import OpenIPMI-2.0.32-5.el9_4

c9 imports/c9/OpenIPMI-2.0.32-5.el9_4
MSVSphere Packaging Team 2 months ago
parent 3bbcfb3e6b
commit 49ff4ba0a8
Signed by: sys_gitsync
GPG Key ID: B2B0B9F29E528FE8

@ -0,0 +1,73 @@
diff --git a/lanserv/lanserv_ipmi.c b/lanserv/lanserv_ipmi.c
index ccd60015..e707454e 100644
--- a/lanserv/lanserv_ipmi.c
+++ b/lanserv/lanserv_ipmi.c
@@ -882,6 +882,12 @@ handle_temp_session(lanserv_data_t *lan, msg_t *msg)
}
auth = msg->data[0] & 0xf;
+ if (auth >= MAX_IPMI_AUTHS) {
+ lan->sysinfo->log(lan->sysinfo, NEW_SESSION_FAILED, msg,
+ "Activate session failed: Invalid auth: 0x%x", auth);
+ return;
+ }
+
user = &(lan->users[user_idx]);
if (! (user->valid)) {
lan->sysinfo->log(lan->sysinfo, NEW_SESSION_FAILED, msg,
@@ -3016,17 +3022,33 @@ ipmi_handle_lan_msg(lanserv_data_t *lan,
{
msg_t msg;
+ memset(&msg, 0, sizeof(msg));
+
msg.src_addr = from_addr;
msg.src_len = from_len;
msg.oem_data = 0;
+ msg.channel = lan->channel.channel_num;
+ msg.orig_channel = &lan->channel;
+
+ /*
+ * Initialize the data so the log won't crash if it gets called, and
+ * so the log might have useful info.
+ */
+ msg.data = data;
+ msg.len = len;
+
if (len < 5) {
lan->sysinfo->log(lan->sysinfo, LAN_ERR, &msg,
"LAN msg failure: message too short");
return;
}
+ /* Length is at least marginally correct, skip the first part now. */
+ msg.data = data + 5;
+ msg.len = len - 5;
+
if (data[2] != 0xff) {
lan->sysinfo->log(lan->sysinfo, LAN_ERR, &msg,
"LAN msg failure: seq not ff");
@@ -3034,17 +3056,15 @@ ipmi_handle_lan_msg(lanserv_data_t *lan,
}
msg.authtype = data[4];
- msg.data = data+5;
- msg.len = len - 5;
- msg.channel = lan->channel.channel_num;
- msg.orig_channel = &lan->channel;
-
if (msg.authtype == IPMI_AUTHTYPE_RMCP_PLUS) {
ipmi_handle_rmcpp_msg(lan, &msg);
+ } else if (msg.authtype >= MAX_IPMI_AUTHS) {
+ lan->sysinfo->log(lan->sysinfo, LAN_ERR, &msg,
+ "LAN msg failure: Invalid authtype: %d", data[4]);
+ return;
} else {
ipmi_handle_rmcp_msg(lan, &msg);
}
-
}
static void

@ -4,7 +4,7 @@ Summary: IPMI (Intelligent Platform Management Interface) library and tools
Name: OpenIPMI Name: OpenIPMI
Version: 2.0.32 Version: 2.0.32
Release: 3%{?dist} Release: 5%{?dist}
License: LGPLv2+ and GPLv2+ or BSD License: LGPLv2+ and GPLv2+ or BSD
URL: http://sourceforge.net/projects/openipmi/ URL: http://sourceforge.net/projects/openipmi/
Source: http://downloads.sourceforge.net/openipmi/%{name}-%{version}.tar.gz Source: http://downloads.sourceforge.net/openipmi/%{name}-%{version}.tar.gz
@ -13,6 +13,7 @@ Source2: openipmi-helper
Source3: ipmi.service Source3: ipmi.service
Patch1: 0001-man.patch Patch1: 0001-man.patch
Patch2: include-config-h-cmdlang.patch Patch2: include-config-h-cmdlang.patch
Patch3: OpenIPMI-CVE-2024-42934.patch
BuildRequires: make BuildRequires: make
BuildRequires: gdbm-devel swig glib2-devel net-snmp-devel ncurses-devel BuildRequires: gdbm-devel swig glib2-devel net-snmp-devel ncurses-devel
@ -201,6 +202,14 @@ echo ".so man1/openipmish.1" > %{buildroot}%{_mandir}/man1/ipmish.1
%{_mandir}/man5/ipmi_sim_cmd.5* %{_mandir}/man5/ipmi_sim_cmd.5*
%changelog %changelog
* Thu Oct 10 2024 Pavel Cahyna <pcahyna@redhat.com> - 2.0.32-5
- Update the patch for CVE-2024-42934 to add a missing upstream
commit from 2.0.36: 663e3cd3
* Thu Sep 26 2024 Pavel Cahyna <pcahyna@redhat.com> - 2.0.32-4
- Backport two commits from 2.0.36 to add checks in ipmi_sim
and ipmilan (CVE-2024-42934)
* Fri Jan 28 2022 Pavel Cahyna <pcahyna@redhat.com> - 2.0.32-3 * Fri Jan 28 2022 Pavel Cahyna <pcahyna@redhat.com> - 2.0.32-3
- Add a patch to resolve one more issue found by rpmdiff/rpminspect: - Add a patch to resolve one more issue found by rpmdiff/rpminspect:
fix getaddrinfo detection to avoid using gethostbyname. fix getaddrinfo detection to avoid using gethostbyname.

Loading…
Cancel
Save