1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
|
From 2d26f187c734635d072d24ea401255b84f03f4c4 Mon Sep 17 00:00:00 2001
From: Jean Delvare <jdelvare@suse.de>
Date: Tue, 27 Jun 2023 10:03:53 +0000
Subject: [PATCH 3/5] dmidecode: Do not let --dump-bin overwrite an existing
file
Make sure that the file passed to option --dump-bin does not already
exist. In practice, it is rather unlikely that an honest user would
want to overwrite an existing dump file, while this possibility
could be used by a rogue user to corrupt a system file.
Signed-off-by: Jean Delvare <jdelvare@suse.de>
Reviewed-by: Jerry Hoemann <jerry.hoemann@hpe.com>
CVE: CVE-2023-30630
Upstream-Status: Backport
[https://github.com/mirror/dmidecode/commit/6ca381c1247c81f74e1ca4e7706f70bdda72e6f2]
Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
---
dmidecode.c | 14 ++++++++++++--
man/dmidecode.8 | 3 ++-
2 files changed, 14 insertions(+), 3 deletions(-)
diff --git a/dmidecode.c b/dmidecode.c
index a80a140..32a77cc 100644
--- a/dmidecode.c
+++ b/dmidecode.c
@@ -60,6 +60,7 @@
* https://www.dmtf.org/sites/default/files/DSP0270_1.0.1.pdf
*/
+#include <fcntl.h>
#include <stdio.h>
#include <string.h>
#include <strings.h>
@@ -5133,13 +5134,22 @@ static void dmi_table_string(const struct dmi_header *h, const u8 *data, u16 ver
static int dmi_table_dump(const u8 *ep, u32 ep_len, const u8 *table,
u32 table_len)
{
+ int fd;
FILE *f;
- f = fopen(opt.dumpfile, "wb");
+ fd = open(opt.dumpfile, O_WRONLY|O_CREAT|O_EXCL, 0666);
+ if (fd == -1)
+ {
+ fprintf(stderr, "%s: ", opt.dumpfile);
+ perror("open");
+ return -1;
+ }
+
+ f = fdopen(fd, "wb");
if (!f)
{
fprintf(stderr, "%s: ", opt.dumpfile);
- perror("fopen");
+ perror("fdopen");
return -1;
}
diff --git a/man/dmidecode.8 b/man/dmidecode.8
index 64dc7e7..d5b7f01 100644
--- a/man/dmidecode.8
+++ b/man/dmidecode.8
@@ -1,4 +1,4 @@
-.TH DMIDECODE 8 "January 2019" "dmidecode"
+.TH DMIDECODE 8 "February 2023" "dmidecode"
.\"
.SH NAME
dmidecode \- \s-1DMI\s0 table decoder
@@ -132,6 +132,7 @@ hexadecimal and \s-1ASCII\s0. This option is mainly useful for debugging.
Do not decode the entries, instead dump the DMI data to a file in binary
form. The generated file is suitable to pass to \fB--from-dump\fR
later.
+\fIFILE\fP must not exist.
.TP
.BR " " " " "--from-dump FILE"
Read the DMI data from a binary file previously generated using
--
2.41.0
|
