[dmidecode] [PATCH 3/3] dmidecode: Check sysfs entry point length

Jean Delvare Sat, 17 Oct 2015 06:12:06 -0700

Before passing the sysfs entry point data over for decoding, check
that its length meets the expectations.
---
 dmidecode.c |    6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)


--- dmidecode.orig/dmidecode.c  2015-10-17 15:09:22.601044374 +0200
+++ dmidecode/dmidecode.c       2015-10-17 15:09:35.476315545 +0200
@@ -4838,17 +4838,17 @@ int main(int argc, char * const argv[])
        {
                if (!(opt.flags & FLAG_QUIET))
                        printf("Getting SMBIOS data from sysfs.\n");
-               if (memcmp(buf, "_SM3_", 5) == 0)
+               if (size >= 24 && memcmp(buf, "_SM3_", 5) == 0)
                {
                        if (smbios3_decode(buf, SYS_TABLE_FILE, 
FLAG_NO_FILE_OFFSET))
                                found++;
                }
-               else if (memcmp(buf, "_SM_", 4) == 0)
+               else if (size >= 31 && memcmp(buf, "_SM_", 4) == 0)
                {
                        if (smbios_decode(buf, SYS_TABLE_FILE, 
FLAG_NO_FILE_OFFSET))
                                found++;
                }
-               else if (memcmp(buf, "_DMI_", 5) == 0)
+               else if (size >= 15 && memcmp(buf, "_DMI_", 5) == 0)
                {
                        if (legacy_decode(buf, SYS_TABLE_FILE, 
FLAG_NO_FILE_OFFSET))
                                found++;

-- 
Jean Delvare
SUSE L3 Support

_______________________________________________
https://lists.nongnu.org/mailman/listinfo/dmidecode-devel

[dmidecode] [PATCH 3/3] dmidecode: Check sysfs entry point length

Reply via email to