1 files changed, 72 insertions, 71 deletions
diff --git a/meta/recipes-devtools/dmidecode/dmidecode/CVE-2023-30630_4.patch b/meta/recipes-devtools/dmidecode/dmidecode/CVE-2023-30630_4.patch
index 5fa72b4f9b..a3c5af2f1c 100644
--- a/meta/recipes-devtools/dmidecode/dmidecode/CVE-2023-30630_4.patch
+++ b/meta/recipes-devtools/dmidecode/dmidecode/CVE-2023-30630_4.patch
@@ -33,105 +33,106 @@ Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
 1 file changed, 12 insertions(+), 12 deletions(-)
 diff --git a/dmidecode.c b/dmidecode.c
-index b4dbc9d..870d94e 100644
+index 1ecdf85..640c079 100644
 --- a/dmidecode.c
 +++ b/dmidecode.c
 @@ -5736,14 +5736,14 @@ static void overwrite_smbios3_address(u8 *buf)
-        buf[0x17] = 0;
+        buf[0x17] = 0;
 }
+ 
 -static int smbios3_decode(u8 *buf, const char *devmem, u32 flags)
 +static int smbios3_decode(u8 *buf, size_t buf_len, const char *devmem, u32 flags)
 {
-        u32 ver, len;
+        u32 ver, len;
-        u64 offset;
+        u64 offset;
-        u8 *table;
+        u8 *table;
+ 
-        /* Don't let checksum run beyond the buffer */
+        /* Don't let checksum run beyond the buffer */
 -       if (buf[0x06] > 0x20)
 +        if (buf[0x06] > buf_len)
-        {
+        {
-                fprintf(stderr,
+                fprintf(stderr,
-                        "Entry point length too large (%u bytes, expected %u).\n",
+                        "Entry point length too large (%u bytes, expected %u).\n",
-@@ -5782,14 +5782,14 @@ static int smbios3_decode(u8 *buf, const char *devmem, u32 flags)
+@@ -5793,14 +5793,14 @@ static int smbios3_decode(u8 *buf, const char *devmem, u32 flags)
-        return 1;
+        return 1;
 }
+ 
 -static int smbios_decode(u8 *buf, const char *devmem, u32 flags)
 +static int smbios_decode(u8 *buf, size_t buf_len, const char *devmem, u32 flags)
 {
-        u16 ver;
+        u16 ver, num;
-        u32 len;
+        u32 len;
-         u8 *table;
+        u8 *table;
+ 
-        /* Don't let checksum run beyond the buffer */
+        /* Don't let checksum run beyond the buffer */
 -       if (buf[0x05] > 0x20)
 +        if (buf[0x05] > buf_len)
-        {
+        {
-                fprintf(stderr,
+                fprintf(stderr,
-                        "Entry point length too large (%u bytes, expected %u).\n",
+                        "Entry point length too large (%u bytes, expected %u).\n",
-@@ -6018,12 +6018,12 @@ int main(int argc, char * const argv[])
+@@ -6052,12 +6052,12 @@ int main(int argc, char * const argv[])
+ 
-                if (memcmp(buf, "_SM3_", 5) == 0)
+                if (memcmp(buf, "_SM3_", 5) == 0)
-                {
+                {
 -                       if (smbios3_decode(buf, opt.dumpfile, 0))
 +                        if (smbios3_decode(buf, size, opt.dumpfile, 0))
-                                found++;
+                                found++;
-                }
+                }
-                else if (memcmp(buf, "_SM_", 4) == 0)
+                else if (memcmp(buf, "_SM_", 4) == 0)
-                {
+                {
 -                       if (smbios_decode(buf, opt.dumpfile, 0))
 +                        if (smbios_decode(buf, size, opt.dumpfile, 0))
-                                found++;
+                                found++;
-                }
+                }
-                else if (memcmp(buf, "_DMI_", 5) == 0)
