73 lines
2.3 KiB
Diff
73 lines
2.3 KiB
Diff
From 8f0946a81eb22c14823d726afc486139bb2094ca Mon Sep 17 00:00:00 2001
|
|
From: Tom Tung <shes050117@gmail.com>
|
|
Date: Fri, 12 Aug 2022 16:47:27 +0800
|
|
Subject: [PATCH] lanplus: Realloc the msg if the payload_length gets updated
|
|
|
|
It's possible the payload_length gets updated in
|
|
lanplus_encrypt_payload. If it's updated, the memory of msg should be
|
|
updated.
|
|
|
|
Tested: use ipmitool with lanplus with similar STR and there is no
|
|
memory stomping issue.
|
|
|
|
Resolved: ipmitool/ipmitool#351
|
|
Signed-off-by: Tom Tung <shes050117@gmail.com>
|
|
---
|
|
src/plugins/lanplus/lanplus.c | 19 +++++++++++++++++++
|
|
src/plugins/lanplus/lanplus.h | 2 ++
|
|
2 files changed, 21 insertions(+)
|
|
|
|
diff --git a/src/plugins/lanplus/lanplus.c b/src/plugins/lanplus/lanplus.c
|
|
index ed41380..7a9162c 100644
|
|
--- a/src/plugins/lanplus/lanplus.c
|
|
+++ b/src/plugins/lanplus/lanplus.c
|
|
@@ -1727,6 +1727,7 @@ ipmi_lanplus_build_v2x_msg(
|
|
*/
|
|
if (session->v2_data.session_state == LANPLUS_STATE_ACTIVE)
|
|
{
|
|
+ uint16_t old_payload_length = payload->payload_length;
|
|
/* Payload len is adjusted as necessary by lanplus_encrypt_payload */
|
|
lanplus_encrypt_payload(session->v2_data.crypt_alg, /* input */
|
|
session->v2_data.k2, /* input */
|
|
@@ -1735,6 +1736,24 @@ ipmi_lanplus_build_v2x_msg(
|
|
msg + IPMI_LANPLUS_OFFSET_PAYLOAD, /* output */
|
|
&(payload->payload_length)); /* output */
|
|
|
|
+ if (old_payload_length != payload->payload_length)
|
|
+ {
|
|
+ len =
|
|
+ IPMI_LANPLUS_OFFSET_PAYLOAD +
|
|
+ payload->payload_length +
|
|
+ IPMI_MAX_INTEGRITY_PAD_SIZE +
|
|
+ IPMI_LANPLUS_PAD_LENGTH_SIZE +
|
|
+ IPMI_LANPLUS_NEXT_HEADER_SIZE +
|
|
+ IPMI_MAX_AUTH_CODE_SIZE;
|
|
+
|
|
+ uint8_t * new_msg = realloc(msg, len);
|
|
+ if (!new_msg) {
|
|
+ free(msg);
|
|
+ lprintf(LOG_ERR, "ipmitool: realloc failure");
|
|
+ return;
|
|
+ }
|
|
+ msg = new_msg;
|
|
+ }
|
|
}
|
|
|
|
/* Now we know the payload length */
|
|
diff --git a/src/plugins/lanplus/lanplus.h b/src/plugins/lanplus/lanplus.h
|
|
index 3e287ae..94bd56a 100644
|
|
--- a/src/plugins/lanplus/lanplus.h
|
|
+++ b/src/plugins/lanplus/lanplus.h
|
|
@@ -86,6 +86,8 @@
|
|
#define IPMI_LANPLUS_OFFSET_PAYLOAD_SIZE 0x0E
|
|
#define IPMI_LANPLUS_OFFSET_PAYLOAD 0x10
|
|
|
|
+#define IPMI_LANPLUS_PAD_LENGTH_SIZE 1
|
|
+#define IPMI_LANPLUS_NEXT_HEADER_SIZE 1
|
|
|
|
#define IPMI_GET_CHANNEL_AUTH_CAP 0x38
|
|
|
|
--
|
|
2.27.0
|
|
|