From 8dba79a97b591769f77c87bd585ef94be453d947 Mon Sep 17 00:00:00 2001
From: changtao <changtao@kylinos.cn>
Date: Wed, 9 Oct 2024 01:27:44 +0800
Subject: [PATCH] fix-CVE-2024-42934

---
 0002-fix-CVE-2024-42934.patch | 43 +++++++++++++++++++++++++++++++++++
 OpenIPMI.spec                 |  9 +++++++-
 2 files changed, 51 insertions(+), 1 deletion(-)
 create mode 100644 0002-fix-CVE-2024-42934.patch

diff --git a/0002-fix-CVE-2024-42934.patch b/0002-fix-CVE-2024-42934.patch
new file mode 100644
index 0000000..d28827c
--- /dev/null
+++ b/0002-fix-CVE-2024-42934.patch
@@ -0,0 +1,43 @@
+From b52e8e2538b2b48ef6b63bff12b5cc9e2d52eff1 Mon Sep 17 00:00:00 2001
+From: Corey Minyard <minyard@...>
+Date: Tue, 8 Oct 2024 23:38:14 +0800
+Subject: [PATCH] fix CVE-2024-42934 
+
+lanserv: Check some bounds on incoming messages
+
+---
+ lanserv/lanserv_ipmi.c | 11 +++++++++++
+ 1 file changed, 11 insertions(+)
+
+diff --git a/lanserv/lanserv_ipmi.c b/lanserv/lanserv_ipmi.c
+index ccd6001..6ac5e3e 100644
+--- a/lanserv/lanserv_ipmi.c
++++ b/lanserv/lanserv_ipmi.c
+@@ -882,6 +882,12 @@ handle_temp_session(lanserv_data_t *lan, msg_t *msg)
+     }
+ 
+     auth = msg->data[0] & 0xf;
++   if (auth >= MAX_IPMI_AUTHS) {
++	lan->sysinfo->log(lan->sysinfo, NEW_SESSION_FAILED, msg,
++		 "Activate session failed: Invalid auth: 0x%x", auth);
++	return;
++    }
++
+     user = &(lan->users[user_idx]);
+     if (! (user->valid)) {
+ 	lan->sysinfo->log(lan->sysinfo, NEW_SESSION_FAILED, msg,
+@@ -3034,6 +3040,11 @@ ipmi_handle_lan_msg(lanserv_data_t *lan,
+     }
+ 
+     msg.authtype = data[4];
++    if (msg.authtype >= MAX_IPMI_AUTHS) {
++	lan->sysinfo->log(lan->sysinfo, LAN_ERR, &msg,
++		 "LAN msg failure: Invalid authtype");
++	return;
++    }
+     msg.data = data+5;
+     msg.len = len - 5;
+     msg.channel = lan->channel.channel_num;
+-- 
+2.43.0
+
diff --git a/OpenIPMI.spec b/OpenIPMI.spec
index 4196dd9..b3aac35 100644
--- a/OpenIPMI.spec
+++ b/OpenIPMI.spec
@@ -1,6 +1,6 @@
 Name:       OpenIPMI
 Version:    2.0.34
-Release:    1
+Release:    2
 Summary:    IPMI (Intelligent Platform Management Interface) library and tools
 License:    LGPLv2+ and GPLv2+ or BSD
 URL:        https://sourceforge.net/projects/openipmi/
@@ -10,6 +10,7 @@ Source2:    ipmi.service
 Source3:    openipmi-helper
 
 Patch0:     0001-man.patch
+Patch0:     0002-fix-CVE-2024-42934.patch
 
 BuildRequires:    make gdbm-devel swig glib2-devel net-snmp-devel ncurses-devel
 BuildRequires:    openssl-devel python3-devel perl-devel perl-generators
@@ -146,6 +147,12 @@ make check
 %exclude %{_mandir}/man1/openipmigui.1
 
 %changelog
+* Wed Oct 09 2024 changtao <changtao@kylinos.cn> - 2.0.34-2
+- Type:CVE
+- ID:CVE-2024-42934
+- SUG:NA
+- DESC:fix CVE-2024-42934
+
 * Fri Jan 05 2024 yanglu <yanglu72@h-partners.com> - 2.0.34-1
 - Type:requirement
 - CVE:NA
-- 
Gitee