+                else if (memcmp(buf, "_DMI_", 5) == 0)
-@@ -6046,12 +6046,12 @@ int main(int argc, char * const argv[])
+@@ -6080,12 +6080,12 @@ int main(int argc, char * const argv[])
-                        pr_info("Getting SMBIOS data from sysfs.");
+                        pr_info("Getting SMBIOS data from sysfs.");
-                if (size >= 24 && memcmp(buf, "_SM3_", 5) == 0)
+                if (size >= 24 && memcmp(buf, "_SM3_", 5) == 0)
-                {
+                {
 -                       if (smbios3_decode(buf, SYS_TABLE_FILE, FLAG_NO_FILE_OFFSET))
 +                        if (smbios3_decode(buf, size, SYS_TABLE_FILE, FLAG_NO_FILE_OFFSET))
-                                found++;
+                                found++;
-                }
+                }
-                else if (size >= 31 && memcmp(buf, "_SM_", 4) == 0)
+                else if (size >= 31 && memcmp(buf, "_SM_", 4) == 0)
-                {
+                {
 -                       if (smbios_decode(buf, SYS_TABLE_FILE, FLAG_NO_FILE_OFFSET))
 +                        if (smbios_decode(buf, size, SYS_TABLE_FILE, FLAG_NO_FILE_OFFSET))
-                                found++;
+                                found++;
-                }
+                }
-                else if (size >= 15 && memcmp(buf, "_DMI_", 5) == 0)
+                else if (size >= 15 && memcmp(buf, "_DMI_", 5) == 0)
-@@ -6088,12 +6088,12 @@ int main(int argc, char * const argv[])
+@@ -6122,12 +6122,12 @@ int main(int argc, char * const argv[])
+ 
-        if (memcmp(buf, "_SM3_", 5) == 0)
+        if (memcmp(buf, "_SM3_", 5) == 0)
-        {
+        {
 -               if (smbios3_decode(buf, opt.devmem, 0))
 +                if (smbios3_decode(buf, 0x20, opt.devmem, 0))
-                        found++;
+                        found++;
-        }
+        }
-        else if (memcmp(buf, "_SM_", 4) == 0)
+        else if (memcmp(buf, "_SM_", 4) == 0)
-        {
+        {
 -               if (smbios_decode(buf, opt.devmem, 0))
 +                if (smbios_decode(buf, 0x20, opt.devmem, 0))
-                        found++;
+                        found++;
-        }
+        }
-        goto done;
+        goto done;
-@@ -6114,7 +6114,7 @@ memory_scan:
+@@ -6148,7 +6148,7 @@ int main(int argc, char * const argv[])
-        {
+        {
-                if (memcmp(buf + fp, "_SM3_", 5) == 0)
+                if (memcmp(buf + fp, "_SM3_", 5) == 0)
-                {
+                {
 -                       if (smbios3_decode(buf + fp, opt.devmem, 0))
 +                        if (smbios3_decode(buf + fp, 0x20, opt.devmem, 0))
-                        {
+                        {
-                                found++;
+                                found++;
-                                goto done;
+                                goto done;
-@@ -6127,7 +6127,7 @@ memory_scan:
+@@ -6161,7 +6161,7 @@ int main(int argc, char * const argv[])
-        {
+        {
-                if (memcmp(buf + fp, "_SM_", 4) == 0 && fp <= 0xFFE0)
+                if (memcmp(buf + fp, "_SM_", 4) == 0 && fp <= 0xFFE0)
-                {
+                {
 -                       if (smbios_decode(buf + fp, opt.devmem, 0))
 +                        if (smbios_decode(buf + fp, 0x20, opt.devmem, 0))
-                        {
+                        {
-                                found++;
