OpenIPMI/backport-0003-CVE-2024-42934.patch

From 4c129d0540f3578ecc078d8612bbf84b6cd24c87 Mon Sep 17 00:00:00 2001
From: Corey Minyard <corey@minyard.net>
Date: Thu, 1 Aug 2024 10:56:06 -0500
Subject: [PATCH] lanserv: Fix an issue with authorization range checking
 
A recent change added a range check on authorization type, but it didn't
take into account the RMCP authorization type that's special.  Add a
check for that.
 
Fixes: b52e8e2538b2b48ef6b6 "lanserv: Check some bounds on incoming messages"
 
Signed-off-by: Corey Minyard <corey@minyard.net>
 
Reference:https://sourceforge.net/p/openipmi/code/ci/4c129d0540f3578ecc078d8612bbf84b6cd24c87/
Conflict:NA

---
 lanserv/lanserv_ipmi.c | 11 ++++-------
 1 file changed, 4 insertions(+), 7 deletions(-)

diff --git a/lanserv/lanserv_ipmi.c b/lanserv/lanserv_ipmi.c
index 1ef5710..5de396e 100644
--- a/lanserv/lanserv_ipmi.c
+++ b/lanserv/lanserv_ipmi.c
@@ -3056,18 +3056,15 @@ ipmi_handle_lan_msg(lanserv_data_t *lan,
     }
 
     msg.authtype = data[4];
-    if (msg.authtype >= MAX_IPMI_AUTHS) {
-       lan->sysinfo->log(lan->sysinfo, LAN_ERR, &msg,
-                "LAN msg failure: Invalid authtype");
-       return;
-    }
-
     if (msg.authtype == IPMI_AUTHTYPE_RMCP_PLUS) {
 	ipmi_handle_rmcpp_msg(lan, &msg);
+    } else if (msg.authtype >= MAX_IPMI_AUTHS) {
+       lan->sysinfo->log(lan->sysinfo, LAN_ERR, &msg,
+                         "LAN msg failure: Invalid authtype: %d", data[4]);
+       return;
     } else {
 	ipmi_handle_rmcp_msg(lan, &msg);
     }
-
 }
 
 static void
-- 
2.43.0
fix CVE-2024-42934 2024-10-11 12:08:08 +00:00			`From 4c129d0540f3578ecc078d8612bbf84b6cd24c87 Mon Sep 17 00:00:00 2001`
			`From: Corey Minyard <corey@minyard.net>`
			`Date: Thu, 1 Aug 2024 10:56:06 -0500`
			`Subject: [PATCH] lanserv: Fix an issue with authorization range checking`

			`A recent change added a range check on authorization type, but it didn't`
			`take into account the RMCP authorization type that's special. Add a`
			`check for that.`

			`Fixes: b52e8e2538b2b48ef6b6 "lanserv: Check some bounds on incoming messages"`

			`Signed-off-by: Corey Minyard <corey@minyard.net>`

			`Reference:https://sourceforge.net/p/openipmi/code/ci/4c129d0540f3578ecc078d8612bbf84b6cd24c87/`
			`Conflict:NA`

			`---`
			`lanserv/lanserv_ipmi.c \| 11 ++++-------`
			`1 file changed, 4 insertions(+), 7 deletions(-)`

			`diff --git a/lanserv/lanserv_ipmi.c b/lanserv/lanserv_ipmi.c`
			`index 1ef5710..5de396e 100644`
			`--- a/lanserv/lanserv_ipmi.c`
			`+++ b/lanserv/lanserv_ipmi.c`
			`@@ -3056,18 +3056,15 @@ ipmi_handle_lan_msg(lanserv_data_t *lan,`
			`}`

			`msg.authtype = data[4];`
			`- if (msg.authtype >= MAX_IPMI_AUTHS) {`
			`- lan->sysinfo->log(lan->sysinfo, LAN_ERR, &msg,`
			`- "LAN msg failure: Invalid authtype");`
			`- return;`
			`- }`
			`-`
			`if (msg.authtype == IPMI_AUTHTYPE_RMCP_PLUS) {`
			`ipmi_handle_rmcpp_msg(lan, &msg);`
			`+ } else if (msg.authtype >= MAX_IPMI_AUTHS) {`
			`+ lan->sysinfo->log(lan->sysinfo, LAN_ERR, &msg,`
			`+ "LAN msg failure: Invalid authtype: %d", data[4]);`
			`+ return;`
			`} else {`
			`ipmi_handle_rmcp_msg(lan, &msg);`
			`}`
			`-`
			`}`

			`static void`
			`--`
			`2.43.0`