From d6987c53d3648d85e410ef81a343867e239eb960 Mon Sep 17 00:00:00 2001 From: David Sommerseth Date: Thu, 6 Jan 2011 15:56:24 +0100 Subject: [PATCH 1/1] Harden dmi_string() calls with better NULL checks This patch fixes more potential issues where dmi_string() results was not necessarily checked for NULL, which potentially could lead to SEGV issues. Signed-off-by: David Sommerseth --- src/dmidecode.c | 23 ++++++++++++++++------- src/dmioem.c | 13 +++++++++++-- src/dmioem.h | 2 +- 3 files changed, 28 insertions(+), 10 deletions(-) diff --git a/src/dmidecode.c b/src/dmidecode.c index 726b2de..17f2130 100644 --- a/src/dmidecode.c +++ b/src/dmidecode.c @@ -918,6 +918,11 @@ void dmi_processor_family(xmlNode *node, const struct dmi_header *h) /* Special case for ambiguous value 0xBE */ if(code == 0xBE) { const char *manufacturer = dmi_string(h, data[0x07]); + + if( manufacturer == NULL ) { + dmixml_AddTextContent(family_n, "Core 2 or K7 (Unkown manufacturer)"); + return; + } /* Best bet based on manufacturer string */ if(strstr(manufacturer, "Intel") != NULL || @@ -931,7 +935,7 @@ void dmi_processor_family(xmlNode *node, const struct dmi_header *h) dmixml_AddTextContent(family_n, "K7"); return; } - dmixml_AddTextContent(family_n, "Core 2 or K7"); + dmixml_AddTextContent(family_n, "Core 2 or K7 (Unkown manufacturer)"); return; } @@ -959,7 +963,7 @@ void dmi_processor_family(xmlNode *node, const struct dmi_header *h) dmixml_AddAttribute(family_n, "outofspec", "1"); } -xmlNode *dmi_processor_id(xmlNode *node, u8 type, const u8 * p, const char *version) +xmlNode *dmi_processor_id(xmlNode *node, const struct dmi_header *h) { /* Intel AP-485 revision 31, table 3-4 */ static struct _cpuflags { @@ -1001,11 +1005,18 @@ xmlNode *dmi_processor_id(xmlNode *node, u8 type, const u8 * p, const char *vers {"PBE", "PBE (Pending break enabled)"} /* 31 */ /* *INDENT-ON* */ }; + u8 type, *p = NULL; + char *version = NULL; xmlNode *flags_n = NULL; xmlNode *data_n = xmlNewChild(node, NULL, (xmlChar *) "CPUCore", NULL); assert( data_n != NULL ); + assert( h && h->data ); + type = h->data[0x06]; + p = h->data + 8; + version = dmi_string(h, h->data[0x10]); + /* ** Extra flags are now returned in the ECX register when one calls ** the CPUID instruction. Their meaning is explained in table 3-5, but @@ -3878,7 +3889,7 @@ xmlNode *dmi_decode(xmlNode *prnt_n, dmi_codes_major *dmiMajor, struct dmi_heade dmi_processor_type(sect_n, data[0x05]); dmi_processor_family(sect_n, h); - dmi_processor_id(sect_n, data[0x06], data + 8, dmi_string(h, data[0x10])); + dmi_processor_id(sect_n, h); sub_n = xmlNewChild(sect_n, NULL, (xmlChar *) "Manufacturer", NULL); assert( sub_n != NULL ); @@ -4899,7 +4909,7 @@ static void dmi_table(Log_t *logp, int type, u32 base, u16 len, u16 num, u16 ver /* assign vendor for vendor-specific decodes later */ if(h.type == 0 && h.length >= 5) { - dmi_set_vendor(dmi_string(&h, data[0x04])); + dmi_set_vendor(&h); } /* look for the next handle */ diff --git a/src/dmioem.c b/src/dmioem.c index 361810a..67cd517 100644 --- a/src/dmioem.c +++ b/src/dmioem.c @@ -40,10 +40,19 @@ static enum DMI_VENDORS dmi_vendor = VENDOR_UNKNOWN; * value if we know how to decode at least one specific entry type for * that vendor. */ -void dmi_set_vendor(const char *s) +void dmi_set_vendor(const struct dmi_header *h) { - if(strcmp(s, "HP") == 0) + const char *vendor; + + if( !h || !h->data ) { + return; + } + vendor = dmi_string(h, h->data[0x04]); + if( !vendor ) { + return; + } else if(strcmp(vendor, "HP") == 0) { dmi_vendor = VENDOR_HP; + } } /* diff --git a/src/dmioem.h b/src/dmioem.h index b1b4af8..9ad25bf 100644 --- a/src/dmioem.h +++ b/src/dmioem.h @@ -22,5 +22,5 @@ struct dmi_header; -void dmi_set_vendor(const char *s); +void dmi_set_vendor(const struct dmi_header *h); int dmi_decode_oem(struct dmi_header *h); -- 1.8.3.1