From 9e769054d0319a462976265d26b16740df41ff59 Mon Sep 17 00:00:00 2001 From: eaglegai Date: Fri, 17 Jun 2022 15:13:42 +0800 Subject: [PATCH] Add the judgment on the validity of length in emu_cmd.c and session in lanserv_ipmi.c --- OpenIPMI.spec | 9 ++++- ...n-the-validity-of-length-and-session.patch | 40 +++++++++++++++++++ 2 files changed, 48 insertions(+), 1 deletion(-) create mode 100644 backport-add-the-judgment-on-the-validity-of-length-and-session.patch diff --git a/OpenIPMI.spec b/OpenIPMI.spec index 9e91dab..9548736 100644 --- a/OpenIPMI.spec +++ b/OpenIPMI.spec @@ -1,6 +1,6 @@ Name: OpenIPMI Version: 2.0.31 -Release: 1 +Release: 2 Summary: IPMI (Intelligent Platform Management Interface) library and tools License: LGPLv2+ and GPLv2+ or BSD URL: https://sourceforge.net/projects/openipmi/ @@ -10,6 +10,7 @@ Source2: ipmi.service Source3: openipmi-helper Patch0: 0001-man.patch +Patch1: backport-add-the-judgment-on-the-validity-of-length-and-session.patch BuildRequires: gdbm-devel swig glib2-devel net-snmp-devel ncurses-devel BuildRequires: openssl-devel python3-devel perl-devel perl-generators @@ -141,6 +142,12 @@ echo ".so man1/openipmish.1" > %{buildroot}%{_mandir}/man1/ipmish.1 %exclude %{_mandir}/man1/openipmigui.1 %changelog +* Fri Jun 17 2022 gaihuiying - 2.0.31-2 +- Type:bugfix +- CVE: +- SUG:NA +- DESC:Add the judgment on the validity of length in emu_cmd.c and session in lanserv_ipmi.c + * Fri Jan 29 2021 xihaochen - 2.0.31-1 - Type:requirements - Id:NA diff --git a/backport-add-the-judgment-on-the-validity-of-length-and-session.patch b/backport-add-the-judgment-on-the-validity-of-length-and-session.patch new file mode 100644 index 0000000..5e68a3c --- /dev/null +++ b/backport-add-the-judgment-on-the-validity-of-length-and-session.patch @@ -0,0 +1,40 @@ +From 35525f7903bdbfe98c1b101f2c30afd78fbdda98 Mon Sep 17 00:00:00 2001 +From: zhangqiumiao +Date: Fri, 9 Apr 2021 15:26:54 +0800 +Subject: [PATCH] lanserv: Add the judgment on the validity of length in + emu_cmd.c and session in lanserv_ipmi.c + +--- + lanserv/emu_cmd.c | 3 +++ + lanserv/lanserv_ipmi.c | 2 +- + 2 files changed, 4 insertions(+), 1 deletion(-) + +diff --git a/lanserv/emu_cmd.c b/lanserv/emu_cmd.c +index ea3f8685..727bb0c8 100644 +--- a/lanserv/emu_cmd.c ++++ b/lanserv/emu_cmd.c +@@ -913,6 +913,9 @@ mc_add_fru_data(emu_out_t *out, emu_data_t *emu, lmc_data_t *mc, char **toks) + if (rv) + return rv; + ++ if (length > MAX_FRU_SIZE) ++ return EINVAL; ++ + tok = mystrtok(NULL, " \t\n", toks); + if (!tok) { + out->eprintf(out, "**No FRU data type given"); +diff --git a/lanserv/lanserv_ipmi.c b/lanserv/lanserv_ipmi.c +index 4005bcba..ccd60015 100644 +--- a/lanserv/lanserv_ipmi.c ++++ b/lanserv/lanserv_ipmi.c +@@ -3143,7 +3143,7 @@ get_associated_mc(channel_t *chan, uint32_t session_id, unsigned int payload) + lanserv_data_t *lan = chan->chan_info; + session_t *session = sid_to_session(lan, session_id); + +- if (payload >= LANSERV_NUM_CLOSERS) ++ if (payload >= LANSERV_NUM_CLOSERS || session == NULL) + return NULL; + + return session->closers[payload].mc; +-- +2.33.0 \ No newline at end of file -- Gitee