deepblue/ipmitool
1
0
Fork 0
mirror of https://github.com/ipmitool/ipmitool.git synced 2025-05-10 18:47:22 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

channel: Fix buffer overflow

Browse Source 
Partial fix for CVE-2020-5208, see
https://github.com/ipmitool/ipmitool/security/advisories/GHSA-g659-9qxw-p7cp

The `ipmi_get_channel_cipher_suites` function does not properly check
the final response’s `data_len`, which can lead to stack buffer overflow
on the final copy.
This commit is contained in:
Chrostoper Ertl 2019-11-28 16:56:38 +00:00 committed by Alexander Amelkin
parent 41d7026946
commit 9452be8718
No known key found for this signature in database
GPG Key ID: E893587B5B74178D
1 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
lib/ipmi_channel.c
View File

@ -498,7 +498,10 @@ ipmi_get_channel_cipher_suites(struct ipmi_intf *intf,
lprintf(LOG_ERR, "Unable to Get Channel Cipher Suites"); lprintf(LOG_ERR, "Unable to Get Channel Cipher Suites");
return -1; return -1;
} }
if (rsp->ccode || rsp->data_len < 1) { if (rsp->ccode
|| rsp->data_len < 1
|| rsp->data_len > sizeof(uint8_t) + MAX_CIPHER_SUITE_DATA_LEN)
{
lprintf(LOG_ERR, "Get Channel Cipher Suites failed: %s", lprintf(LOG_ERR, "Get Channel Cipher Suites failed: %s",
val2str(rsp->ccode, completion_code_vals)); val2str(rsp->ccode, completion_code_vals));
return -1; return -1;