From e5c73239404931d4d1b73eb595c3802fbce74c61 Mon Sep 17 00:00:00 2001

From: Jean Delvare <jdelvare@suse.de>

Date: Mon, 2 Nov 2015 09:45:36 +0100

Subject: [PATCH 9/9] dmidecode: Check sysfs entry point length

Before passing the sysfs entry point data over for decoding, check

that its length meets the expectations.

---

 CHANGELOG   | 1 +

 dmidecode.c | 6 +++---

 2 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/CHANGELOG b/CHANGELOG

index fcfc244..ba61cab 100644

--- a/CHANGELOG

+++ b/CHANGELOG

@@ -5,6 +5,7 @@

 	* dmidecode.c: Use read_file to read the DMI table from sysfs.

 	  This fixes Savannah bug #46176:

 	  https://savannah.nongnu.org/bugs/?46176

+	* dmidecode.c: Check the sysfs entry point length.

 2015-10-21  Xie XiuQi  <xiexiuqi@huawei.com>

diff --git a/dmidecode.c b/dmidecode.c

index 16d1823..b47c469 100644

--- a/dmidecode.c

+++ b/dmidecode.c

@@ -4840,17 +4840,17 @@ int main(int argc, char * const argv[])

 	{

 		if (!(opt.flags & FLAG_QUIET))

 			printf("Getting SMBIOS data from sysfs.\n");

-		if (memcmp(buf, "_SM3_", 5) == 0)

+		if (size >= 24 && memcmp(buf, "_SM3_", 5) == 0)

 		{

 			if (smbios3_decode(buf, SYS_TABLE_FILE, FLAG_NO_FILE_OFFSET))

 				found++;

 		}

-		else if (memcmp(buf, "_SM_", 4) == 0)

+		else if (size >= 31 && memcmp(buf, "_SM_", 4) == 0)

 		{

 			if (smbios_decode(buf, SYS_TABLE_FILE, FLAG_NO_FILE_OFFSET))

 				found++;

 		}

-		else if (memcmp(buf, "_DMI_", 5) == 0)

+		else if (size >= 15 && memcmp(buf, "_DMI_", 5) == 0)

 		{

 			if (legacy_decode(buf, SYS_TABLE_FILE, FLAG_NO_FILE_OFFSET))

 				found++;

-- 

2.5.0