rpms / ipmitool

Clone
Source Code
GIT

Blame SOURCES/0019-CVE-2020-5208_2.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8 c8-beta c8s c9 c9-beta
  1.   b8da7a277ca9ec3ebbae05436c3dddb4488b3f69
  2.   SOURCES
  3.   0019-CVE-2020-5208_2.patch
Blob History Raw
a9c4c9 
From eb7d138163c835ba5f4c34cd943c05b0e324bcc7 Mon Sep 17 00:00:00 2001
a9c4c9 
From: Vaclav Dolezal <vdolezal@redhat.com>
a9c4c9 
Date: Wed, 12 Feb 2020 15:20:32 +0100
a9c4c9 
Subject: [PATCH] Partial fix for CVE-2020-5208
a9c4c9
a9c4c9 
replacement for patch:
a9c4c9 
9452be8 channel: Fix buffer overflow
a9c4c9
a9c4c9 
Signed-off-by: Vaclav Dolezal <vdolezal@redhat.com>
a9c4c9 
---
a9c4c9 
 lib/ipmi_channel.c | 10 ++++++++++
a9c4c9 
 1 file changed, 10 insertions(+)
a9c4c9
a9c4c9 
diff --git a/lib/ipmi_channel.c b/lib/ipmi_channel.c
a9c4c9 
index e1fc75f..81ae82e 100644
a9c4c9 
--- a/lib/ipmi_channel.c
a9c4c9 
+++ b/lib/ipmi_channel.c
a9c4c9 
@@ -383,6 +383,11 @@ ipmi_get_channel_cipher_suites(struct ipmi_intf *intf, const char *payload_type,
a9c4c9 
 			val2str(rsp->ccode, completion_code_vals));
a9c4c9 
 		return -1;
a9c4c9 
 	}
a9c4c9 
+	if (rsp->data_len > 17) {
a9c4c9 
+		lprintf(LOG_ERR, "Get Channel Cipher Suites failed - "
a9c4c9 
+			"received invalid data");
a9c4c9 
+		return -1;
a9c4c9 
+	}
a9c4c9
a9c4c9
a9c4c9 
 	/*
a9c4c9 
@@ -418,6 +423,11 @@ ipmi_get_channel_cipher_suites(struct ipmi_intf *intf, const char *payload_type,
a9c4c9 
 					val2str(rsp->ccode, completion_code_vals));
a9c4c9 
 			return -1;
a9c4c9 
 		}
a9c4c9 
+		if (rsp->data_len > 17) {
a9c4c9 
+			lprintf(LOG_ERR, "Get Channel Cipher Suites failed - "
a9c4c9 
+					"received invalid data");
a9c4c9 
+			return -1;
a9c4c9 
+		}
a9c4c9 
 	}
a9c4c9
a9c4c9 
 	/* Copy last chunk */
a9c4c9 
--
a9c4c9 
2.20.1
a9c4c9

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation