File dmidecode-split-table-fetching-from-decoding.patch of Package dmidecode.28623
From: Jean Delvare <jdelvare@suse.de>
Date: Mon, 20 Feb 2023 14:53:21 +0100
Subject: dmidecode: Split table fetching from decoding
Git-commit: 39b2dd7b6ab719b920e96ed832cfb4bdd664e808
Patch-mainline: 3.5
References: bsc#1210418 CVE-2023-30630
Clean up function dmi_table so that it does only one thing:
* dmi_table() is renamed to dmi_table_get(). It now retrieves the
DMI table, but does not process it any longer.
* Decoding or dumping the table is now done in smbios3_decode(),
smbios_decode() and legacy_decode().
No functional change.
A side effect of this change is that writing the header and body of
dump files is now done in a single location. This is required to
further consolidate the writing of dump files.
Signed-off-by: Jean Delvare <jdelvare@suse.de>
Reviewed-by: Jerry Hoemann <jerry.hoemann@hpe.com>
---
dmidecode.c | 86 +++++++++++++++++++++++++++++++++++++++++++-----------------
1 file changed, 62 insertions(+), 24 deletions(-)
--- a/dmidecode.c
+++ b/dmidecode.c
@@ -5266,8 +5266,9 @@ static void dmi_table_decode(u8 *buf, u3
}
}
-static void dmi_table(off_t base, u32 len, u16 num, u32 ver, const char *devmem,
- u32 flags)
+/* Allocates a buffer for the table, must be freed by the caller */
+static u8 *dmi_table_get(off_t base, u32 *len, u16 num, u32 ver,
+ const char *devmem, u32 flags)
{
u8 *buf;
@@ -5286,7 +5287,7 @@ static void dmi_table(off_t base, u32 le
{
if (num)
printf("%u structures occupying %u bytes.\n",
- num, len);
+ num, *len);
if (!(opt.flags & FLAG_FROM_DUMP))
printf("Table at 0x%08llX.\n",
(unsigned long long)base);
@@ -5304,19 +5305,19 @@ static void dmi_table(off_t base, u32 le
* would be the result of the kernel truncating the table on
* parse error.
*/
- size_t size = len;
+ size_t size = *len;
buf = read_file(flags & FLAG_NO_FILE_OFFSET ? 0 : base,
&size, devmem);
- if (!(opt.flags & FLAG_QUIET) && num && size != (size_t)len)
+ if (!(opt.flags & FLAG_QUIET) && num && size != (size_t)*len)
{
fprintf(stderr, "Wrong DMI structures length: %u bytes "
"announced, only %lu bytes available.\n",
- len, (unsigned long)size);
+ *len, (unsigned long)size);
}
- len = size;
+ *len = size;
}
else
- buf = mem_chunk(base, len, devmem);
+ buf = mem_chunk(base, *len, devmem);
if (buf == NULL)
{
@@ -5326,15 +5327,9 @@ static void dmi_table(off_t base, u32 le
fprintf(stderr,
"Try compiling dmidecode with -DUSE_MMAP.\n");
#endif
- return;
}
- if (opt.flags & FLAG_DUMP_BIN)
- dmi_table_dump(buf, len);
- else
- dmi_table_decode(buf, len, num, ver >> 8, flags);
-
- free(buf);
+ return buf;
}
@@ -5369,8 +5364,9 @@ static void overwrite_smbios3_address(u8
static int smbios3_decode(u8 *buf, const char *devmem, u32 flags)
{
- u32 ver;
+ u32 ver, len;
u64 offset;
+ u8 *table;
/* Don't let checksum run beyond the buffer */
if (buf[0x06] > 0x20)
@@ -5397,8 +5393,12 @@ static int smbios3_decode(u8 *buf, const
