.c |
36 | index b4dbc9d..870d94e 100644 | 36 | index 1ecdf85..640c079 100644 |
37 | --- a/dmidecode.c | 37 | --- a/dmidecode.c |
38 | +++ b/dmidecode.c | 38 | +++ b/dmidecode.c |
39 | @@ -5736,14 +5736,14 @@ static void overwrite_smbios3_address(u8 *buf) | 39 | @@ -5736,14 +5736,14 @@ static void overwrite_smbios3_address(u8 *buf) |
40 | buf[0x17] = 0; | 40 | buf[0x17] = 0; |
41 | } | 41 | } |
42 | 42 | ||
43 | -static int smbios3_decode(u8 *buf, const char *devmem, u32 flags) | 43 | -static int smbios3_decode(u8 *buf, const char *devmem, u32 flags) |
44 | +static int smbios3_decode(u8 *buf, size_t buf_len, const char *devmem, u32 flags) | 44 | +static int smbios3_decode(u8 *buf, size_t buf_len, const char *devmem, u32 flags) |
45 | { | 45 | { |
46 | u32 ver, len; | 46 | u32 ver, len; |
47 | u64 offset; | 47 | u64 offset; |
48 | u8 *table; | 48 | u8 *table; |
49 | 49 | ||
50 | /* Don't let checksum run beyond the buffer */ | 50 | /* Don't let checksum run beyond the buffer */ |
51 | - if (buf[0x06] > 0x20) | 51 | - if (buf[0x06] > 0x20) |
52 | + if (buf[0x06] > buf_len) | 52 | + if (buf[0x06] > buf_len) |
53 | { | 53 | { |
54 | fprintf(stderr, | 54 | fprintf(stderr, |
55 | "Entry point length too large (%u bytes, expected %u).\n", | 55 | "Entry point length too large (%u bytes, expected %u).\n", |
56 | @@ -5782,14 +5782,14 @@ static int smbios3_decode(u8 *buf, const char *devmem, u32 flags) | 56 | @@ -5793,14 +5793,14 @@ static int smbios3_decode(u8 *buf, const char *devmem, u32 flags) |
57 | return 1; | 57 | return 1; |
58 | } | 58 | } |
59 | 59 | ||
60 | -static int smbios_decode(u8 *buf, const char *devmem, u32 flags) | 60 | -static int smbios_decode(u8 *buf, const char *devmem, u32 flags) |
61 | +static int smbios_decode(u8 *buf, size_t buf_len, const char *devmem, u32 flags) | 61 | +static int smbios_decode(u8 *buf, size_t buf_len, const char *devmem, u32 flags) |
62 | { | 62 | { |
63 | u16 ver; | 63 | u16 ver, num; |
64 | u32 len; | 64 | u32 len; |
65 | u8 *table; | 65 | u8 *table; |
66 | 66 | ||
67 | /* Don't let checksum run beyond the buffer */ | 67 | /* Don't let checksum run beyond the buffer */ |
68 | - if (buf[0x05] > 0x20) | 68 | - if (buf[0x05] > 0x20) |
69 | + if (buf[0x05] > buf_len) | 69 | + if (buf[0x05] > buf_len) |
70 | { | 70 | { |
71 | fprintf(stderr, | 71 | fprintf(stderr, |
72 | "Entry point length too large (%u bytes, expected %u).\n", | 72 | "Entry point length too large (%u bytes, expected %u).\n", |
73 | @@ -6018,12 +6018,12 @@ int main(int argc, char * const argv[]) | 73 | @@ -6052,12 +6052,12 @@ int main(int argc, char * const argv[]) |
74 | 74 | ||
75 | if (memcmp(buf, "_SM3_", 5) == 0) | 75 | if (memcmp(buf, "_SM3_", 5) == 0) |
76 | { | 76 | { |
77 | - if (smbios3_decode(buf, opt.dumpfile, 0)) | 77 | - if (smbios3_decode(buf, opt.dumpfile, 0)) |
78 | + if (smbios3_decode(buf, size, opt.dumpfile, 0)) | 78 | + if (smbios3_decode(buf, size, opt.dumpfile, 0)) |
79 | found++; | 79 | found++; |
80 | } | 80 | } |
81 | else if (memcmp(buf, "_SM_", 4) == 0) | 81 | else if (memcmp(buf, "_SM_", 4) == 0) |
82 | { | 82 | { |
83 | - if (smbios_decode(buf, opt.dumpfile, 0)) | 83 | - if (smbios_decode(buf, opt.dumpfile, 0)) |
84 | + if (smbios_decode(buf, size, opt.dumpfile, 0)) | 84 | + if (smbios_decode(buf, size, opt.dumpfile, 0)) |
85 | found++; | 85 | found++; |
86 | } | 86 | } |
87 | else if (memcmp(buf, "_DMI_", 5) == 0) | 87 | else if (memcmp(buf, "_DMI_", 5) == 0) |
