mirror/openwrt-packages
1
0
Fork 0
mirror of https://git.openwrt.org/feed/packages.git synced 2024-07-01 18:44:05 +02:00
Code Releases Activity
81629ba591
openwrt-packages/admin/ipmitool/patches/0009-CVE-2020-5208-channel-Fix-buffer-overflow.patch
Ilya Lipnitskiy 5d8d4fbbcb
treewide: Run refresh on all packages 
The crude loop I wrote to come up with this changeset:

  find -L package/feeds/packages/ -name patches | \
  sed 's/patches$/refresh/' | sort | xargs make

Signed-off-by: Ilya Lipnitskiy <ilya.lipnitskiy@gmail.com>
2021-02-20 16:02:15 -08:00

33 lines
1.1 KiB
Diff
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

From 743dd4faa302f22950e4438cf684e1e398eb47eb Mon Sep 17 00:00:00 2001
From: Chrostoper Ertl <chertl@microsoft.com>
Date: Thu, 28 Nov 2019 16:56:38 +0000
Subject: [PATCH 09/11] channel: Fix buffer overflow
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Partial fix for CVE-2020-5208, see
https://github.com/ipmitool/ipmitool/security/advisories/GHSA-g659-9qxw-p7cp
The `ipmi_get_channel_cipher_suites` function does not properly check
the final responses `data_len`, which can lead to stack buffer overflow
on the final copy.
---
lib/ipmi_channel.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
--- a/lib/ipmi_channel.c
+++ b/lib/ipmi_channel.c
@@ -413,7 +413,10 @@ ipmi_get_channel_cipher_suites(struct ip
lprintf(LOG_ERR, "Unable to Get Channel Cipher Suites");
return -1;
}
- if (rsp->ccode > 0) {
+ if (rsp->ccode
+ || rsp->data_len < 1
+ || rsp->data_len > sizeof(uint8_t) + 0x10)
+ {
lprintf(LOG_ERR, "Get Channel Cipher Suites failed: %s",
val2str(rsp->ccode, completion_code_vals));
return -1;
View Git Blame Copy Permalink