* [Buildroot] [PATCH] package/ipmitool: fix patch
@ 2020-09-16 17:44 Heiko Thiery
2020-09-17 20:29 ` Thomas Petazzoni
0 siblings, 1 reply; 2+ messages in thread
From: Heiko Thiery @ 2020-09-16 17:44 UTC (permalink / raw)
To: buildroot
The previous commit to this package
(37c5e903a7e18f5b3847c11a40af5f74984d6c77) introduced a bunch of patches
to fix a CVE. Unfortunatly only applying of the patches was tested but
not building the package.
This commit replaces a define that was introduced in a previous patch
upstream and caused the build failure.
Tested:
br-arm-full [1/6]: OK
br-arm-cortex-a9-glibc [2/6]: OK
br-arm-cortex-m4-full [3/6]: SKIPPED
br-x86-64-musl [4/6]: OK
br-arm-full-static [5/6]: OK
sourcery-arm [6/6]: OK
Fixes:
- http://autobuild.buildroot.net/results/3f7fe8ad181318153c459ba5e1afbbc8b49d541c/
- and more
Cc: Peter Korsgaard <peter@korsgaard.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Heiko Thiery <heiko.thiery@gmail.com>
---
package/ipmitool/0011-channel-Fix-buffer-overflow.patch | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/package/ipmitool/0011-channel-Fix-buffer-overflow.patch b/package/ipmitool/0011-channel-Fix-buffer-overflow.patch
index 8d7ecb9550..62e04c3e27 100644
--- a/package/ipmitool/0011-channel-Fix-buffer-overflow.patch
+++ b/package/ipmitool/0011-channel-Fix-buffer-overflow.patch
@@ -14,7 +14,12 @@ the final response?s `data_len`, which can lead to stack buffer overflow
on the final copy.
[Retrieve from:
-https://github.com/ipmitool/ipmitool/commit/9452be87181a6e83cfcc768b3ed8321763db50e4]
+https://github.com/ipmitool/ipmitool/commit/9452be87181a6e83cfcc768b3ed8321763db50e4
+
+The patch is slightly modified manually. The define
+(MAX_CIPHER_SUITE_DATA_LEN) was introduced upstream in another patch.
+Replace the define by the value 0x10.]
+
Signed-off-by: Heiko Thiery <heiko.thiery@gmail.com>
---
lib/ipmi_channel.c | 5 ++++-
@@ -31,7 +36,7 @@ index fab2e54..59ac227 100644
- if (rsp->ccode > 0) {
+ if (rsp->ccode
+ || rsp->data_len < 1
-+ || rsp->data_len > sizeof(uint8_t) + MAX_CIPHER_SUITE_DATA_LEN)
++ || rsp->data_len > sizeof(uint8_t) + 0x10)
+ {
lprintf(LOG_ERR, "Get Channel Cipher Suites failed: %s",
val2str(rsp->ccode, completion_code_vals));
--
2.20.1
^ permalink raw reply related [flat|nested] 2+ messages in thread
* [Buildroot] [PATCH] package/ipmitool: fix patch
2020-09-16 17:44 [Buildroot] [PATCH] package/ipmitool: fix patch Heiko Thiery
@ 2020-09-17 20:29 ` Thomas Petazzoni
0 siblings, 0 replies; 2+ messages in thread
From: Thomas Petazzoni @ 2020-09-17 20:29 UTC (permalink / raw)
To: buildroot
On Wed, 16 Sep 2020 19:44:51 +0200
Heiko Thiery <heiko.thiery@gmail.com> wrote:
> The previous commit to this package
> (37c5e903a7e18f5b3847c11a40af5f74984d6c77) introduced a bunch of patches
> to fix a CVE. Unfortunatly only applying of the patches was tested but
> not building the package.
>
> This commit replaces a define that was introduced in a previous patch
> upstream and caused the build failure.
>
> Tested:
>
> br-arm-full [1/6]: OK
> br-arm-cortex-a9-glibc [2/6]: OK
> br-arm-cortex-m4-full [3/6]: SKIPPED
> br-x86-64-musl [4/6]: OK
> br-arm-full-static [5/6]: OK
> sourcery-arm [6/6]: OK
>
> Fixes:
> - http://autobuild.buildroot.net/results/3f7fe8ad181318153c459ba5e1afbbc8b49d541c/
> - and more
>
> Cc: Peter Korsgaard <peter@korsgaard.com>
> Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
> Signed-off-by: Heiko Thiery <heiko.thiery@gmail.com>
> ---
> package/ipmitool/0011-channel-Fix-buffer-overflow.patch | 9 +++++++--
> 1 file changed, 7 insertions(+), 2 deletions(-)
Applied to master, thanks.
Thomas
--
Thomas Petazzoni, CTO, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2020-09-17 20:29 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-09-16 17:44 [Buildroot] [PATCH] package/ipmitool: fix patch Heiko Thiery
2020-09-17 20:29 ` Thomas Petazzoni
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.