88 | @@ -6046,12 +6046,12 @@ int main(int argc, char * const argv[]) | 88 | @@ -6080,12 +6080,12 @@ int main(int argc, char * const argv[]) |
89 | pr_info("Getting SMBIOS data from sysfs."); | 89 | pr_info("Getting SMBIOS data from sysfs."); |
90 | if (size >= 24 && memcmp(buf, "_SM3_", 5) == 0) | 90 | if (size >= 24 && memcmp(buf, "_SM3_", 5) == 0) |
91 | { | 91 | { |
92 | - if (smbios3_decode(buf, SYS_TABLE_FILE, FLAG_NO_FILE_OFFSET)) | 92 | - if (smbios3_decode(buf, SYS_TABLE_FILE, FLAG_NO_FILE_OFFSET)) |
93 | + if (smbios3_decode(buf, size, SYS_TABLE_FILE, FLAG_NO_FILE_OFFSET)) | 93 | + if (smbios3_decode(buf, size, SYS_TABLE_FILE, FLAG_NO_FILE_OFFSET)) |
94 | found++; | 94 | found++; |
95 | } | 95 | } |
96 | else if (size >= 31 && memcmp(buf, "_SM_", 4) == 0) | 96 | else if (size >= 31 && memcmp(buf, "_SM_", 4) == 0) |
97 | { | 97 | { |
98 | - if (smbios_decode(buf, SYS_TABLE_FILE, FLAG_NO_FILE_OFFSET)) | 98 | - if (smbios_decode(buf, SYS_TABLE_FILE, FLAG_NO_FILE_OFFSET)) |
99 | + if (smbios_decode(buf, size, SYS_TABLE_FILE, FLAG_NO_FILE_OFFSET)) | 99 | + if (smbios_decode(buf, size, SYS_TABLE_FILE, FLAG_NO_FILE_OFFSET)) |
100 | found++; | 100 | found++; |
101 | } | 101 | } |
102 | else if (size >= 15 && memcmp(buf, "_DMI_", 5) == 0) | 102 | else if (size >= 15 && memcmp(buf, "_DMI_", 5) == 0) |
103 | @@ -6088,12 +6088,12 @@ int main(int argc, char * const argv[]) | 103 | @@ -6122,12 +6122,12 @@ int main(int argc, char * const argv[]) |
104 | 104 | ||
105 | if (memcmp(buf, "_SM3_", 5) == 0) | 105 | if (memcmp(buf, "_SM3_", 5) == 0) |
106 | { | 106 | { |
107 | - if (smbios3_decode(buf, opt.devmem, 0)) | 107 | - if (smbios3_decode(buf, opt.devmem, 0)) |
108 | + if (smbios3_decode(buf, 0x20, opt.devmem, 0)) | 108 | + if (smbios3_decode(buf, 0x20, opt.devmem, 0)) |
109 | found++; | 109 | found++; |
110 | } | 110 | } |
111 | else if (memcmp(buf, "_SM_", 4) == 0) | 111 | else if (memcmp(buf, "_SM_", 4) == 0) |
112 | { | 112 | { |
113 | - if (smbios_decode(buf, opt.devmem, 0)) | 113 | - if (smbios_decode(buf, opt.devmem, 0)) |
114 | + if (smbios_decode(buf, 0x20, opt.devmem, 0)) | 114 | + if (smbios_decode(buf, 0x20, opt.devmem, 0)) |
115 | found++; | 115 | found++; |
116 | } | 116 | } |
117 | goto done; | 117 | goto done; |
118 | @@ -6114,7 +6114,7 @@ memory_scan: | 118 | @@ -6148,7 +6148,7 @@ int main(int argc, char * const argv[]) |
119 | { | 119 | { |
120 | if (memcmp(buf + fp, "_SM3_", 5) == 0) | 120 | if (memcmp(buf + fp, "_SM3_", 5) == 0) |
121 | { | 121 | { |
122 | - if (smbios3_decode(buf + fp, opt.devmem, 0)) | 122 | - if (smbios3_decode(buf + fp, opt.devmem, 0)) |
123 | + if (smbios3_decode(buf + fp, 0x20, opt.devmem, 0)) | 123 | + if (smbios3_decode(buf + fp, 0x20, opt.devmem, 0)) |
124 | { | 124 | { |
125 | found++; | 125 | found++; |
126 | goto done; | 126 | goto done; |
127 | @@ -6127,7 +6127,7 @@ memory_scan: | 127 | @@ -6161,7 +6161,7 @@ int main(int argc, char * const argv[]) |
128 | { | 128 | { |
129 | if (memcmp(buf + fp, "_SM_", 4) == 0 && fp <= 0xFFE0) | 129 | if (memcmp(buf + fp, "_SM_", 4) == 0 && fp <= 0xFFE0) |
130 | { | 130 | { |
131 | - if (smbios_decode(buf + fp, opt.devmem, 0)) | 131 | - if (smbios_decode(buf + fp, opt.devmem, 0)) |
132 | + if (smbios_decode(buf + fp, 0x20, opt.devmem, 0)) | 132 | + if (smbios_decode(buf + fp, 0x20, opt.devmem, 0)) |
133 | { | 133 | { |
134 | found++; | 134 | found++; |
135 | goto done; | 135 | goto done; |
136 | -- | 136 | -- |
137 | 2.35.5 | 137 | 2.42.0 |
138 | |||