return 0;
}
- dmi_table(((off_t)offset.h << 32) | offset.l,
- DWORD(buf + 0x0C), 0, ver, devmem, flags | FLAG_STOP_AT_EOT);
+ /* Maximum length, may get trimmed */
+ len = DWORD(buf + 0x0C);
+ table = dmi_table_get(((off_t)offset.h << 32) | offset.l, &len, 0, ver,
+ devmem, flags | FLAG_STOP_AT_EOT);
+ if (table == NULL)
+ return 1;
if (opt.flags & FLAG_DUMP_BIN)
{
@@ -5407,18 +5407,28 @@ static int smbios3_decode(u8 *buf, const
memcpy(crafted, buf, 32);
overwrite_smbios3_address(crafted);
+ dmi_table_dump(table, len);
if (!(opt.flags & FLAG_QUIET))
printf("# Writing %d bytes to %s.\n", crafted[0x06],
opt.dumpfile);
write_dump(0, crafted[0x06], crafted, opt.dumpfile, 1);
}
+ else
+ {
+ dmi_table_decode(table, len, 0, ver >> 8,
+ flags | FLAG_STOP_AT_EOT);
+ }
+
+ free(table);
return 1;
}
static int smbios_decode(u8 *buf, const char *devmem, u32 flags)
{
- u16 ver;
+ u16 ver, num;
+ u32 len;
+ u8 *table;
/* Don't let checksum run beyond the buffer */
if (buf[0x05] > 0x20)
@@ -5463,8 +5473,13 @@ static int smbios_decode(u8 *buf, const
printf("SMBIOS %u.%u present.\n",
ver >> 8, ver & 0xFF);
- dmi_table(DWORD(buf + 0x18), WORD(buf + 0x16), WORD(buf + 0x1C),
- ver << 8, devmem, flags);
+ /* Maximum length, may get trimmed */
+ len = WORD(buf + 0x16);
+ num = WORD(buf + 0x1C);
+ table = dmi_table_get(DWORD(buf + 0x18), &len, num, ver << 8,
+ devmem, flags);
+ if (table == NULL)
+ return 1;
if (opt.flags & FLAG_DUMP_BIN)
{
@@ -5473,27 +5488,43 @@ static int smbios_decode(u8 *buf, const
memcpy(crafted, buf, 32);
overwrite_dmi_address(crafted + 0x10);
+ dmi_table_dump(table, len);
if (!(opt.flags & FLAG_QUIET))
printf("# Writing %d bytes to %s.\n", crafted[0x05],
opt.dumpfile);
write_dump(0, crafted[0x05], crafted, opt.dumpfile, 1);
}
+ else
+ {
+ dmi_table_decode(table, len, num, ver, flags);
+ }
+
+ free(table);
return 1;
}
static int legacy_decode(u8 *buf, const char *devmem, u32 flags)
{
+ u16 ver, num;
+ u32 len;
+ u8 *table;
+
if (!checksum(buf, 0x0F))
return 0;
+ ver = ((buf[0x0E] & 0xF0) << 4) + (buf[0x0E] & 0x0F);
if (!(opt.flags & FLAG_QUIET))
printf("Legacy DMI %u.%u present.\n",
buf[0x0E] >> 4, buf[0x0E] & 0x0F);
- dmi_table(DWORD(buf + 0x08), WORD(buf + 0x06), WORD(buf + 0x0C),
- ((buf[0x0E] & 0xF0) << 12) + ((buf[0x0E] & 0x0F) << 8),
- devmem, flags);
+ /* Maximum length, may get trimmed */
+ len = WORD(buf + 0x06);
+ num = WORD(buf + 0x0C);
+ table = dmi_table_get(DWORD(buf + 0x08), &len, num, ver << 8,
+ devmem, flags);
+ if (table == NULL)
+ return 1;
if (opt.flags & FLAG_DUMP_BIN)
{
@@ -5502,11 +5533,18 @@ static int legacy_decode(u8 *buf, const
memcpy(crafted, buf, 16);
overwrite_dmi_address(crafted);
+ dmi_table_dump(table, len);
if (!(opt.flags & FLAG_QUIET))
printf("# Writing %d bytes to %s.\n", 0x0F,
opt.dumpfile);
write_dump(0, 0x0F, crafted, opt.dumpfile, 1);
}
+ else
+ {
+ dmi_table_decode(table, len, num, ver, flags);
+ }
+
+ free(table);
return 1;
}
