[dmidecode] [PATCH] dmidecode: Fortify entry point length checks

Jean Delvare Wed, 07 Sep 2022 02:51:49 -0700

Ensure that the SMBIOS entry point is long enough to include all the
fields we need. Otherwise it is pointless to even attempt to verify
its checksum.


A similar check was added to the SMBIOS entry point parser in the
Linux kernel.

Signed-off-by: Jean Delvare <jdelv...@suse.de>
---
 dmidecode.c |    6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

--- dmidecode.orig/dmidecode.c  2022-06-15 13:44:53.259977860 +0200
+++ dmidecode/dmidecode.c       2022-09-07 11:03:17.188473731 +0200
@@ -5700,7 +5700,8 @@ static int smbios3_decode(u8 *buf, const
                return 0;
        }
 
-       if (!checksum(buf, buf[0x06]))
+       if (buf[0x06] < 0x18
+        || !checksum(buf, buf[0x06]))
                return 0;
 
        ver = (buf[0x07] << 16) + (buf[0x08] << 8) + buf[0x09];
@@ -5747,7 +5748,8 @@ static int smbios_decode(u8 *buf, const
                return 0;
        }
 
-       if (!checksum(buf, buf[0x05])
+       if (buf[0x05] < 0x1F
+        || !checksum(buf, buf[0x05])
         || memcmp(buf + 0x10, "_DMI_", 5) != 0
         || !checksum(buf + 0x10, 0x0F))
                return 0;


-- 
Jean Delvare
SUSE L3 Support

_______________________________________________
https://lists.nongnu.org/mailman/listinfo/dmidecode-devel

[dmidecode] [PATCH] dmidecode: Fortify entry point length checks

Reply via email to