45 lines
1.3 KiB
Diff
45 lines
1.3 KiB
Diff
From 5ab6d04b43ebdce0b7de62cae051cd554e9a52a1 Mon Sep 17 00:00:00 2001
|
|
From: fengtao40 <fengtao40@huawei.com>
|
|
Date: Tue, 11 Feb 2020 21:08:07 -0500
|
|
Subject: [PATCH] Fix buffer overflow in ipmi_get_session_info
|
|
|
|
---
|
|
lib/ipmi_session.c | 14 +++++++++-----
|
|
1 file changed, 9 insertions(+), 5 deletions(-)
|
|
|
|
diff --git a/lib/ipmi_session.c b/lib/ipmi_session.c
|
|
index 141f0f4..01d3c24 100644
|
|
--- a/lib/ipmi_session.c
|
|
+++ b/lib/ipmi_session.c
|
|
@@ -309,8 +309,10 @@ ipmi_get_session_info(struct ipmi_intf * intf,
|
|
}
|
|
else
|
|
{
|
|
- memcpy(&session_info, rsp->data, rsp->data_len);
|
|
- print_session_info(&session_info, rsp->data_len);
|
|
+ memcpy(&session_info, rsp->data,
|
|
+ __min(rsp->data_len, sizeof(session_info)));
|
|
+ print_session_info(&session_info,
|
|
+ __min(rsp->data_len, sizeof(session_info)));
|
|
}
|
|
break;
|
|
|
|
@@ -341,9 +343,11 @@ ipmi_get_session_info(struct ipmi_intf * intf,
|
|
break;
|
|
}
|
|
|
|
- memcpy(&session_info, rsp->data, rsp->data_len);
|
|
- print_session_info(&session_info, rsp->data_len);
|
|
-
|
|
+ memcpy(&session_info, rsp->data,
|
|
+ __min(rsp->data_len, sizeof(session_info)));
|
|
+ print_session_info(&session_info,
|
|
+ __min(rsp->data_len, sizeof(session_info)));
|
|
+
|
|
} while (i <= session_info.session_slot_count);
|
|
break;
|
|
}
|
|
--
|
|
2.19.1
|
|
|