+                                found++;
-                                goto done;
+                                goto done;
--
+-- 
-2.35.5
+2.42.0

diff --git a/meta/recipes-devtools/dmidecode/dmidecode/CVE-2023-30630_4.patch b/meta/recipes-devtools/dmidecode/dmidecode/CVE-2023-30630_4.patch index 5fa72b4f9b..a3c5af2f1c 100644 --- a/meta/recipes-devtools/dmidecode/dmidecode/CVE-2023-30630_4.patch +++ b/meta/recipes-devtools/dmidecode/dmidecode/CVE-2023-30630_4.patch
@@ -33,105 +33,106 @@ Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
33	1 file changed, 12 insertions(+), 12 deletions(-)	33	1 file changed, 12 insertions(+), 12 deletions(-)
34		34
35	diff --git a/dmidecode.c b/dmidecode.c	35	diff --git a/dmidecode.c b/dmidecode.c
36	index b4dbc9d..870d94e 100644	36	index 1ecdf85..640c079 100644
37	--- a/dmidecode.c	37	--- a/dmidecode.c
38	+++ b/dmidecode.c	38	+++ b/dmidecode.c
39	@@ -5736,14 +5736,14 @@ static void overwrite_smbios3_address(u8 *buf)	39	@@ -5736,14 +5736,14 @@ static void overwrite_smbios3_address(u8 *buf)
40	buf[0x17] = 0;	40	buf[0x17] = 0;
41	}	41	}
42		42
43	-static int smbios3_decode(u8 buf, const char devmem, u32 flags)	43	-static int smbios3_decode(u8 buf, const char devmem, u32 flags)
44	+static int smbios3_decode(u8 buf, size_t buf_len, const char devmem, u32 flags)	44	+static int smbios3_decode(u8 buf, size_t buf_len, const char devmem, u32 flags)
45	{	45	{
46	u32 ver, len;	46	u32 ver, len;
47	u64 offset;	47	u64 offset;
48	u8 *table;	48	u8 *table;
49		49
50	/* Don't let checksum run beyond the buffer */	50	/* Don't let checksum run beyond the buffer */
51	- if (buf[0x06] > 0x20)	51	- if (buf[0x06] > 0x20)
52	+ if (buf[0x06] > buf_len)	52	+ if (buf[0x06] > buf_len)
53	{	53	{
54	fprintf(stderr,	54	fprintf(stderr,
55	"Entry point length too large (%u bytes, expected %u).\n",	55	"Entry point length too large (%u bytes, expected %u).\n",
56	@@ -5782,14 +5782,14 @@ static int smbios3_decode(u8 buf, const char devmem, u32 flags)	56	@@ -5793,14 +5793,14 @@ static int smbios3_decode(u8 buf, const char devmem, u32 flags)
57	return 1;	57	return 1;
58	}	58	}
59		59
60	-static int smbios_decode(u8 buf, const char devmem, u32 flags)	60	-static int smbios_decode(u8 buf, const char devmem, u32 flags)
61	+static int smbios_decode(u8 buf, size_t buf_len, const char devmem, u32 flags)	61	+static int smbios_decode(u8 buf, size_t buf_len, const char devmem, u32 flags)
62	{	62	{
63	u16 ver;	63	u16 ver, num;
64	u32 len;	64	u32 len;
65	u8 *table;	65	u8 *table;
66		66
67	/* Don't let checksum run beyond the buffer */	67	/* Don't let checksum run beyond the buffer */
68	- if (buf[0x05] > 0x20)	68	- if (buf[0x05] > 0x20)
69	+ if (buf[0x05] > buf_len)	69	+ if (buf[0x05] > buf_len)
70	{	70	{
71	fprintf(stderr,	71	fprintf(stderr,
72	"Entry point length too large (%u bytes, expected %u).\n",	72	"Entry point length too large (%u bytes, expected %u).\n",
73	@@ -6018,12 +6018,12 @@ int main(int argc, char * const argv[])	73	@@ -6052,12 +6052,12 @@ int main(int argc, char * const argv[])
74		74
75	if (memcmp(buf, "_SM3_", 5) == 0)	75	if (memcmp(buf, "_SM3_", 5) == 0)
76	{	76	{
77	- if (smbios3_decode(buf, opt.dumpfile, 0))	77	- if (smbios3_decode(buf, opt.dumpfile, 0))
78	+ if (smbios3_decode(buf, size, opt.dumpfile, 0))	78	+ if (smbios3_decode(buf, size, opt.dumpfile, 0))
79	found++;	79	found++;
80	}	80	}
81	else if (memcmp(buf, "_SM_", 4) == 0)	81	else if (memcmp(buf, "_SM_", 4) == 0)
