Overview

File lanserv-Check-some-bounds-on-incoming-messages.patch of Package OpenIPMI.35910

From: Corey Minyard <minyard@acm.org>
Subject: lanserv: Check some bounds on incoming messages
References: 1229910
Patch-Mainline: v2.0.35
Git-commit: b52e8e2538b2b48ef6b63bff12b5cc9e2d52eff1
Git-repo: ssh://watologo1@git.code.sf.net/u/watologo1/openipmi.git

Signed-off-by: Corey Minyard <minyard@acm.org>


Signed-off-by:  <trenn@suse.com>
Index: OpenIPMI-2.0.31/lanserv/lanserv_ipmi.c
===================================================================
--- OpenIPMI-2.0.31.orig/lanserv/lanserv_ipmi.c
+++ OpenIPMI-2.0.31/lanserv/lanserv_ipmi.c
@@ -882,6 +882,12 @@ handle_temp_session(lanserv_data_t *lan,
     }
 
     auth = msg->data[0] & 0xf;
+    if (auth >= MAX_IPMI_AUTHS) {
+	lan->sysinfo->log(lan->sysinfo, NEW_SESSION_FAILED, msg,
+		 "Activate session failed: Invalid auth: 0x%x", auth);
+	return;
+    }
+
     user = &(lan->users[user_idx]);
     if (! (user->valid)) {
 	lan->sysinfo->log(lan->sysinfo, NEW_SESSION_FAILED, msg,
@@ -3034,6 +3040,11 @@ ipmi_handle_lan_msg(lanserv_data_t *lan,
     }
 
     msg.authtype = data[4];
+    if (msg.authtype >= MAX_IPMI_AUTHS) {
+	lan->sysinfo->log(lan->sysinfo, LAN_ERR, &msg,
+		 "LAN msg failure: Invalid authtype");
+	return;
+    }
     msg.data = data+5;
     msg.len = len - 5;
     msg.channel = lan->channel.channel_num;
openSUSE Build Service is sponsored by
Places