File use-read_file-to-read-from-dump.patch of Package dmidecode.28622

Overview Repositories Revisions Requests Users Attributes Meta

File use-read_file-to-read-from-dump.patch of Package dmidecode.28622

From: Jean Delvare <jdelvare@suse.de>
Subject: Consistently use read_file() when reading from a dump file
Patch-mainline: Submitted 2023-04-18
References: bsc#1210418 CVE-2023-30630

Use read_file() instead of mem_chunk() to read the entry point from a
dump file. This is faster, and consistent with how we then read the
actual DMI table from that dump file.

This made no functional difference so far, which is why it went
unnoticed for years. But now that a file type check was added to the
mem_chunk() function, we must stop using it to read from regular
files.

This will again allow root to use the --from-dump option.

Signed-off-by: Jean Delvare <jdelvare@suse.de>
---
 dmidecode.c |   11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

--- a/dmidecode.c
+++ b/dmidecode.c
@@ -6037,17 +6037,25 @@ int main(int argc, char * const argv[])
 		pr_comment("dmidecode %s", VERSION);
 
 	/* Read from dump if so instructed */
+	size = 0x20;
 	if (opt.flags & FLAG_FROM_DUMP)
 	{
 		if (!(opt.flags & FLAG_QUIET))
 			pr_info("Reading SMBIOS/DMI data from file %s.",
 				opt.dumpfile);
-		if ((buf = mem_chunk(0, 0x20, opt.dumpfile)) == NULL)
+		if ((buf = read_file(0, &size, opt.dumpfile)) == NULL)
 		{
 			ret = 1;
 			goto exit_free;
 		}
 
+		/* Truncated entry point can't be processed */
+		if (size < 0x20)
+		{
+			ret = 1;
+			goto done;
+		}
+
 		if (memcmp(buf, "_SM3_", 5) == 0)
 		{
 			if (smbios3_decode(buf, opt.dumpfile, 0))
@@ -6071,7 +6079,6 @@ int main(int argc, char * const argv[])
 	 * contain one of several types of entry points, so read enough for
 	 * the largest one, then determine what type it contains.
 	 */
-	size = 0x20;
 	if (!(opt.flags & FLAG_NO_SYSFS)
 	 && (buf = read_file(0, &size, SYS_ENTRY_FILE)) != NULL)
 	{

Places

File use-read_file-to-read-from-dump.patch of Package dmidecode.28622

Places