packages/OpenIPMI
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
OpenIPMI/backport-0001-CVE-2024-42934.patch
yangl777 1283a3cb97 fix CVE-2024-42934
2024-10-11 12:08:08 +00:00

47 lines
1.4 KiB
Diff
Raw Permalink Blame History

From b52e8e2538b2b48ef6b63bff12b5cc9e2d52eff1 Mon Sep 17 00:00:00 2001
From: Corey Minyard <minyard@acm.org>
Date: Mon, 29 Apr 2024 12:46:23 -0500
Subject: [PATCH] lanserv: Check some bounds on incoming messages
Signed-off-by: Corey Minyard <minyard@acm.org>
Reference:https://sourceforge.net/p/openipmi/code/ci/b52e8e2538b2b48ef6b63bff12b5cc9e2d52eff1/
Conflict:NA
---
lanserv/lanserv_ipmi.c | 11 +++++++++++
1 file changed, 11 insertions(+)
diff --git a/lanserv/lanserv_ipmi.c b/lanserv/lanserv_ipmi.c
index ccd6001..0ee6451 100644
--- a/lanserv/lanserv_ipmi.c
+++ b/lanserv/lanserv_ipmi.c
@@ -882,6 +882,12 @@ handle_temp_session(lanserv_data_t *lan, msg_t *msg)
}
auth = msg->data[0] & 0xf;
+ if (auth >= MAX_IPMI_AUTHS) {
+ lan->sysinfo->log(lan->sysinfo, NEW_SESSION_FAILED, msg,
+ "Activate session failed: Invalid auth: 0x%x", auth);
+ return;
+ }
+
user = &(lan->users[user_idx]);
if (! (user->valid)) {
lan->sysinfo->log(lan->sysinfo, NEW_SESSION_FAILED, msg,
@@ -3034,6 +3040,11 @@ ipmi_handle_lan_msg(lanserv_data_t *lan,
}
msg.authtype = data[4];
+ if (msg.authtype >= MAX_IPMI_AUTHS) {
+ lan->sysinfo->log(lan->sysinfo, LAN_ERR, &msg,
+ "LAN msg failure: Invalid authtype");
+ return;
+ }
msg.data = data+5;
msg.len = len - 5;
msg.channel = lan->channel.channel_num;
--
2.43.0
Reference in New Issue View Git Blame Copy Permalink