From 8d70a87b6305c1dbeec7b6a0ba4228a944d052fc Mon Sep 17 00:00:00 2001 From: Pavel Cahyna Date: Mon, 12 Feb 2024 19:39:16 +0100 Subject: [PATCH] Add patch from Debian to fix tsol buffer overflow Originally reported by Jan Safranek in https://sourceforge.net/p/ipmitool/mailman/message/24405281/ but never applied upstream. Problem seen and reported in real usage: https://bugs.launchpad.net/ubuntu/+source/ipmitool/+bug/633054 --- 0100-fix_buf_overflow.patch | 22 ++++++++++++++++++++++ ipmitool.spec | 5 +++++ 2 files changed, 27 insertions(+) create mode 100644 0100-fix_buf_overflow.patch diff --git a/0100-fix_buf_overflow.patch b/0100-fix_buf_overflow.patch new file mode 100644 index 0000000..1651487 --- /dev/null +++ b/0100-fix_buf_overflow.patch @@ -0,0 +1,22 @@ +Description: fix buffer overflow + based on 101_fix_buf_overflow from Leo Iannacone +Author: Jörg Frings-Fürst +Bug: TSOL buffer overflow +Bug-ubuntu: https://bugs.launchpad.net/ubuntu/+source/ipmitool/+bug/633054 +Forwarded: https://sourceforge.net/p/ipmitool/patches/100/ +Last-Update: 2014-12-01 +--- +This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ +Index: trunk/lib/ipmi_tsol.c +=================================================================== +--- trunk.orig/lib/ipmi_tsol.c ++++ trunk/lib/ipmi_tsol.c +@@ -374,7 +374,7 @@ ipmi_tsol_main(struct ipmi_intf *intf, i + char *recvip = NULL; + char in_buff[IPMI_BUF_SIZE]; + char out_buff[IPMI_BUF_SIZE * 8]; +- char buff[IPMI_BUF_SIZE + 4]; ++ char buff[IPMI_BUF_SIZE * 8 + 4]; + int fd_socket, result, i; + size_t out_buff_fill, in_buff_fill; + int ip1, ip2, ip3, ip4; diff --git a/ipmitool.spec b/ipmitool.spec index d71cdb1..4cacc23 100644 --- a/ipmitool.spec +++ b/ipmitool.spec @@ -26,6 +26,11 @@ Patch7: 0007-check-input.patch # https://github.com/ipmitool/ipmitool/pull/214 - approved but not merged Patch14: 0014-lanplus-cipher-retry.patch +# Debian patches, never applied upstream +# https://bugs.launchpad.net/ubuntu/+source/ipmitool/+bug/633054 +# https://sourceforge.net/p/ipmitool/mailman/message/24405281/ +Patch100: 0100-fix_buf_overflow.patch + BuildRequires: openssl-devel readline-devel ncurses-devel %{?systemd_requires} BuildRequires: systemd