* add missing patch to ipmitool

2021-03-06 18:54:50 +01:00 · 2021-03-06 18:54:50 +01:00 · e2821a94c7
commit e2821a94c7
parent a921eb920c
1 changed files with 37 additions and 0 deletions
--- a/ipmitool/9452be87181a6e83cfcc768b3ed8321763db50e4-edited.patch
+++ b/ipmitool/9452be87181a6e83cfcc768b3ed8321763db50e4-edited.patch
@ -0,0 +1,37 @@
+NOTE: This diff has been adjusted to apply to 1.8.18.
+
+
+From 9452be87181a6e83cfcc768b3ed8321763db50e4 Mon Sep 17 00:00:00 2001
+From: Chrostoper Ertl <chertl@microsoft.com>
+Date: Thu, 28 Nov 2019 16:56:38 +0000
+Subject: [PATCH] channel: Fix buffer overflow
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Partial fix for CVE-2020-5208, see
+https://github.com/ipmitool/ipmitool/security/advisories/GHSA-g659-9qxw-p7cp
+
+The `ipmi_get_channel_cipher_suites` function does not properly check
+the final response’s `data_len`, which can lead to stack buffer overflow
+on the final copy.
+---
+ lib/ipmi_channel.c | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/lib/ipmi_channel.c b/lib/ipmi_channel.c
+index a6a6a424..433c4d36 100644
+--- a/lib/ipmi_channel.c
+++ b/lib/ipmi_channel.c
+@@ -498,7 +498,10 @@ ipmi_get_channel_cipher_suites(struct ipmi_intf *intf,
+ 			lprintf(LOG_ERR, "Unable to Get Channel Cipher Suites");
+ 			return -1;
+ 		}
+-		if (rsp->ccode > 0) {
+		if (rsp->ccode
+		    || rsp->data_len < 1
+		    || rsp->data_len > sizeof(uint8_t) + MAX_CIPHER_SUITE_DATA_LEN)
+		{
+ 			lprintf(LOG_ERR, "Get Channel Cipher Suites failed: %s",
+ 					val2str(rsp->ccode, completion_code_vals));
+ 			return -1;