57 lines
1.5 KiB
Diff
57 lines
1.5 KiB
Diff
From 84c0bf52d15a6d9d4cb3a1369320b5d653217c6b Mon Sep 17 00:00:00 2001
|
|
From: Jean Delvare <jdelvare@suse.de>
|
|
Date: Mon, 20 Feb 2023 14:53:31 +0100
|
|
Subject: [PATCH] dmidecode: Do not let --dump-bin overwrite an existing file
|
|
|
|
Make sure that the file passed to option --dump-bin does not already
|
|
exist. In practice, it is rather unlikely that an honest user would
|
|
want to overwrite an existing dump file, while this possibility
|
|
could be used by a rogue user to corrupt a system file.
|
|
|
|
Signed-off-by: Jean Delvare <jdelvare@suse.de>
|
|
Reviewed-by: Jerry Hoemann <jerry.hoemann@hpe.com>
|
|
---
|
|
dmidecode.c | 14 ++++++++++++--
|
|
1 file changed, 12 insertions(+), 2 deletions(-)
|
|
|
|
diff --git a/dmidecode.c b/dmidecode.c
|
|
index 9d22b72..f4cde27 100644
|
|
--- a/dmidecode.c
|
|
+++ b/dmidecode.c
|
|
@@ -60,6 +60,7 @@
|
|
* https://www.dmtf.org/sites/default/files/DSP0270_1.0.1.pdf
|
|
*/
|
|
|
|
+#include <fcntl.h>
|
|
#include <stdio.h>
|
|
#include <string.h>
|
|
#include <strings.h>
|
|
@@ -5156,13 +5157,22 @@ static void dmi_table_string(const struct dmi_header *h, const u8 *data, u16 ver
|
|
static int dmi_table_dump(const u8 *ep, u32 ep_len, const u8 *table,
|
|
u32 table_len)
|
|
{
|
|
+ int fd;
|
|
FILE *f;
|
|
|
|
- f = fopen(opt.dumpfile, "wb");
|
|
+ fd = open(opt.dumpfile, O_WRONLY|O_CREAT|O_EXCL, 0666);
|
|
+ if (fd == -1)
|
|
+ {
|
|
+ fprintf(stderr, "%s: ", opt.dumpfile);
|
|
+ perror("open");
|
|
+ return -1;
|
|
+ }
|
|
+
|
|
+ f = fdopen(fd, "wb");
|
|
if (!f)
|
|
{
|
|
fprintf(stderr, "%s: ", opt.dumpfile);
|
|
- perror("fopen");
|
|
+ perror("fdopen");
|
|
return -1;
|
|
}
|
|
|
|
--
|
|
2.40.1
|
|
|