diff --git a/SOURCES/0001-Harden-dmi_string-calls-with-better-NULL-checks.patch b/SOURCES/0001-Harden-dmi_string-calls-with-better-NULL-checks.patch new file mode 100644 index 0000000..2ff61a7 --- /dev/null +++ b/SOURCES/0001-Harden-dmi_string-calls-with-better-NULL-checks.patch @@ -0,0 +1,126 @@ +From d6987c53d3648d85e410ef81a343867e239eb960 Mon Sep 17 00:00:00 2001 +From: David Sommerseth +Date: Thu, 6 Jan 2011 15:56:24 +0100 +Subject: [PATCH 1/1] Harden dmi_string() calls with better NULL checks + +This patch fixes more potential issues where dmi_string() results +was not necessarily checked for NULL, which potentially could lead +to SEGV issues. + +Signed-off-by: David Sommerseth +--- + src/dmidecode.c | 23 ++++++++++++++++------- + src/dmioem.c | 13 +++++++++++-- + src/dmioem.h | 2 +- + 3 files changed, 28 insertions(+), 10 deletions(-) + +diff --git a/src/dmidecode.c b/src/dmidecode.c +index 726b2de..17f2130 100644 +--- a/src/dmidecode.c ++++ b/src/dmidecode.c +@@ -918,6 +918,11 @@ void dmi_processor_family(xmlNode *node, const struct dmi_header *h) + /* Special case for ambiguous value 0xBE */ + if(code == 0xBE) { + const char *manufacturer = dmi_string(h, data[0x07]); ++ ++ if( manufacturer == NULL ) { ++ dmixml_AddTextContent(family_n, "Core 2 or K7 (Unkown manufacturer)"); ++ return; ++ } + + /* Best bet based on manufacturer string */ + if(strstr(manufacturer, "Intel") != NULL || +@@ -931,7 +935,7 @@ void dmi_processor_family(xmlNode *node, const struct dmi_header *h) + dmixml_AddTextContent(family_n, "K7"); + return; + } +- dmixml_AddTextContent(family_n, "Core 2 or K7"); ++ dmixml_AddTextContent(family_n, "Core 2 or K7 (Unkown manufacturer)"); + return; + } + +@@ -959,7 +963,7 @@ void dmi_processor_family(xmlNode *node, const struct dmi_header *h) + dmixml_AddAttribute(family_n, "outofspec", "1"); + } + +-xmlNode *dmi_processor_id(xmlNode *node, u8 type, const u8 * p, const char *version) ++xmlNode *dmi_processor_id(xmlNode *node, const struct dmi_header *h) + { + /* Intel AP-485 revision 31, table 3-4 */ + static struct _cpuflags { +@@ -1001,11 +1005,18 @@ xmlNode *dmi_processor_id(xmlNode *node, u8 type, const u8 * p, const char *vers + {"PBE", "PBE (Pending break enabled)"} /* 31 */ + /* *INDENT-ON* */ + }; ++ u8 type, *p = NULL; ++ char *version = NULL; + + xmlNode *flags_n = NULL; + xmlNode *data_n = xmlNewChild(node, NULL, (xmlChar *) "CPUCore", NULL); + assert( data_n != NULL ); + ++ assert( h && h->data ); ++ type = h->data[0x06]; ++ p = h->data + 8; ++ version = dmi_string(h, h->data[0x10]); ++ + /* + ** Extra flags are now returned in the ECX register when one calls + ** the CPUID instruction. Their meaning is explained in table 3-5, but +@@ -3878,7 +3889,7 @@ xmlNode *dmi_decode(xmlNode *prnt_n, dmi_codes_major *dmiMajor, struct dmi_heade + dmi_processor_type(sect_n, data[0x05]); + dmi_processor_family(sect_n, h); + +- dmi_processor_id(sect_n, data[0x06], data + 8, dmi_string(h, data[0x10])); ++ dmi_processor_id(sect_n, h); + + sub_n = xmlNewChild(sect_n, NULL, (xmlChar *) "Manufacturer", NULL); + assert( sub_n != NULL ); +@@ -4899,7 +4909,7 @@ static void dmi_table(Log_t *logp, int type, u32 base, u16 len, u16 num, u16 ver + + /* assign vendor for vendor-specific decodes later */ + if(h.type == 0 && h.length >= 5) { +- dmi_set_vendor(dmi_string(&h, data[0x04])); ++ dmi_set_vendor(&h); + } + + /* look for the next handle */ +diff --git a/src/dmioem.c b/src/dmioem.c +index 361810a..67cd517 100644 +--- a/src/dmioem.c ++++ b/src/dmioem.c +@@ -40,10 +40,19 @@ static enum DMI_VENDORS dmi_vendor = VENDOR_UNKNOWN; + * value if we know how to decode at least one specific entry type for + * that vendor. + */ +-void dmi_set_vendor(const char *s) ++void dmi_set_vendor(const struct dmi_header *h) + { +- if(strcmp(s, "HP") == 0) ++ const char *vendor; ++ ++ if( !h || !h->data ) { ++ return; ++ } ++ vendor = dmi_string(h, h->data[0x04]); ++ if( !vendor ) { ++ return; ++ } else if(strcmp(vendor, "HP") == 0) { + dmi_vendor = VENDOR_HP; ++ } + } + + /* +diff --git a/src/dmioem.h b/src/dmioem.h +index b1b4af8..9ad25bf 100644 +--- a/src/dmioem.h ++++ b/src/dmioem.h +@@ -22,5 +22,5 @@ + + struct dmi_header; + +-void dmi_set_vendor(const char *s); ++void dmi_set_vendor(const struct dmi_header *h); + int dmi_decode_oem(struct dmi_header *h); +-- +1.8.3.1 diff --git a/SPECS/python-dmidecode.spec b/SPECS/python-dmidecode.spec index bbd1173..b41a809 100644 --- a/SPECS/python-dmidecode.spec +++ b/SPECS/python-dmidecode.spec @@ -4,7 +4,7 @@ Summary: Python module to access DMI data Name: python-dmidecode Version: 3.10.13 -Release: 11%{?dist} +Release: 12%{?dist} License: GPLv2 Group: System Environment/Libraries URL: http://projects.autonomy.net.au/python-dmidecode/ @@ -22,6 +22,7 @@ Patch1: SIGILL-catcher.patch Patch2: dmispec-remove.patch # email: git postponed but planned for release Patch3: installed-invalid.patch +Patch4: 0001-Harden-dmi_string-calls-with-better-NULL-checks.patch %description python-dmidecode is a python extension module that uses the @@ -33,6 +34,7 @@ as python data structures or as XML data using libxml2. %patch1 -p1 -b .SIGILL-catcher %patch2 -p1 -b .dmispec-remove %patch3 -p1 -b .install-invalid +%patch4 -p1 %build make build @@ -60,6 +62,10 @@ rm -rf $RPM_BUILD_ROOT %{_datadir}/python-dmidecode/ %changelog +* Mon May 22 2017 Petr Oros - 3.10.13-12 +- Fix segfaults when reading invalid dmidecode data +- Resolves: #1431702 + * Fri Jan 24 2014 Daniel Mach - 3.10.13-11 - Mass rebuild 2014-01-24