From eb7d138163c835ba5f4c34cd943c05b0e324bcc7 Mon Sep 17 00:00:00 2001
From: Vaclav Dolezal <vdolezal@redhat.com>
Date: Wed, 12 Feb 2020 15:20:32 +0100
Subject: [PATCH] Partial fix for CVE-2020-5208
replacement for patch:
9452be8 channel: Fix buffer overflow
Signed-off-by: Vaclav Dolezal <vdolezal@redhat.com>
---
lib/ipmi_channel.c | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/lib/ipmi_channel.c b/lib/ipmi_channel.c
index e1fc75f..81ae82e 100644
--- a/lib/ipmi_channel.c
+++ b/lib/ipmi_channel.c
@@ -383,6 +383,11 @@ ipmi_get_channel_cipher_suites(struct ipmi_intf *intf, const char *payload_type,
val2str(rsp->ccode, completion_code_vals));
return -1;
}
+ if (rsp->data_len > 17) {
+ lprintf(LOG_ERR, "Get Channel Cipher Suites failed - "
+ "received invalid data");
+ return -1;
+ }
/*
@@ -418,6 +423,11 @@ ipmi_get_channel_cipher_suites(struct ipmi_intf *intf, const char *payload_type,
val2str(rsp->ccode, completion_code_vals));
return -1;
}
+ if (rsp->data_len > 17) {
+ lprintf(LOG_ERR, "Get Channel Cipher Suites failed - "
+ "received invalid data");
+ return -1;
+ }
}
/* Copy last chunk */
--
2.20.1