1 files changed, 52 insertions, 0 deletions

diff --git a/source/ap/dmidecode/patches/0009-dmidecode-Check-sysfs-entry-point-length.patch b/source/ap/dmidecode/patches/0009-dmidecode-Check-sysfs-entry-point-length.patch
new file mode 100644
index 000000000..6af8b3221
--- /dev/null
+++ b/source/ap/dmidecode/patches/0009-dmidecode-Check-sysfs-entry-point-length.patch
@@ -0,0 +1,52 @@
+From e5c73239404931d4d1b73eb595c3802fbce74c61 Mon Sep 17 00:00:00 2001
+From: Jean Delvare <jdelvare@suse.de>
+Date: Mon, 2 Nov 2015 09:45:36 +0100
+Subject: [PATCH 9/9] dmidecode: Check sysfs entry point length
+
+Before passing the sysfs entry point data over for decoding, check
+that its length meets the expectations.
+---
+ CHANGELOG   | 1 +
+ dmidecode.c | 6 +++---
+ 2 files changed, 4 insertions(+), 3 deletions(-)
+
+diff --git a/CHANGELOG b/CHANGELOG
+index fcfc244..ba61cab 100644
+--- a/CHANGELOG
++++ b/CHANGELOG
+@@ -5,6 +5,7 @@
+ 	* dmidecode.c: Use read_file to read the DMI table from sysfs.
+ 	  This fixes Savannah bug #46176:
+ 	  https://savannah.nongnu.org/bugs/?46176
++	* dmidecode.c: Check the sysfs entry point length.
+ 
+ 2015-10-21  Xie XiuQi  <xiexiuqi@huawei.com>
+ 
+diff --git a/dmidecode.c b/dmidecode.c
+index 16d1823..b47c469 100644
+--- a/dmidecode.c
++++ b/dmidecode.c
+@@ -4840,17 +4840,17 @@ int main(int argc, char * const argv[])
+ 	{
+ 		if (!(opt.flags & FLAG_QUIET))
+ 			printf("Getting SMBIOS data from sysfs.\n");
+-		if (memcmp(buf, "_SM3_", 5) == 0)
++		if (size >= 24 && memcmp(buf, "_SM3_", 5) == 0)
+ 		{
+ 			if (smbios3_decode(buf, SYS_TABLE_FILE, FLAG_NO_FILE_OFFSET))
+ 				found++;
+ 		}
+-		else if (memcmp(buf, "_SM_", 4) == 0)
++		else if (size >= 31 && memcmp(buf, "_SM_", 4) == 0)
+ 		{
+ 			if (smbios_decode(buf, SYS_TABLE_FILE, FLAG_NO_FILE_OFFSET))
+ 				found++;
+ 		}
+-		else if (memcmp(buf, "_DMI_", 5) == 0)
++		else if (size >= 15 && memcmp(buf, "_DMI_", 5) == 0)
+ 		{
+ 			if (legacy_decode(buf, SYS_TABLE_FILE, FLAG_NO_FILE_OFFSET))
+ 				found++;
+-- 
+2.6.4
+