From: Vijay Anusuri <[email protected]> Upstream-Status: Backport from https://sourceforge.net/p/openipmi/code/ci/663e3cd3 & https://sourceforge.net/p/openipmi/code/ci/b52e8e2538b2b48ef6b63bff12b5cc9e2d52eff1 & https://sourceforge.net/p/openipmi/code/ci/4c129d0540f3578ecc078d8612bbf84b6cd24c87
Reference: https://access.redhat.com/errata/RHSA-2024:8037 Signed-off-by: Vijay Anusuri <[email protected]> --- .../openipmi/files/CVE-2024-42934.patch | 78 +++++++++++++++++++ .../openipmi/openipmi_2.0.32.bb | 1 + 2 files changed, 79 insertions(+) create mode 100644 meta-networking/recipes-support/openipmi/files/CVE-2024-42934.patch diff --git a/meta-networking/recipes-support/openipmi/files/CVE-2024-42934.patch b/meta-networking/recipes-support/openipmi/files/CVE-2024-42934.patch new file mode 100644 index 000000000..f8ce11836 --- /dev/null +++ b/meta-networking/recipes-support/openipmi/files/CVE-2024-42934.patch @@ -0,0 +1,78 @@ +Upstream-Status: Backport [import from Redhat RHEL9 OpenIPMI-2.0.32-5.el9_4.src.rpm +Upstream commit https://sourceforge.net/p/openipmi/code/ci/663e3cd3 & https://sourceforge.net/p/openipmi/code/ci/b52e8e2538b2b48ef6b63bff12b5cc9e2d52eff1 & https://sourceforge.net/p/openipmi/code/ci/4c129d0540f3578ecc078d8612bbf84b6cd24c87] +CVE: CVE-2024-42934 +Signed-off-by: Vijay Anusuri <[email protected]> + +diff --git a/lanserv/lanserv_ipmi.c b/lanserv/lanserv_ipmi.c +index ccd60015..e707454e 100644 +--- a/lanserv/lanserv_ipmi.c ++++ b/lanserv/lanserv_ipmi.c +@@ -882,6 +882,12 @@ handle_temp_session(lanserv_data_t *lan, msg_t *msg) + } + + auth = msg->data[0] & 0xf; ++ if (auth >= MAX_IPMI_AUTHS) { ++ lan->sysinfo->log(lan->sysinfo, NEW_SESSION_FAILED, msg, ++ "Activate session failed: Invalid auth: 0x%x", auth); ++ return; ++ } ++ + user = &(lan->users[user_idx]); + if (! (user->valid)) { + lan->sysinfo->log(lan->sysinfo, NEW_SESSION_FAILED, msg, +@@ -3016,17 +3022,33 @@ ipmi_handle_lan_msg(lanserv_data_t *lan, + { + msg_t msg; + ++ memset(&msg, 0, sizeof(msg)); ++ + msg.src_addr = from_addr; + msg.src_len = from_len; + + msg.oem_data = 0; + ++ msg.channel = lan->channel.channel_num; ++ msg.orig_channel = &lan->channel; ++ ++ /* ++ * Initialize the data so the log won't crash if it gets called, and ++ * so the log might have useful info. ++ */ ++ msg.data = data; ++ msg.len = len; ++ + if (len < 5) { + lan->sysinfo->log(lan->sysinfo, LAN_ERR, &msg, + "LAN msg failure: message too short"); + return; + } + ++ /* Length is at least marginally correct, skip the first part now. */ ++ msg.data = data + 5; ++ msg.len = len - 5; ++ + if (data[2] != 0xff) { + lan->sysinfo->log(lan->sysinfo, LAN_ERR, &msg, + "LAN msg failure: seq not ff"); +@@ -3034,17 +3056,15 @@ ipmi_handle_lan_msg(lanserv_data_t *lan, + } + + msg.authtype = data[4]; +- msg.data = data+5; +- msg.len = len - 5; +- msg.channel = lan->channel.channel_num; +- msg.orig_channel = &lan->channel; +- + if (msg.authtype == IPMI_AUTHTYPE_RMCP_PLUS) { + ipmi_handle_rmcpp_msg(lan, &msg); ++ } else if (msg.authtype >= MAX_IPMI_AUTHS) { ++ lan->sysinfo->log(lan->sysinfo, LAN_ERR, &msg, ++ "LAN msg failure: Invalid authtype: %d", data[4]); ++ return; + } else { + ipmi_handle_rmcp_msg(lan, &msg); + } +- + } + + static void diff --git a/meta-networking/recipes-support/openipmi/openipmi_2.0.32.bb b/meta-networking/recipes-support/openipmi/openipmi_2.0.32.bb index 8625afaa7..e670fde39 100644 --- a/meta-networking/recipes-support/openipmi/openipmi_2.0.32.bb +++ b/meta-networking/recipes-support/openipmi/openipmi_2.0.32.bb @@ -32,6 +32,7 @@ SRC_URI = "${SOURCEFORGE_MIRROR}/openipmi/OpenIPMI-${PV}.tar.gz \ file://openipmi-helper \ file://ipmi.service \ file://0001-m4-ax_python_devel.m4-do-not-check-for-distutils.patch \ + file://CVE-2024-42934.patch \ " S = "${WORKDIR}/OpenIPMI-${PV}" -- 2.25.1
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#113864): https://lists.openembedded.org/g/openembedded-devel/message/113864 Mute This Topic: https://lists.openembedded.org/mt/109640711/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
