Blob Blame History Raw
From eb7d138163c835ba5f4c34cd943c05b0e324bcc7 Mon Sep 17 00:00:00 2001
From: Vaclav Dolezal <vdolezal@redhat.com>
Date: Wed, 12 Feb 2020 15:20:32 +0100
Subject: [PATCH] Partial fix for CVE-2020-5208

replacement for patch:
9452be8 channel: Fix buffer overflow

Signed-off-by: Vaclav Dolezal <vdolezal@redhat.com>
---
 lib/ipmi_channel.c | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/lib/ipmi_channel.c b/lib/ipmi_channel.c
index e1fc75f..81ae82e 100644
--- a/lib/ipmi_channel.c
+++ b/lib/ipmi_channel.c
@@ -383,6 +383,11 @@ ipmi_get_channel_cipher_suites(struct ipmi_intf *intf, const char *payload_type,
 			val2str(rsp->ccode, completion_code_vals));
 		return -1;
 	}
+	if (rsp->data_len > 17) {
+		lprintf(LOG_ERR, "Get Channel Cipher Suites failed - "
+			"received invalid data");
+		return -1;
+	}
 
 
 	/*
@@ -418,6 +423,11 @@ ipmi_get_channel_cipher_suites(struct ipmi_intf *intf, const char *payload_type,
 					val2str(rsp->ccode, completion_code_vals));
 			return -1;
 		}
+		if (rsp->data_len > 17) {
+			lprintf(LOG_ERR, "Get Channel Cipher Suites failed - "
+					"received invalid data");
+			return -1;
+		}
 	}
 
 	/* Copy last chunk */
-- 
2.20.1