Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Leap:15.3
dmidecode.28623
ensure-dev-mem-is-a-character-device-file.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File ensure-dev-mem-is-a-character-device-file.patch of Package dmidecode.28623
From: Jean Delvare <jdelvare@suse.de> Date: Fri, 10 Mar 2023 15:12:56 +0100 Subject: Ensure /dev/mem is a character device file Git-commit: 189ca352e9341778c21e95c27817574b2876ede7 Patch-mainline: 3.5 References: bsc#1210418 CVE-2023-30630 While option --dev-mem can be convenient for testing purposes, it could be abused by attackers to force dmidecode to read a malicious file. Add a safety check on the type of the mem device file we are asked to read from. If we are root and this isn't a character device file, then something is fishy and we better stop. For non-root users, reading from a regular file is OK and accepted. Signed-off-by: Jean Delvare <jdelvare@suse.de> --- util.c | 25 +++++++++++++------------ 1 file changed, 13 insertions(+), 12 deletions(-) --- a/util.c +++ b/util.c @@ -161,18 +161,26 @@ out: */ void *mem_chunk(off_t base, size_t len, const char *devmem) { - void *p; + struct stat statbuf; + void *p = NULL; int fd; #ifdef USE_MMAP - struct stat statbuf; off_t mmoffset; void *mmp; #endif - if ((fd = open(devmem, O_RDONLY)) == -1) + /* + * Safety check: if running as root, devmem is expected to be a + * character device file. + */ + if ((fd = open(devmem, O_RDONLY)) == -1 + || fstat(fd, &statbuf) == -1 + || (geteuid() == 0 && !S_ISCHR(statbuf.st_mode))) { - perror(devmem); - return NULL; + fprintf(stderr, "Can't read memory from %s\n", devmem); + if (fd == -1) + return NULL; + goto out; } if ((p = malloc(len)) == NULL) @@ -182,13 +190,6 @@ void *mem_chunk(off_t base, size_t len, } #ifdef USE_MMAP - if (fstat(fd, &statbuf) == -1) - { - fprintf(stderr, "%s: ", devmem); - perror("stat"); - goto err_free; - } - /* * mmap() will fail with SIGBUS if trying to map beyond the end of * the file.
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor