Re: [OE-core] [kirkstone][PATCH] Fix kirkstone dmidedecode smbios3_decode
Looking at this patch set again, I just found a mistake: I forgot to add patch 5 to the SRC_URI. I will send a v2 as soon as possible. This one will have 2 improvements: - Adding all patches to the SRC_URI. - Renaming the patches to their original names to minimize differences and simplify review. -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#186124): https://lists.openembedded.org/g/openembedded-core/message/186124 Mute This Topic: https://lists.openembedded.org/mt/100696063/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [kirkstone][PATCH] Fix kirkstone dmidedecode smbios3_decode
On Tue, Aug 15, 2023 at 12:02 AM Adrian Freihofer wrote: > > Here is a fix for this issue: > https://lists.openembedded.org/g/openembedded-core/message/186054. > Unfortunately, I was not able to link to this discussion. I have this version of the fix in my current test queue. Steve > > -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#186098): https://lists.openembedded.org/g/openembedded-core/message/186098 Mute This Topic: https://lists.openembedded.org/mt/100696063/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [kirkstone][PATCH] Fix kirkstone dmidedecode smbios3_decode
Here is a fix for this issue: https://lists.openembedded.org/g/openembedded-core/message/186054. Unfortunately, I was not able to link to this discussion. -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#186056): https://lists.openembedded.org/g/openembedded-core/message/186056 Mute This Topic: https://lists.openembedded.org/mt/100696063/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core][kirkstone][PATCH] Fix kirkstone dmidedecode smbios3_decode
On Sat, 2023-08-12 at 09:47 +0800, Lau, Karn Jye wrote: > From: "Lau, Karn Jye" > > Recent CVE fixes in kirkstone dmidecode broke it > functionality, this issue is only observed in kirkstone > version of dmidecode(v3.3).Update smbios3_decode to address > the broken functionality. > > Signed-off-by: Lau, Karn Jye > --- > ...mbios3_decode-in-kirkstone-dmidecode.patch | 125 > ++ > .../dmidecode/dmidecode_3.3.bb | 1 + > 2 files changed, 126 insertions(+) > create mode 100644 meta/recipes-devtools/dmidecode/dmidecode/0002- > Fix-smbios3_decode-in-kirkstone-dmidecode.patch > > diff --git a/meta/recipes-devtools/dmidecode/dmidecode/0002-Fix- > smbios3_decode-in-kirkstone-dmidecode.patch b/meta/recipes- > devtools/dmidecode/dmidecode/0002-Fix-smbios3_decode-in-kirkstone- > dmidecode.patch > new file mode 100644 > index 00..00ffb90ce2 > --- /dev/null > +++ b/meta/recipes-devtools/dmidecode/dmidecode/0002-Fix- > smbios3_decode-in-kirkstone-dmidecode.patch > @@ -0,0 +1,125 @@ > +From 8a395982d6f350d0744666cffe42c4a486656c6f Mon Sep 17 00:00:00 > 2001 > +From: "Lau, Karn Jye" > +Date: Sat, 12 Aug 2023 08:41:58 +0800 > +Subject: [PATCH 2/2] Fix smbios3_decode in kirkstone dmidecode > + > +Recent CVE fix broke dmidecode functionality, > +port upstream changes to fix smbios3_decodein > +function. > + > +Reference: > https://github.com/mirror/dmidecode/commit/39b2dd7b6ab719b920e96ed832 > cfb4bdd664e808 Why are we backporting only a part of this commit? Thanks, Anuj > + > +Signed-off-by: Lau, Karn Jye > +--- > + dmidecode.c | 81 > +++-- > + 1 file changed, 79 insertions(+), 2 deletions(-) > + > +diff --git a/dmidecode.c b/dmidecode.c > +index f826f6c..91e1a32 100644 > +--- a/dmidecode.c > b/dmidecode.c > +@@ -3514,6 +3514,72 @@ static const char > *dmi_power_supply_range_switching(u8 code) > + return out_of_spec; > + } > + > ++/* Allocates a buffer for the table, must be freed by the caller */ > ++static u8 *dmi_table_get(off_t base, u32 *len, u16 num, u32 ver, > ++ const char *devmem, u32 flags) > ++{ > ++ u8 *buf; > ++ > ++ if (ver > SUPPORTED_SMBIOS_VER && !(opt.flags & FLAG_QUIET)) > ++ { > ++ pr_comment("SMBIOS implementations newer than version > %u.%u.%u are not", > ++ SUPPORTED_SMBIOS_VER >> 16, > ++ (SUPPORTED_SMBIOS_VER >> 8) & 0xFF, > ++ SUPPORTED_SMBIOS_VER & 0xFF); > ++ pr_comment("fully supported by this version of > dmidecode."); > ++ } > ++ > ++ if (!(opt.flags & FLAG_QUIET)) > ++ { > ++ if (opt.type == NULL) > ++ { > ++ if (num) > ++ pr_info("%u structures occupying %u > bytes.", > ++ num, *len); > ++ if (!(opt.flags & FLAG_FROM_DUMP)) > ++ pr_info("Table at 0x%08llX.", > ++ (unsigned long long)base); > ++ } > ++ pr_sep(); > ++ } > ++ > ++ if ((flags & FLAG_NO_FILE_OFFSET) || (opt.flags & > FLAG_FROM_DUMP)) > ++ { > ++ /* > ++ * When reading from sysfs or from a dump file, the > file may be > ++ * shorter than announced. For SMBIOS v3 this is > expcted, as we > ++ * only know the maximum table size, not the actual > table size. > ++ * For older implementations (and for SMBIOS v3 too), > this > ++ * would be the result of the kernel truncating the > table on > ++ * parse error. > ++ */ > ++ size_t size = *len; > ++ buf = read_file(flags & FLAG_NO_FILE_OFFSET ? 0 : > base, > ++ &size, devmem); > ++ if (!(opt.flags & FLAG_QUIET) && num && size != > (size_t)*len) > ++ { > ++ fprintf(stderr, "Wrong DMI structures length: > %u bytes " > ++ "announced, only %lu bytes > available.\n", > ++ *len, (unsigned long)size); > ++ } > ++ *len = size; > ++ } > ++ else > ++ buf = mem_chunk(base, *len, devmem); > ++ > ++ if (buf == NULL) > ++ { > ++ fprintf(stderr, "Failed to read table, sorry.\n"); > ++#ifndef USE_MMAP > ++ if (!(flags & FLAG_NO_FILE_OFFSET)) > ++ fprintf(stderr, > ++ "Try compiling dmidecode with - > DUSE_MMAP.\n"); > ++#endif > ++ } > ++ > ++ return buf; > ++} > ++ > + /* > + * 7.41 Additional Information (Type 40) > + * > +@@ -5428,8 +5494,11 @@ static int smbios3_decode(u8 *buf, size_t > buf_len, const char *devmem, u32 flags > + return 0; > + } > + > +- dmi_table(((off_t)offset
Re: [OE-core][kirkstone][PATCH] Fix kirkstone dmidedecode smbios3_decode
Thanks for the patch. Unfortunately there is an issue: Applying patch 0002-Fix-smbios3_decode-in-kirkstone-dmidecode.patch patching file dmidecode.c Hunk #1 succeeded at 3513 (offset -1 lines). Hunk #2 succeeded at 5443 (offset -51 lines). Hunk #3 succeeded at 5461 with fuzz 2 (offset -48 lines). Applying patch CVE-2023-30630_1.patch patching file dmidecode.c Hunk #1 succeeded at 5196 (offset -231 lines). Hunk #2 succeeded at 5421 (offset -272 lines). Hunk #3 succeeded at 5456 (offset -272 lines). Hunk #4 succeeded at 5497 with fuzz 2 (offset -269 lines). Hunk #5 succeeded at 5514 (offset -261 lines). Hunk #6 succeeded at 5565 (offset -261 lines). Hunk #7 succeeded at 5573 (offset -261 lines). Hunk #8 succeeded at 5594 (offset -261 lines). patching file util.c patching file util.h Could you please fix the fuzz error and submit a v2? Also, a more standard shortlog would be something like: dmidecode: fix smbios3_decode Could you fix this also with v2? Thanks again! Steve On Fri, Aug 11, 2023 at 3:50 PM Lau, Karn Jye wrote: > > From: "Lau, Karn Jye" > > Recent CVE fixes in kirkstone dmidecode broke it > functionality, this issue is only observed in kirkstone > version of dmidecode(v3.3).Update smbios3_decode to address > the broken functionality. > > Signed-off-by: Lau, Karn Jye > --- > ...mbios3_decode-in-kirkstone-dmidecode.patch | 125 ++ > .../dmidecode/dmidecode_3.3.bb| 1 + > 2 files changed, 126 insertions(+) > create mode 100644 > meta/recipes-devtools/dmidecode/dmidecode/0002-Fix-smbios3_decode-in-kirkstone-dmidecode.patch > > diff --git > a/meta/recipes-devtools/dmidecode/dmidecode/0002-Fix-smbios3_decode-in-kirkstone-dmidecode.patch > > b/meta/recipes-devtools/dmidecode/dmidecode/0002-Fix-smbios3_decode-in-kirkstone-dmidecode.patch > new file mode 100644 > index 00..00ffb90ce2 > --- /dev/null > +++ > b/meta/recipes-devtools/dmidecode/dmidecode/0002-Fix-smbios3_decode-in-kirkstone-dmidecode.patch > @@ -0,0 +1,125 @@ > +From 8a395982d6f350d0744666cffe42c4a486656c6f Mon Sep 17 00:00:00 2001 > +From: "Lau, Karn Jye" > +Date: Sat, 12 Aug 2023 08:41:58 +0800 > +Subject: [PATCH 2/2] Fix smbios3_decode in kirkstone dmidecode > + > +Recent CVE fix broke dmidecode functionality, > +port upstream changes to fix smbios3_decodein > +function. > + > +Reference:https://github.com/mirror/dmidecode/commit/39b2dd7b6ab719b920e96ed832cfb4bdd664e808 > + > +Signed-off-by: Lau, Karn Jye > +--- > + dmidecode.c | 81 +++-- > + 1 file changed, 79 insertions(+), 2 deletions(-) > + > +diff --git a/dmidecode.c b/dmidecode.c > +index f826f6c..91e1a32 100644 > +--- a/dmidecode.c > b/dmidecode.c > +@@ -3514,6 +3514,72 @@ static const char > *dmi_power_supply_range_switching(u8 code) > + return out_of_spec; > + } > + > ++/* Allocates a buffer for the table, must be freed by the caller */ > ++static u8 *dmi_table_get(off_t base, u32 *len, u16 num, u32 ver, > ++ const char *devmem, u32 flags) > ++{ > ++ u8 *buf; > ++ > ++ if (ver > SUPPORTED_SMBIOS_VER && !(opt.flags & FLAG_QUIET)) > ++ { > ++ pr_comment("SMBIOS implementations newer than version > %u.%u.%u are not", > ++ SUPPORTED_SMBIOS_VER >> 16, > ++ (SUPPORTED_SMBIOS_VER >> 8) & 0xFF, > ++ SUPPORTED_SMBIOS_VER & 0xFF); > ++ pr_comment("fully supported by this version of dmidecode."); > ++ } > ++ > ++ if (!(opt.flags & FLAG_QUIET)) > ++ { > ++ if (opt.type == NULL) > ++ { > ++ if (num) > ++ pr_info("%u structures occupying %u bytes.", > ++ num, *len); > ++ if (!(opt.flags & FLAG_FROM_DUMP)) > ++ pr_info("Table at 0x%08llX.", > ++ (unsigned long long)base); > ++ } > ++ pr_sep(); > ++ } > ++ > ++ if ((flags & FLAG_NO_FILE_OFFSET) || (opt.flags & FLAG_FROM_DUMP)) > ++ { > ++ /* > ++ * When reading from sysfs or from a dump file, the file may > be > ++ * shorter than announced. For SMBIOS v3 this is expcted, as > we > ++ * only know the maximum table size, not the actual table > size. > ++ * For older implementations (and for SMBIOS v3 too), this > ++ * would be the result of the kernel truncating the table on > ++ * parse error. > ++ */ > ++ size_t size = *len; > ++ buf = read_file(flags & FLAG_NO_FILE_OFFSET ? 0 : base, > ++ &size, devmem); > ++ if (!(opt.flags & FLAG_QUIET) && num && size != (size_t)*len) > ++ { > ++ fprintf(stderr, "Wrong DMI structures length: %u > b
[OE-core][kirkstone][PATCH] Fix kirkstone dmidedecode smbios3_decode
From: "Lau, Karn Jye" Recent CVE fixes in kirkstone dmidecode broke it functionality, this issue is only observed in kirkstone version of dmidecode(v3.3).Update smbios3_decode to address the broken functionality. Signed-off-by: Lau, Karn Jye --- ...mbios3_decode-in-kirkstone-dmidecode.patch | 125 ++ .../dmidecode/dmidecode_3.3.bb| 1 + 2 files changed, 126 insertions(+) create mode 100644 meta/recipes-devtools/dmidecode/dmidecode/0002-Fix-smbios3_decode-in-kirkstone-dmidecode.patch diff --git a/meta/recipes-devtools/dmidecode/dmidecode/0002-Fix-smbios3_decode-in-kirkstone-dmidecode.patch b/meta/recipes-devtools/dmidecode/dmidecode/0002-Fix-smbios3_decode-in-kirkstone-dmidecode.patch new file mode 100644 index 00..00ffb90ce2 --- /dev/null +++ b/meta/recipes-devtools/dmidecode/dmidecode/0002-Fix-smbios3_decode-in-kirkstone-dmidecode.patch @@ -0,0 +1,125 @@ +From 8a395982d6f350d0744666cffe42c4a486656c6f Mon Sep 17 00:00:00 2001 +From: "Lau, Karn Jye" +Date: Sat, 12 Aug 2023 08:41:58 +0800 +Subject: [PATCH 2/2] Fix smbios3_decode in kirkstone dmidecode + +Recent CVE fix broke dmidecode functionality, +port upstream changes to fix smbios3_decodein +function. + +Reference:https://github.com/mirror/dmidecode/commit/39b2dd7b6ab719b920e96ed832cfb4bdd664e808 + +Signed-off-by: Lau, Karn Jye +--- + dmidecode.c | 81 +++-- + 1 file changed, 79 insertions(+), 2 deletions(-) + +diff --git a/dmidecode.c b/dmidecode.c +index f826f6c..91e1a32 100644 +--- a/dmidecode.c b/dmidecode.c +@@ -3514,6 +3514,72 @@ static const char *dmi_power_supply_range_switching(u8 code) + return out_of_spec; + } + ++/* Allocates a buffer for the table, must be freed by the caller */ ++static u8 *dmi_table_get(off_t base, u32 *len, u16 num, u32 ver, ++ const char *devmem, u32 flags) ++{ ++ u8 *buf; ++ ++ if (ver > SUPPORTED_SMBIOS_VER && !(opt.flags & FLAG_QUIET)) ++ { ++ pr_comment("SMBIOS implementations newer than version %u.%u.%u are not", ++ SUPPORTED_SMBIOS_VER >> 16, ++ (SUPPORTED_SMBIOS_VER >> 8) & 0xFF, ++ SUPPORTED_SMBIOS_VER & 0xFF); ++ pr_comment("fully supported by this version of dmidecode."); ++ } ++ ++ if (!(opt.flags & FLAG_QUIET)) ++ { ++ if (opt.type == NULL) ++ { ++ if (num) ++ pr_info("%u structures occupying %u bytes.", ++ num, *len); ++ if (!(opt.flags & FLAG_FROM_DUMP)) ++ pr_info("Table at 0x%08llX.", ++ (unsigned long long)base); ++ } ++ pr_sep(); ++ } ++ ++ if ((flags & FLAG_NO_FILE_OFFSET) || (opt.flags & FLAG_FROM_DUMP)) ++ { ++ /* ++ * When reading from sysfs or from a dump file, the file may be ++ * shorter than announced. For SMBIOS v3 this is expcted, as we ++ * only know the maximum table size, not the actual table size. ++ * For older implementations (and for SMBIOS v3 too), this ++ * would be the result of the kernel truncating the table on ++ * parse error. ++ */ ++ size_t size = *len; ++ buf = read_file(flags & FLAG_NO_FILE_OFFSET ? 0 : base, ++ &size, devmem); ++ if (!(opt.flags & FLAG_QUIET) && num && size != (size_t)*len) ++ { ++ fprintf(stderr, "Wrong DMI structures length: %u bytes " ++ "announced, only %lu bytes available.\n", ++ *len, (unsigned long)size); ++ } ++ *len = size; ++ } ++ else ++ buf = mem_chunk(base, *len, devmem); ++ ++ if (buf == NULL) ++ { ++ fprintf(stderr, "Failed to read table, sorry.\n"); ++#ifndef USE_MMAP ++ if (!(flags & FLAG_NO_FILE_OFFSET)) ++ fprintf(stderr, ++ "Try compiling dmidecode with -DUSE_MMAP.\n"); ++#endif ++ } ++ ++ return buf; ++} ++ + /* + * 7.41 Additional Information (Type 40) + * +@@ -5428,8 +5494,11 @@ static int smbios3_decode(u8 *buf, size_t buf_len, const char *devmem, u32 flags + return 0; + } + +- dmi_table(((off_t)offset.h << 32) | offset.l, +-DWORD(buf + 0x0C), 0, ver, devmem, flags | FLAG_STOP_AT_EOT); ++ /* Maximum length, may get trimmed */ ++ ++len = DWORD(buf + 0x0C); ++ ++table = dmi_table_get(((off_t)offset.h << 32) | offset.l, &len, 0, ver,devmem, flags | FLAG_STOP_AT_EOT); + + if (opt.flags & FLAG_DUMP_BIN) + { +@@ -5440,6 +5509,14 @@ static int smbios3_decode(u8 *buf, size