package/ipmitool: fix 0011-channel-Fix-buffer-overflow.patch
The previous commit to this package
(37c5e903a7) introduced a bunch of patches
to fix a CVE. Unfortunatly only applying of the patches was tested but
not building the package.
This commit replaces a define that was introduced in a previous patch
upstream and caused the build failure.
Tested:
br-arm-full [1/6]: OK
br-arm-cortex-a9-glibc [2/6]: OK
br-arm-cortex-m4-full [3/6]: SKIPPED
br-x86-64-musl [4/6]: OK
br-arm-full-static [5/6]: OK
sourcery-arm [6/6]: OK
Fixes:
- http://autobuild.buildroot.net/results/3f7fe8ad181318153c459ba5e1afbbc8b49d541c/
- and more
Cc: Peter Korsgaard <peter@korsgaard.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Heiko Thiery <heiko.thiery@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2020.11.x
Heiko Thiery
Thomas Petazzoni
parent
5e74d8f0a0
commit
3b81307162
|
|
@ -14,7 +14,12 @@ the final response’s `data_len`, which can lead to stack buffer overflow
|
|||
on the final copy.
|
||||
|
||||
[Retrieve from:
|
||||
https://github.com/ipmitool/ipmitool/commit/9452be87181a6e83cfcc768b3ed8321763db50e4]
|
||||
https://github.com/ipmitool/ipmitool/commit/9452be87181a6e83cfcc768b3ed8321763db50e4
|
||||
|
||||
The patch is slightly modified manually. The define
|
||||
(MAX_CIPHER_SUITE_DATA_LEN) was introduced upstream in another patch.
|
||||
Replace the define by the value 0x10.]
|
||||
|
||||
Signed-off-by: Heiko Thiery <heiko.thiery@gmail.com>
|
||||
---
|
||||
lib/ipmi_channel.c | 5 ++++-
|
||||
|
|
@ -31,7 +36,7 @@ index fab2e54..59ac227 100644
|
|||
- if (rsp->ccode > 0) {
|
||||
+ if (rsp->ccode
|
||||
+ || rsp->data_len < 1
|
||||
+ || rsp->data_len > sizeof(uint8_t) + MAX_CIPHER_SUITE_DATA_LEN)
|
||||
+ || rsp->data_len > sizeof(uint8_t) + 0x10)
|
||||
+ {
|
||||
lprintf(LOG_ERR, "Get Channel Cipher Suites failed: %s",
|
||||
val2str(rsp->ccode, completion_code_vals));
|
||||
|
|
|
|||
Loading…
Reference in New Issue