Shuah Khan wrote:
> Here is a patch for fixing the ipmidirect plug-in segmentation fault
> when it receives a message with 0 length data bytes. A new check is
> added to ReadResponse() to check if data[13] is zero. Without this
> check, later on in this routine, it tries to make an invalid reference
> and seg faults.
Shuah,
Under what circumstances did a message with no data occur?
Which specific line in the code was causing the seg fault?
The code you added accepts the message if the data length is greater
than 0. But, shouldn't the data contain a valid IPMI Lan response? In
which case, I believe the minimum length should be 8, 1 byte for each
of the following fields, assuming no response data:
rqAddr,
netFn,
checksum 1,
rsAddr,
rqSeg/rsLUN,
cmd,
completion code,
checksum 2
Chris
> Here is the svn diff output:
>
> --- ipmi_con_lan.cpp (revision 6918)
> +++ ipmi_con_lan.cpp (working copy)
> @@ -931,6 +931,13 @@
> stdlog << "Dropped message because too small(2)\n";
> return eResponseTypeError;
> }
> + // no data bytes
> + if ( data[13] <= 0 )
> + {
> + // Not enough data was supplied, reject the message.
> + stdlog << "Dropped message because data len is <=0 \n";
> + return eResponseTypeError;
> + }
>
> data_len = data[13];
> }
>
------------------------------------------------------------------------------
SF.Net email is Sponsored by MIX09, March 18-20, 2009 in Las Vegas, Nevada.
The future of the web can't happen without you. Join us at MIX09 to help
pave the way to the Next Web now. Learn more and register at
http://ad.doubleclick.net/clk;208669438;13503038;i?http://2009.visitmix.com/
_______________________________________________
Openhpi-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openhpi-devel