82	{	82	{
83	- if (smbios_decode(buf, opt.dumpfile, 0))	83	- if (smbios_decode(buf, opt.dumpfile, 0))
84	+ if (smbios_decode(buf, size, opt.dumpfile, 0))	84	+ if (smbios_decode(buf, size, opt.dumpfile, 0))
85	found++;	85	found++;
86	}	86	}
87	else if (memcmp(buf, "_DMI_", 5) == 0)	87	else if (memcmp(buf, "_DMI_", 5) == 0)
88	@@ -6046,12 +6046,12 @@ int main(int argc, char * const argv[])	88	@@ -6080,12 +6080,12 @@ int main(int argc, char * const argv[])
89	pr_info("Getting SMBIOS data from sysfs.");	89	pr_info("Getting SMBIOS data from sysfs.");
90	if (size >= 24 && memcmp(buf, "_SM3_", 5) == 0)	90	if (size >= 24 && memcmp(buf, "_SM3_", 5) == 0)
91	{	91	{
92	- if (smbios3_decode(buf, SYS_TABLE_FILE, FLAG_NO_FILE_OFFSET))	92	- if (smbios3_decode(buf, SYS_TABLE_FILE, FLAG_NO_FILE_OFFSET))
93	+ if (smbios3_decode(buf, size, SYS_TABLE_FILE, FLAG_NO_FILE_OFFSET))	93	+ if (smbios3_decode(buf, size, SYS_TABLE_FILE, FLAG_NO_FILE_OFFSET))
94	found++;	94	found++;
95	}	95	}
96	else if (size >= 31 && memcmp(buf, "_SM_", 4) == 0)	96	else if (size >= 31 && memcmp(buf, "_SM_", 4) == 0)
97	{	97	{
98	- if (smbios_decode(buf, SYS_TABLE_FILE, FLAG_NO_FILE_OFFSET))	98	- if (smbios_decode(buf, SYS_TABLE_FILE, FLAG_NO_FILE_OFFSET))
99	+ if (smbios_decode(buf, size, SYS_TABLE_FILE, FLAG_NO_FILE_OFFSET))	99	+ if (smbios_decode(buf, size, SYS_TABLE_FILE, FLAG_NO_FILE_OFFSET))
100	found++;	100	found++;
101	}	101	}
102	else if (size >= 15 && memcmp(buf, "_DMI_", 5) == 0)	102	else if (size >= 15 && memcmp(buf, "_DMI_", 5) == 0)
103	@@ -6088,12 +6088,12 @@ int main(int argc, char * const argv[])	103	@@ -6122,12 +6122,12 @@ int main(int argc, char * const argv[])
104		104
105	if (memcmp(buf, "_SM3_", 5) == 0)	105	if (memcmp(buf, "_SM3_", 5) == 0)
106	{	106	{
107	- if (smbios3_decode(buf, opt.devmem, 0))	107	- if (smbios3_decode(buf, opt.devmem, 0))
108	+ if (smbios3_decode(buf, 0x20, opt.devmem, 0))	108	+ if (smbios3_decode(buf, 0x20, opt.devmem, 0))
109	found++;	109	found++;
110	}	110	}
111	else if (memcmp(buf, "_SM_", 4) == 0)	111	else if (memcmp(buf, "_SM_", 4) == 0)
112	{	112	{
113	- if (smbios_decode(buf, opt.devmem, 0))	113	- if (smbios_decode(buf, opt.devmem, 0))
114	+ if (smbios_decode(buf, 0x20, opt.devmem, 0))	114	+ if (smbios_decode(buf, 0x20, opt.devmem, 0))
115	found++;	115	found++;
116	}	116	}
117	goto done;	117	goto done;
118	@@ -6114,7 +6114,7 @@ memory_scan:	118	@@ -6148,7 +6148,7 @@ int main(int argc, char * const argv[])
119	{	119	{
120	if (memcmp(buf + fp, "_SM3_", 5) == 0)	120	if (memcmp(buf + fp, "_SM3_", 5) == 0)
121	{	121	{
122	- if (smbios3_decode(buf + fp, opt.devmem, 0))	122	- if (smbios3_decode(buf + fp, opt.devmem, 0))
123	+ if (smbios3_decode(buf + fp, 0x20, opt.devmem, 0))	123	+ if (smbios3_decode(buf + fp, 0x20, opt.devmem, 0))
124	{	124	{
125	found++;	125	found++;
126	goto done;	126	goto done;
127	@@ -6127,7 +6127,7 @@ memory_scan:	127	@@ -6161,7 +6161,7 @@ int main(int argc, char * const argv[])
128	{	128	{
129	if (memcmp(buf + fp, "_SM_", 4) == 0 && fp <= 0xFFE0)	129	if (memcmp(buf + fp, "_SM_", 4) == 0 && fp <= 0xFFE0)
130	{	130	{
131	- if (smbios_decode(buf + fp, opt.devmem, 0))	131	- if (smbios_decode(buf + fp, opt.devmem, 0))
132	+ if (smbios_decode(buf + fp, 0x20, opt.devmem, 0))	132	+ if (smbios_decode(buf + fp, 0x20, opt.devmem, 0))
133	{	133	{
134	found++;	134	found++;
135	goto done;	135	goto done;
136	--	136	--
137	2.35.5	137	2.42.0
		138