diff options
Diffstat (limited to 'poky/meta/recipes-devtools/dmidecode/dmidecode/CVE-2023-30630_2.patch')
-rw-r--r-- | poky/meta/recipes-devtools/dmidecode/dmidecode/CVE-2023-30630_2.patch | 81 |
1 files changed, 81 insertions, 0 deletions
diff --git a/poky/meta/recipes-devtools/dmidecode/dmidecode/CVE-2023-30630_2.patch b/poky/meta/recipes-devtools/dmidecode/dmidecode/CVE-2023-30630_2.patch new file mode 100644 index 0000000000..dcc87d2326 --- /dev/null +++ b/poky/meta/recipes-devtools/dmidecode/dmidecode/CVE-2023-30630_2.patch @@ -0,0 +1,81 @@ +From 6ca381c1247c81f74e1ca4e7706f70bdda72e6f2 Mon Sep 17 00:00:00 2001 +From: Jean Delvare <jdelvare@suse.de> +Date: Tue, 27 Jun 2023 10:03:53 +0000 +Subject: [PATCH] dmidecode: Do not let --dump-bin overwrite an existing file + +Make sure that the file passed to option --dump-bin does not already +exist. In practice, it is rather unlikely that an honest user would +want to overwrite an existing dump file, while this possibility +could be used by a rogue user to corrupt a system file. + +Signed-off-by: Jean Delvare <jdelvare@suse.de> +Reviewed-by: Jerry Hoemann <jerry.hoemann@hpe.com> + +CVE: CVE-2023-30630 + +Upstream-Status: Backport +[https://github.com/mirror/dmidecode/commit/6ca381c1247c81f74e1ca4e7706f70bdda72e6f2] + +Signed-off-by: Yogita Urade <yogita.urade@windriver.com> +--- + dmidecode.c | 14 ++++++++++++-- + man/dmidecode.8 | 3 ++- + 2 files changed, 14 insertions(+), 3 deletions(-) + +diff --git a/dmidecode.c b/dmidecode.c +index 5477309..98f9692 100644 +--- a/dmidecode.c ++++ b/dmidecode.c +@@ -60,6 +60,7 @@ + * https://www.dmtf.org/sites/default/files/DSP0270_1.0.1.pdf + */ + ++#include <fcntl.h> + #include <stdio.h> + #include <string.h> + #include <strings.h> +@@ -5430,13 +5431,22 @@ static void dmi_table_string(const struct dmi_header *h, const u8 *data, u16 ver + static int dmi_table_dump(const u8 *ep, u32 ep_len, const u8 *table, + u32 table_len) + { ++ int fd; + FILE *f; + +- f = fopen(opt.dumpfile, "wb"); ++ fd = open(opt.dumpfile, O_WRONLY|O_CREAT|O_EXCL, 0666); ++ if (fd == -1) ++ { ++ fprintf(stderr, "%s: ", opt.dumpfile); ++ perror("open"); ++ return -1; ++ } ++ ++ f = fdopen(fd, "wb"); + if (!f) + { + fprintf(stderr, "%s: ", opt.dumpfile); +- perror("fopen"); ++ perror("fdopen"); + return -1; + } + +diff --git a/man/dmidecode.8 b/man/dmidecode.8 +index ed066b3..3a732c0 100644 +--- a/man/dmidecode.8 ++++ b/man/dmidecode.8 +@@ -1,4 +1,4 @@ +-.TH DMIDECODE 8 "January 2019" "dmidecode" ++.TH DMIDECODE 8 "February 2023" "dmidecode" + .\" + .SH NAME + dmidecode \- \s-1DMI\s0 table decoder +@@ -159,6 +159,7 @@ hexadecimal and \s-1ASCII\s0. This option is mainly useful for debugging. + Do not decode the entries, instead dump the DMI data to a file in binary + form. The generated file is suitable to pass to \fB--from-dump\fP + later. ++\fIFILE\fP must not exist. + .TP + .BR " " " " "--from-dump \fIFILE\fP" + Read the DMI data from a binary file previously generated using +-- +2.35.5 |