import ipmitool-1.8.18-18.el8

This commit is contained in:
CentOS Sources 2021-10-05 20:41:09 -04:00 committed by Stepan Oksanichenko
parent 291c3d3971
commit 4c84a1a116
2 changed files with 73 additions and 1 deletions

View File

@ -0,0 +1,65 @@
From 646160e2175f9e0ba33e4f2bda12d84555e9c30e Mon Sep 17 00:00:00 2001
From: Alexander Amelkin <alexander@amelkin.msk.ru>
Date: Thu, 29 Nov 2018 13:10:53 +0300
Subject: [PATCH] lanplus: Cleanup. Refix 6dec83ff, fix be2c0c4b
This is a cleanup commit.
Commit 6dec83ff removed assignment of `rsp` pointer
in SOL-processing block of ipmi_lan_poll_single(),
but left the check for the pointer validity in place.
Although that has effectively fixed the bug of potentially
accessing the null `rsp` pointer in the `else` block introduced
with be2c0c4b, the resulting if/else looked suspicious and left
and impression that a NULL pointer could still be accessed.
This commit removes the check for `rsp` from the `if`
as it is checked at the start of the function where `rsp`
is initialized (and that is the only place where it is ever changed).
Signed-off-by: Alexander Amelkin <alexander@amelkin.msk.ru>
(cherry picked from commit 64727f59c4a1412fdb73e092fb838ae66e2aad1a)
lanplus: Fix segfault for truncated dcmi response
On occasion a dcmi power reading will return error C6, and a
truncated response payload. As the decrypted payload is shorter
than the expected length, lanplus_decrypt_aes_cbc_128() adjusts
the payload_size downward by one byte. In ipmi_lan_poll_single()
the calculation to determine if the payload size has increased
erroniously sets extra_data_length to -1, with a subsequent
segv when calling a memmove to shift response data.
The fix is to check for a positive value in the extra_data_length.
Resolves ipmitool/ipmitool#72
(cherry picked from commit 9ec2232321a7bca7e1fb8f939d071f12c8dfa7fd)
---
src/plugins/lanplus/lanplus.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/plugins/lanplus/lanplus.c b/src/plugins/lanplus/lanplus.c
index c442c0e..ef132f6 100644
--- a/src/plugins/lanplus/lanplus.c
+++ b/src/plugins/lanplus/lanplus.c
@@ -814,7 +814,7 @@ ipmi_lan_poll_single(struct ipmi_intf * intf)
* rsp->data_len becomes the length of that data
*/
extra_data_length = payload_size - (offset - payload_start) - 1;
- if (extra_data_length) {
+ if (extra_data_length > 0) {
rsp->data_len = extra_data_length;
memmove(rsp->data, rsp->data + offset, extra_data_length);
} else {
@@ -868,7 +868,7 @@ ipmi_lan_poll_single(struct ipmi_intf * intf)
}
read_sol_packet(rsp, &offset);
extra_data_length = payload_size - (offset - payload_start);
- if (rsp && extra_data_length) {
+ if (extra_data_length > 0) {
rsp->data_len = extra_data_length;
memmove(rsp->data, rsp->data + offset, extra_data_length);
} else {
--
2.26.3

View File

@ -1,7 +1,7 @@
Name: ipmitool Name: ipmitool
Summary: Utility for IPMI control Summary: Utility for IPMI control
Version: 1.8.18 Version: 1.8.18
Release: 17%{?dist} Release: 18%{?dist}
License: BSD License: BSD
URL: http://ipmitool.sourceforge.net/ URL: http://ipmitool.sourceforge.net/
Source0: http://downloads.sourceforge.net/project/%{name}/%{name}/%{version}/%{name}-%{version}.tar.bz2 Source0: http://downloads.sourceforge.net/project/%{name}/%{name}/%{version}/%{name}-%{version}.tar.bz2
@ -25,6 +25,7 @@ Patch9: 0009-CVE-2020-5208.patch
Patch10: 0010-quanta-oem-support.patch Patch10: 0010-quanta-oem-support.patch
Patch11: 0011-pef-missing-newline.patch Patch11: 0011-pef-missing-newline.patch
Patch12: 0012-lanplus-cipher-retry.patch Patch12: 0012-lanplus-cipher-retry.patch
Patch13: 0013-lanplus-Cleanup.-Refix-6dec83ff-fix-be2c0c4b.patch
BuildRequires: openssl-devel readline-devel ncurses-devel BuildRequires: openssl-devel readline-devel ncurses-devel
%{?systemd_requires} %{?systemd_requires}
@ -184,6 +185,12 @@ install -Dm 755 contrib/bmc-snmp-proxy %{buildroot}%{_libexecdir}/bmc-sn
%{_libexecdir}/bmc-snmp-proxy %{_libexecdir}/bmc-snmp-proxy
%changelog %changelog
* Mon Jul 19 2021 Pavel Cahyna <pcahyna@redhat.com> - 1.8.18-18
- Protect against negative values to memmove that caused
"ipmitool sol activate" to crash against an IBM DataPower appliance
(#1951480)
Cherry-picked from upstream PR#78.
* Wed Jun 03 2020 Václav Doležal <vdolezal@redhat.com> - 1.8.18-17 * Wed Jun 03 2020 Václav Doležal <vdolezal@redhat.com> - 1.8.18-17
- Disable retry of pre-session "Get cipher suites" command as some - Disable retry of pre-session "Get cipher suites" command as some
BMCs are ignoring it (#1831158) BMCs are ignoring it (#1831158)