Add the judgment on the validity of length in emu_cmd.c and session in lanserv_ipmi.c

2022-06-17 15:07:55 +08:00 · 2022-06-17 15:07:55 +08:00 · 1ce3d41c49
commit 1ce3d41c49
parent ae7aae1c4c
2 changed files with 48 additions and 1 deletions
--- a/OpenIPMI.spec
+++ b/OpenIPMI.spec
@ -1,6 +1,6 @@
 Name:       OpenIPMI
 Version:    2.0.31
-Release:    2
+Release:    3
 Summary:    IPMI (Intelligent Platform Management Interface) library and tools
 License:    LGPLv2+ and GPLv2+ or BSD
 URL:        https://sourceforge.net/projects/openipmi/
@ -12,6 +12,7 @@ Source3:    openipmi-helper
 Patch0:     0001-man.patch
 Patch1:     backport-OpenIPMI-ax-python.patch
 Patch2:     backport-OpenIPMI-sysconfig.patch
+Patch3:     backport-add-the-judgment-on-the-validity-of-length-and-session.patch

 BuildRequires:    gdbm-devel swig glib2-devel net-snmp-devel ncurses-devel
 BuildRequires:    openssl-devel python3-devel perl-devel perl-generators
@ -143,6 +144,12 @@ echo ".so man1/openipmish.1" > %{buildroot}%{_mandir}/man1/ipmish.1
 %exclude %{_mandir}/man1/openipmigui.1

 %changelog
+* Fri Jun 17 2022 gaihuiying <eaglegai@163.com> - 2.0.31-3
+- Type:bugfix
+- CVE:
+- SUG:NA
+- DESC:Add the judgment on the validity of length in emu_cmd.c and session in lanserv_ipmi.c
+
 * Wed Apr 20 2022 gaihuiying <eaglegai@163.com> - 2.0.31-2
 - Type:bugfix
 - Id:NA
--- a/backport-add-the-judgment-on-the-validity-of-length-and-session.patch
+++ b/backport-add-the-judgment-on-the-validity-of-length-and-session.patch
@ -0,0 +1,40 @@
+From 35525f7903bdbfe98c1b101f2c30afd78fbdda98 Mon Sep 17 00:00:00 2001
+From: zhangqiumiao <zhangqiumiao1@huawei.com>
+Date: Fri, 9 Apr 2021 15:26:54 +0800
+Subject: [PATCH] lanserv: Add the judgment on the validity of length in
+ emu_cmd.c and session in lanserv_ipmi.c
+
+---
+ lanserv/emu_cmd.c      | 3 +++
+ lanserv/lanserv_ipmi.c | 2 +-
+ 2 files changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/lanserv/emu_cmd.c b/lanserv/emu_cmd.c
+index ea3f8685..727bb0c8 100644
+--- a/lanserv/emu_cmd.c
+++ b/lanserv/emu_cmd.c
+@@ -913,6 +913,9 @@ mc_add_fru_data(emu_out_t *out, emu_data_t *emu, lmc_data_t *mc, char **toks)
+     if (rv)
+ 	return rv;
+ 
+    if (length > MAX_FRU_SIZE)
+	return EINVAL;
+
+     tok = mystrtok(NULL, " \t\n", toks);
+     if (!tok) {
+ 	out->eprintf(out, "**No FRU data type given");
+diff --git a/lanserv/lanserv_ipmi.c b/lanserv/lanserv_ipmi.c
+index 4005bcba..ccd60015 100644
+--- a/lanserv/lanserv_ipmi.c
+++ b/lanserv/lanserv_ipmi.c
+@@ -3143,7 +3143,7 @@ get_associated_mc(channel_t *chan, uint32_t session_id, unsigned int payload)
+     lanserv_data_t *lan = chan->chan_info;
+     session_t *session = sid_to_session(lan, session_id);
+ 
+-    if (payload >= LANSERV_NUM_CLOSERS)
+    if (payload >= LANSERV_NUM_CLOSERS || session == NULL)
+ 	return NULL;
+ 
+     return session->closers[payload].mc;
+-- 
+2.33.0