Compare commits

...

No commits in common. 'i9c-beta' and 'c9' have entirely different histories.
i9c-beta ... c9

@ -1 +1 @@
a7b8b581a32b649cbf5bc79926f97d59919c5b79 SOURCES/OpenIPMI-2.0.36.tar.gz 73d7dce4312b006983b11367e4a43d4ec52cf888 SOURCES/OpenIPMI-2.0.32.tar.gz

2
.gitignore vendored

@ -1 +1 @@
SOURCES/OpenIPMI-2.0.36.tar.gz SOURCES/OpenIPMI-2.0.32.tar.gz

@ -0,0 +1,73 @@
diff --git a/lanserv/lanserv_ipmi.c b/lanserv/lanserv_ipmi.c
index ccd60015..e707454e 100644
--- a/lanserv/lanserv_ipmi.c
+++ b/lanserv/lanserv_ipmi.c
@@ -882,6 +882,12 @@ handle_temp_session(lanserv_data_t *lan, msg_t *msg)
}
auth = msg->data[0] & 0xf;
+ if (auth >= MAX_IPMI_AUTHS) {
+ lan->sysinfo->log(lan->sysinfo, NEW_SESSION_FAILED, msg,
+ "Activate session failed: Invalid auth: 0x%x", auth);
+ return;
+ }
+
user = &(lan->users[user_idx]);
if (! (user->valid)) {
lan->sysinfo->log(lan->sysinfo, NEW_SESSION_FAILED, msg,
@@ -3016,17 +3022,33 @@ ipmi_handle_lan_msg(lanserv_data_t *lan,
{
msg_t msg;
+ memset(&msg, 0, sizeof(msg));
+
msg.src_addr = from_addr;
msg.src_len = from_len;
msg.oem_data = 0;
+ msg.channel = lan->channel.channel_num;
+ msg.orig_channel = &lan->channel;
+
+ /*
+ * Initialize the data so the log won't crash if it gets called, and
+ * so the log might have useful info.
+ */
+ msg.data = data;
+ msg.len = len;
+
if (len < 5) {
lan->sysinfo->log(lan->sysinfo, LAN_ERR, &msg,
"LAN msg failure: message too short");
return;
}
+ /* Length is at least marginally correct, skip the first part now. */
+ msg.data = data + 5;
+ msg.len = len - 5;
+
if (data[2] != 0xff) {
lan->sysinfo->log(lan->sysinfo, LAN_ERR, &msg,
"LAN msg failure: seq not ff");
@@ -3034,17 +3056,15 @@ ipmi_handle_lan_msg(lanserv_data_t *lan,
}
msg.authtype = data[4];
- msg.data = data+5;
- msg.len = len - 5;
- msg.channel = lan->channel.channel_num;
- msg.orig_channel = &lan->channel;
-
if (msg.authtype == IPMI_AUTHTYPE_RMCP_PLUS) {
ipmi_handle_rmcpp_msg(lan, &msg);
+ } else if (msg.authtype >= MAX_IPMI_AUTHS) {
+ lan->sysinfo->log(lan->sysinfo, LAN_ERR, &msg,
+ "LAN msg failure: Invalid authtype: %d", data[4]);
+ return;
} else {
ipmi_handle_rmcp_msg(lan, &msg);
}
-
}
static void

@ -3,8 +3,8 @@
Summary: IPMI (Intelligent Platform Management Interface) library and tools Summary: IPMI (Intelligent Platform Management Interface) library and tools
Name: OpenIPMI Name: OpenIPMI
Version: 2.0.36 Version: 2.0.32
Release: 1%{?dist} Release: 5%{?dist}
License: LGPLv2+ and GPLv2+ or BSD License: LGPLv2+ and GPLv2+ or BSD
URL: http://sourceforge.net/projects/openipmi/ URL: http://sourceforge.net/projects/openipmi/
Source: http://downloads.sourceforge.net/openipmi/%{name}-%{version}.tar.gz Source: http://downloads.sourceforge.net/openipmi/%{name}-%{version}.tar.gz
@ -13,6 +13,7 @@ Source2: openipmi-helper
Source3: ipmi.service Source3: ipmi.service
Patch1: 0001-man.patch Patch1: 0001-man.patch
Patch2: include-config-h-cmdlang.patch Patch2: include-config-h-cmdlang.patch
Patch3: OpenIPMI-CVE-2024-42934.patch
BuildRequires: make BuildRequires: make
BuildRequires: gdbm-devel swig glib2-devel net-snmp-devel ncurses-devel BuildRequires: gdbm-devel swig glib2-devel net-snmp-devel ncurses-devel
@ -201,11 +202,13 @@ echo ".so man1/openipmish.1" > %{buildroot}%{_mandir}/man1/ipmish.1
%{_mandir}/man5/ipmi_sim_cmd.5* %{_mandir}/man5/ipmi_sim_cmd.5*
%changelog %changelog
* Mon Oct 07 2024 MSVSphere Packaging Team <packager@msvsphere-os.ru> - 2.0.36-1 * Thu Oct 10 2024 Pavel Cahyna <pcahyna@redhat.com> - 2.0.32-5
- Rebuilt for MSVSphere 9.5 beta - Update the patch for CVE-2024-42934 to add a missing upstream
commit from 2.0.36: 663e3cd3
* Mon Aug 26 2024 Pavel Cahyna <pcahyna@redhat.com> - 2.0.36-1 * Thu Sep 26 2024 Pavel Cahyna <pcahyna@redhat.com> - 2.0.32-4
- Update to 2.0.36 - Backport two commits from 2.0.36 to add checks in ipmi_sim
and ipmilan (CVE-2024-42934)
* Fri Jan 28 2022 Pavel Cahyna <pcahyna@redhat.com> - 2.0.32-3 * Fri Jan 28 2022 Pavel Cahyna <pcahyna@redhat.com> - 2.0.32-3
- Add a patch to resolve one more issue found by rpmdiff/rpminspect: - Add a patch to resolve one more issue found by rpmdiff/rpminspect:

Loading…
Cancel
Save