Project

General

Profile

Actions
Copy link

Bug #14233

closed

smbios_info_chassis calculates sku number incorrectly

Added by Robert Mustacchi 7 months ago. Updated 6 months ago.

Status:
Closed
Priority:
Normal
Assignee:
Robert Mustacchi
Category:
lib - userland libraries
Start date:
Due date:
% Done:

100%

Estimated time:
Difficulty:
Medium
Tags:
Gerrit CR:
1796

Description

#13560 added support for sanitizing strings in the face of bad data. However, I found one case with the smbios_chassis_t that didn't quite add up while figuring out some other issues with it. The fundamental problem here is that the logic in smbios_info_chassis for some reason didn't really internalize the format of strings in SMBIOS. In tables, strings are always a single uint8_t value that indicates an index in a series of null-terminated values that follow the table. Here's an example of such a mis-interpreted table:

$ smbios -t3
ID    SIZE TYPE
3     128  SMB_TYPE_CHASSIS (type 3) (system enclosure or chassis)

  Manufacturer: To be filled by O.E.M.
  Version: To be filled by O.E.M.
  Serial Number: To be filled by O.E.M.
  Asset Tag: To be filled by O.E.M.

  OEM Data: 0x0
  SKU Number: \x05
  Lock Present: N
  Chassis Type: 0x11 (main server chassis)
  Boot-Up State: 0x3 (safe)
  Power Supply State: 0x3 (safe)
  Thermal State: 0x3 (safe)
  Chassis Height: 0u
  Power Cords: 1
  Element Records: 0

This happened because the code just tried to strlcpy this offset. As such, we'd always get a low, invalid character (which is partly what motivated #13560) and this would usually terminate as we hit an end of table nul character.

The fix here is to actually use the smb_strptr routine to find the string. As part of this I also changed the exposed structure to just be a const char * like everything else. This takes effect in library version 3.5, so older things will be ok. With this fixed, you now see:

$ ./smbios -t3
ID    SIZE TYPE
3     128  SMB_TYPE_CHASSIS (type 3) (system enclosure or chassis)

  Manufacturer: To be filled by O.E.M.
  Version: To be filled by O.E.M.
  Serial Number: To be filled by O.E.M.
  Asset Tag: To be filled by O.E.M.

  OEM Data: 0x0
  SKU Number: Default string
  Lock Present: N
  Chassis Type: 0x11 (main server chassis)
  Boot-Up State: 0x3 (safe)
  Power Supply State: 0x3 (safe)
  Thermal State: 0x3 (safe)
  Chassis Height: 0u
  Power Cords: 1
  Element Records: 0

Which looks a lot better.

Actions
Copy link
 #1

Updated by Electric Monk 6 months ago

  • Gerrit CR set to 1796
Actions
Copy link
 #2

Updated by Electric Monk 6 months ago

  • Status changed from New to Closed
  • % Done changed from 0 to 100

git commit d53cdfab6d4896af92b7a3df87a26060caf179ae

commit  d53cdfab6d4896af92b7a3df87a26060caf179ae
Author: Robert Mustacchi <rm@fingolfin.org>
Date:   2021-11-19T01:47:24.000Z

    14231 want support for SMBIOS 3.5
    14232 several smbios_info_* routines don't check for bad ids
    14233 smbios_info_chassis calculates sku number incorrectly
    14234 smbios chassis elements need work
    Reviewed by: Yuri Pankov <ypankov@tintri.com>
    Reviewed by: Toomas Soome <tsoome@me.com>
    Approved by: Rich Lowe <richlowe@richlowe.net>

Actions
Copy link

Also available in: Atom PDF