kpriv/pkgsrc
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
pkgsrc/sysutils/dmidecode
History
msaitoh ef37cd41df Add two officially recommended patch to sysutils/dmidecode 
2018-08-01: Avoid OOB read on invalid entry point length

	Don't let the entry point checksum verification run beyond the end
	of the buffer holding it (32 bytes). This bug was discovered by
	Lionel Debroux using the AFL fuzzer and AddressSanitizer.
	Signed-off-by: Jean Delvare <jdelvare@suse.de>

2018-08-01: Validate structure completeness before decoding

	Ensure that the whole DMI structure fits in the announced table
	length before performing any action on it. Otherwise we might end
	up reading beyond the end of our memory buffer. This bug was
	discovered by Lionel Debroux using the AFL fuzzer and
	AddressSanitizer. Its probability is very low, as it requires a DMI
	table corrupted in one of two very specific ways to trigger. This
	bug exists since dmidecode version 2.9, although it is hard to
	test because option --from-dump was only introduced in version
	2.10.
	Signed-off-by: Jean Delvare <jdelvare@suse.de>
2018-08-02 02:45:50 +00:00
..
patches
DESCR
distinfo Add two officially recommended patch to sysutils/dmidecode 2018-08-02 02:45:50 +00:00
Makefile Add two officially recommended patch to sysutils/dmidecode 2018-08-02 02:45:50 +00:00
PLIST