diff options
author | Jean Delvare <jdelvare@suse.de> | 2023-02-20 14:53:31 +0100 |
---|---|---|
committer | Jean Delvare <jdelvare@suse.de> | 2023-02-20 14:53:31 +0100 |
commit | 6ca381c1247c81f74e1ca4e7706f70bdda72e6f2 (patch) | |
tree | d9b660b6bf46bc3c10eb23ff8b0d2ceb354f126b | |
parent | d8cfbc808f387e87091c25e7d5b8c2bb348bb206 (diff) | |
download | dmidecode-git-6ca381c1247c81f74e1ca4e7706f70bdda72e6f2.tar.gz |
dmidecode: Do not let --dump-bin overwrite an existing file
Make sure that the file passed to option --dump-bin does not already
exist. In practice, it is rather unlikely that an honest user would
want to overwrite an existing dump file, while this possibility
could be used by a rogue user to corrupt a system file.
Signed-off-by: Jean Delvare <jdelvare@suse.de>
Reviewed-by: Jerry Hoemann <jerry.hoemann@hpe.com>
-rw-r--r-- | dmidecode.c | 14 | ||||
-rw-r--r-- | man/dmidecode.8 | 3 |
2 files changed, 14 insertions, 3 deletions
diff --git a/dmidecode.c b/dmidecode.c index 6e7be63..82efa2d 100644 --- a/dmidecode.c +++ b/dmidecode.c @@ -60,6 +60,7 @@ * https://www.dmtf.org/sites/default/files/DSP0270_1.0.1.pdf */ +#include <fcntl.h> #include <stdio.h> #include <string.h> #include <strings.h> @@ -5412,13 +5413,22 @@ static void dmi_table_string(const struct dmi_header *h, const u8 *data, u16 ver static int dmi_table_dump(const u8 *ep, u32 ep_len, const u8 *table, u32 table_len) { + int fd; FILE *f; - f = fopen(opt.dumpfile, "wb"); + fd = open(opt.dumpfile, O_WRONLY|O_CREAT|O_EXCL, 0666); + if (fd == -1) + { + fprintf(stderr, "%s: ", opt.dumpfile); + perror("open"); + return -1; + } + + f = fdopen(fd, "wb"); if (!f) { fprintf(stderr, "%s: ", opt.dumpfile); - perror("fopen"); + perror("fdopen"); return -1; } diff --git a/man/dmidecode.8 b/man/dmidecode.8 index 62aa304..83affc2 100644 --- a/man/dmidecode.8 +++ b/man/dmidecode.8 @@ -1,4 +1,4 @@ -.TH DMIDECODE 8 "January 2019" "dmidecode" +.TH DMIDECODE 8 "February 2023" "dmidecode" .\" .SH NAME dmidecode \- \s-1DMI\s0 table decoder @@ -164,6 +164,7 @@ hexadecimal and \s-1ASCII\s0. This option is mainly useful for debugging. Do not decode the entries, instead dump the DMI data to a file in binary form. The generated file is suitable to pass to \fB--from-dump\fP later. +\fIFILE\fP must not exist. .TP .BR " " " " "--from-dump \fIFILE\fP" Read the DMI data from a binary file previously generated using |