mirror of
https://github.com/ipmitool/ipmitool.git
synced 2025-05-10 10:37:22 +00:00
840fb1cbb4
Partial fix for CVE-2020-5208, see https://github.com/ipmitool/ipmitool/security/advisories/GHSA-g659-9qxw-p7cp The `ipmi_spd_print_fru` function has a similar issue as the one fixed by the previous commit in `read_fru_area_section`. An initial request is made to get the `fru.size`, which is used as the size for the allocation of `spd_data`. Inside a loop, further requests are performed to get the copy sizes which are not checked before being used as the size for a copy into the buffer.