deepblue/ipmitool
1
0
Fork 0
mirror of https://github.com/ipmitool/ipmitool.git synced 2025-05-10 10:37:22 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Check rsp->data_len in ipmi_sel_get_info()

Browse Source 
Commit adds check of response's data_len in ipmi_sel_get_info() as returned data
length is unconditional. If incorrect, resp. short, data_len is returned, we
might end up reading memory at places we're not supposed to.
This commit is contained in:
Zdenek Styblik 2016-04-12 21:09:52 +02:00
parent 0d6a45357b
commit d57bf32668
1 changed files with 5 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
lib/ipmi_sel.c
View File

@ -1469,11 +1469,14 @@ ipmi_sel_get_info(struct ipmi_intf * intf)
if (rsp == NULL) { if (rsp == NULL) {
lprintf(LOG_ERR, "Get SEL Info command failed"); lprintf(LOG_ERR, "Get SEL Info command failed");
return -1; return -1;
} } else if (rsp->ccode > 0) {
if (rsp->ccode > 0) {
lprintf(LOG_ERR, "Get SEL Info command failed: %s", lprintf(LOG_ERR, "Get SEL Info command failed: %s",
val2str(rsp->ccode, completion_code_vals)); val2str(rsp->ccode, completion_code_vals));
return -1; return -1;
} else if (rsp->data_len != 14) {
lprintf(LOG_ERR, "Get SEL Info command failed: "
"Invalid data length %d", rsp->data_len);
return (-1);
} }
if (verbose > 2) if (verbose > 2)
printbuf(rsp->data, rsp->data_len, "sel_info"); printbuf(rsp->data, rsp->data_len, "sel_info");