Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP4:Update
dmidecode
dmidecode-avoid-oob-read-on-invalid-entry-point...
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File dmidecode-avoid-oob-read-on-invalid-entry-point-length.patch of Package dmidecode
From: Jean Delvare <jdelvare@suse.de> Date: Wed, 1 Aug 2018 09:54:45 +0200 Subject: dmidecode: Avoid OOB read on invalid entry point length Git-commit: 8ff32018e8dd53c26d1f0daef118037fdae58c68 Patch-mainline: 3.2 Don't let the entry point checksum verification run beyond the end of the buffer holding it (32 bytes). This bug was discovered by Lionel Debroux using the AFL fuzzer and AddressSanitizer. Signed-off-by: Jean Delvare <jdelvare@suse.de> --- dmidecode.c | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) --- a/dmidecode.c +++ b/dmidecode.c @@ -4713,6 +4713,15 @@ static int smbios3_decode(u8 *buf, const u32 ver; u64 offset; + /* Don't let checksum run beyond the buffer */ + if (buf[0x06] > 0x20) + { + fprintf(stderr, + "Entry point length too large (%u bytes, expected %u).\n", + (unsigned int)buf[0x06], 0x18U); + return 0; + } + if (!checksum(buf, buf[0x06])) return 0; @@ -4751,6 +4760,15 @@ static int smbios_decode(u8 *buf, const { u16 ver; + /* Don't let checksum run beyond the buffer */ + if (buf[0x05] > 0x20) + { + fprintf(stderr, + "Entry point length too large (%u bytes, expected %u).\n", + (unsigned int)buf[0x05], 0x1FU); + return 0; + } + if (!checksum(buf, buf[0x05]) || memcmp(buf + 0x10, "_DMI_", 5) != 0 || !checksum(buf + 0x10, 0x0F))
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor