aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGravatar Heiko Thiery <heiko.thiery@gmail.com>2020-09-16 19:44:51 +0200
committerGravatar Peter Korsgaard <peter@korsgaard.com>2020-09-23 21:06:42 +0200
commitd86b338740cb42e7f296baf6035f0c9d9b7065f5 (patch)
tree6da0a6ca607d3deef53606764fc65d433bb58260
parent5935b68772e8a23cbdddff9f16a5ae90eddddf5f (diff)
downloadbuildroot-d86b338740cb42e7f296baf6035f0c9d9b7065f5.tar.gz
buildroot-d86b338740cb42e7f296baf6035f0c9d9b7065f5.tar.bz2
package/ipmitool: fix 0011-channel-Fix-buffer-overflow.patch
The previous commit to this package (37c5e903a7e18f5b3847c11a40af5f74984d6c77) introduced a bunch of patches to fix a CVE. Unfortunatly only applying of the patches was tested but not building the package. This commit replaces a define that was introduced in a previous patch upstream and caused the build failure. Tested: br-arm-full [1/6]: OK br-arm-cortex-a9-glibc [2/6]: OK br-arm-cortex-m4-full [3/6]: SKIPPED br-x86-64-musl [4/6]: OK br-arm-full-static [5/6]: OK sourcery-arm [6/6]: OK Fixes: - http://autobuild.buildroot.net/results/3f7fe8ad181318153c459ba5e1afbbc8b49d541c/ - and more Cc: Peter Korsgaard <peter@korsgaard.com> Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com> Signed-off-by: Heiko Thiery <heiko.thiery@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> (cherry picked from commit 3b81307162cecba51d4f297892c02130390ec137) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
-rw-r--r--package/ipmitool/0011-channel-Fix-buffer-overflow.patch9
1 files changed, 7 insertions, 2 deletions
diff --git a/package/ipmitool/0011-channel-Fix-buffer-overflow.patch b/package/ipmitool/0011-channel-Fix-buffer-overflow.patch
index 8d7ecb9550..62e04c3e27 100644
--- a/package/ipmitool/0011-channel-Fix-buffer-overflow.patch
+++ b/package/ipmitool/0011-channel-Fix-buffer-overflow.patch
@@ -14,7 +14,12 @@ the final response’s `data_len`, which can lead to stack buffer overflow
on the final copy.
[Retrieve from:
-https://github.com/ipmitool/ipmitool/commit/9452be87181a6e83cfcc768b3ed8321763db50e4]
+https://github.com/ipmitool/ipmitool/commit/9452be87181a6e83cfcc768b3ed8321763db50e4
+
+The patch is slightly modified manually. The define
+(MAX_CIPHER_SUITE_DATA_LEN) was introduced upstream in another patch.
+Replace the define by the value 0x10.]
+
Signed-off-by: Heiko Thiery <heiko.thiery@gmail.com>
---
lib/ipmi_channel.c | 5 ++++-
@@ -31,7 +36,7 @@ index fab2e54..59ac227 100644
- if (rsp->ccode > 0) {
+ if (rsp->ccode
+ || rsp->data_len < 1
-+ || rsp->data_len > sizeof(uint8_t) + MAX_CIPHER_SUITE_DATA_LEN)
++ || rsp->data_len > sizeof(uint8_t) + 0x10)
+ {
lprintf(LOG_ERR, "Get Channel Cipher Suites failed: %s",
val2str(rsp->ccode, completion_code_vals));