LILiK
/
openwrt-packages-dist
5
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
23429 Commits
1 Branch
46 MiB
Tree: 5d8d4fbbcb
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '5d8d4fbbcb'
${ noResults }
openwrt-packages-dist/admin/ipmitool/patches/0009-CVE-2020-5208-channel-...

32 lines
1.1 KiB
Raw Normal View History

ipmitool: fix CVE-2020-5208 All patches has been applied upstream. Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
4 years ago
treewide: Run refresh on all packages The crude loop I wrote to come up with this changeset: find -L package/feeds/packages/ -name patches | \ sed 's/patches$/refresh/' | sort | xargs make Signed-off-by: Ilya Lipnitskiy <ilya.lipnitskiy@gmail.com>
3 years ago
ipmitool: fix CVE-2020-5208 All patches has been applied upstream. Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
4 years ago
 
  1. From 743dd4faa302f22950e4438cf684e1e398eb47eb Mon Sep 17 00:00:00 2001
  2. From: Chrostoper Ertl <chertl@microsoft.com>
  3. Date: Thu, 28 Nov 2019 16:56:38 +0000
  4. Subject: [PATCH 09/11] channel: Fix buffer overflow
  5. MIME-Version: 1.0
  6. Content-Type: text/plain; charset=UTF-8
  7. Content-Transfer-Encoding: 8bit
  8. 

  9. Partial fix for CVE-2020-5208, see
  10. https://github.com/ipmitool/ipmitool/security/advisories/GHSA-g659-9qxw-p7cp
  11. 

  12. The `ipmi_get_channel_cipher_suites` function does not properly check
  13. the final response’s `data_len`, which can lead to stack buffer overflow
  14. on the final copy.
  15. ---

  16.  lib/ipmi_channel.c | 5 ++++-
  17.  1 file changed, 4 insertions(+), 1 deletion(-)
  18. 

  19. --- a/lib/ipmi_channel.c

  20. +++ b/lib/ipmi_channel.c

  21. @@ -413,7 +413,10 @@ ipmi_get_channel_cipher_suites(struct ip

  22.  			lprintf(LOG_ERR, "Unable to Get Channel Cipher Suites");
  23.  			return -1;
  24.  		}
  25. -		if (rsp->ccode > 0) {

  26. +		if (rsp->ccode

  27. +		    || rsp->data_len < 1

  28. +		    || rsp->data_len > sizeof(uint8_t) + 0x10)

  29. +		{

  30.  			lprintf(LOG_ERR, "Get Channel Cipher Suites failed: %s",
  31.  					val2str(rsp->ccode, completion_code_vals));
  32.  			return -1;