diff --git a/OpenIPMI.spec b/OpenIPMI.spec
index d118d485c9027bf6e1d3d3d661977307de41dbc2..2bd73ea0217576b8d595757aa70da02910f56bf4 100644
--- a/OpenIPMI.spec
+++ b/OpenIPMI.spec
@@ -1,6 +1,6 @@
 Name:       OpenIPMI
 Version:    2.0.31
-Release:    2
+Release:    3
 Summary:    IPMI (Intelligent Platform Management Interface) library and tools
 License:    LGPLv2+ and GPLv2+ or BSD
 URL:        https://sourceforge.net/projects/openipmi/
@@ -12,6 +12,7 @@ Source3:    openipmi-helper
 Patch0:     0001-man.patch
 Patch1:     backport-OpenIPMI-ax-python.patch
 Patch2:     backport-OpenIPMI-sysconfig.patch
+Patch3:     backport-add-the-judgment-on-the-validity-of-length-and-session.patch
 
 BuildRequires:    gdbm-devel swig glib2-devel net-snmp-devel ncurses-devel
 BuildRequires:    openssl-devel python3-devel perl-devel perl-generators
@@ -143,6 +144,12 @@ echo ".so man1/openipmish.1" > %{buildroot}%{_mandir}/man1/ipmish.1
 %exclude %{_mandir}/man1/openipmigui.1
 
 %changelog
+* Fri Jun 17 2022 gaihuiying <eaglegai@163.com> - 2.0.31-3
+- Type:bugfix
+- CVE:
+- SUG:NA
+- DESC:Add the judgment on the validity of length in emu_cmd.c and session in lanserv_ipmi.c
+
 * Wed Apr 20 2022 gaihuiying <eaglegai@163.com> - 2.0.31-2
 - Type:bugfix
 - Id:NA
diff --git a/backport-add-the-judgment-on-the-validity-of-length-and-session.patch b/backport-add-the-judgment-on-the-validity-of-length-and-session.patch
new file mode 100644
index 0000000000000000000000000000000000000000..5e68a3c581285c439e7bd239416184998f778974
--- /dev/null
+++ b/backport-add-the-judgment-on-the-validity-of-length-and-session.patch
@@ -0,0 +1,40 @@
+From 35525f7903bdbfe98c1b101f2c30afd78fbdda98 Mon Sep 17 00:00:00 2001
+From: zhangqiumiao <zhangqiumiao1@huawei.com>
+Date: Fri, 9 Apr 2021 15:26:54 +0800
+Subject: [PATCH] lanserv: Add the judgment on the validity of length in
+ emu_cmd.c and session in lanserv_ipmi.c
+
+---
+ lanserv/emu_cmd.c      | 3 +++
+ lanserv/lanserv_ipmi.c | 2 +-
+ 2 files changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/lanserv/emu_cmd.c b/lanserv/emu_cmd.c
+index ea3f8685..727bb0c8 100644
+--- a/lanserv/emu_cmd.c
++++ b/lanserv/emu_cmd.c
+@@ -913,6 +913,9 @@ mc_add_fru_data(emu_out_t *out, emu_data_t *emu, lmc_data_t *mc, char **toks)
+     if (rv)
+ 	return rv;
+ 
++    if (length > MAX_FRU_SIZE)
++	return EINVAL;
++
+     tok = mystrtok(NULL, " \t\n", toks);
+     if (!tok) {
+ 	out->eprintf(out, "**No FRU data type given");
+diff --git a/lanserv/lanserv_ipmi.c b/lanserv/lanserv_ipmi.c
+index 4005bcba..ccd60015 100644
+--- a/lanserv/lanserv_ipmi.c
++++ b/lanserv/lanserv_ipmi.c
+@@ -3143,7 +3143,7 @@ get_associated_mc(channel_t *chan, uint32_t session_id, unsigned int payload)
+     lanserv_data_t *lan = chan->chan_info;
+     session_t *session = sid_to_session(lan, session_id);
+ 
+-    if (payload >= LANSERV_NUM_CLOSERS)
++    if (payload >= LANSERV_NUM_CLOSERS || session == NULL)
+ 	return NULL;
+ 
+     return session->closers[payload].mc;
+-- 
+2.33.0
\ No newline at end of file