import OpenIPMI-2.0.32-5.el9_4

2 months ago · 49ff4ba0a8
parent 3bbcfb3e6b
commit 49ff4ba0a8
2 changed files with 83 additions and 1 deletions
--- a/SOURCES/OpenIPMI-CVE-2024-42934.patch
+++ b/SOURCES/OpenIPMI-CVE-2024-42934.patch
@ -0,0 +1,73 @@
+diff --git a/lanserv/lanserv_ipmi.c b/lanserv/lanserv_ipmi.c
+index ccd60015..e707454e 100644
+--- a/lanserv/lanserv_ipmi.c
+++ b/lanserv/lanserv_ipmi.c
+@@ -882,6 +882,12 @@ handle_temp_session(lanserv_data_t *lan, msg_t *msg)
+     }
+ 
+     auth = msg->data[0] & 0xf;
+    if (auth >= MAX_IPMI_AUTHS) {
+	lan->sysinfo->log(lan->sysinfo, NEW_SESSION_FAILED, msg,
+		 "Activate session failed: Invalid auth: 0x%x", auth);
+	return;
+    }
+
+     user = &(lan->users[user_idx]);
+     if (! (user->valid)) {
+ 	lan->sysinfo->log(lan->sysinfo, NEW_SESSION_FAILED, msg,
+@@ -3016,17 +3022,33 @@ ipmi_handle_lan_msg(lanserv_data_t *lan,
+ {
+     msg_t   msg;
+ 
+    memset(&msg, 0, sizeof(msg));
+
+     msg.src_addr = from_addr;
+     msg.src_len = from_len;
+ 
+     msg.oem_data = 0;
+ 
+    msg.channel = lan->channel.channel_num;
+    msg.orig_channel = &lan->channel;
+
+    /*
+     * Initialize the data so the log won't crash if it gets called, and
+     * so the log might have useful info.
+     */
+    msg.data = data;
+    msg.len = len;
+
+     if (len < 5) {
+ 	lan->sysinfo->log(lan->sysinfo, LAN_ERR, &msg,
+ 		 "LAN msg failure: message too short");
+ 	return;
+     }
+ 
+    /* Length is at least marginally correct, skip the first part now. */
+    msg.data = data + 5;
+    msg.len = len - 5;
+
+     if (data[2] != 0xff) {
+ 	lan->sysinfo->log(lan->sysinfo, LAN_ERR, &msg,
+ 		 "LAN msg failure: seq not ff");
+@@ -3034,17 +3056,15 @@ ipmi_handle_lan_msg(lanserv_data_t *lan,
+     }
+ 
+     msg.authtype = data[4];
+-    msg.data = data+5;
+-    msg.len = len - 5;
+-    msg.channel = lan->channel.channel_num;
+-    msg.orig_channel = &lan->channel;
+-
+     if (msg.authtype == IPMI_AUTHTYPE_RMCP_PLUS) {
+ 	ipmi_handle_rmcpp_msg(lan, &msg);
+    } else if (msg.authtype >= MAX_IPMI_AUTHS) {
+	lan->sysinfo->log(lan->sysinfo, LAN_ERR, &msg,
+			  "LAN msg failure: Invalid authtype: %d", data[4]);
+	return;
+     } else {
+ 	ipmi_handle_rmcp_msg(lan, &msg);
+     }
+-
+ }
+ 
+ static void
--- a/SPECS/OpenIPMI.spec
+++ b/SPECS/OpenIPMI.spec
@ -4,7 +4,7 @@ Summary: IPMI (Intelligent Platform Management Interface) library and tools
 Name: OpenIPMI

 Version:    2.0.32
-Release:    3%{?dist}
+Release:    5%{?dist}
 License:    LGPLv2+ and GPLv2+ or BSD
 URL:        http://sourceforge.net/projects/openipmi/
 Source:     http://downloads.sourceforge.net/openipmi/%{name}-%{version}.tar.gz
@ -13,6 +13,7 @@ Source2:    openipmi-helper
 Source3:    ipmi.service
 Patch1:     0001-man.patch
 Patch2:     include-config-h-cmdlang.patch
+Patch3:     OpenIPMI-CVE-2024-42934.patch

 BuildRequires: make
 BuildRequires:    gdbm-devel swig glib2-devel net-snmp-devel ncurses-devel
@ -201,6 +202,14 @@ echo ".so man1/openipmish.1" > %{buildroot}%{_mandir}/man1/ipmish.1
 %{_mandir}/man5/ipmi_sim_cmd.5*

 %changelog
+* Thu Oct 10 2024 Pavel Cahyna <pcahyna@redhat.com> - 2.0.32-5
+- Update the patch for CVE-2024-42934 to add a missing upstream
+  commit from 2.0.36: 663e3cd3
+
+* Thu Sep 26 2024 Pavel Cahyna <pcahyna@redhat.com> - 2.0.32-4
+- Backport two commits from 2.0.36 to add checks in ipmi_sim
+  and ipmilan (CVE-2024-42934)
+
 * Fri Jan 28 2022 Pavel Cahyna <pcahyna@redhat.com> - 2.0.32-3
 - Add a patch to resolve one more issue found by rpmdiff/rpminspect:
  fix getaddrinfo detection to avoid using gethostbyname.