packages/OpenIPMI
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: packages:4c22c8c85d93540e1b0cb804cbd9cd3bffeba378
Branches Tags
packages:main
..
compare: packages:be05506c62bce4333c1bc5d8881400ca86563186
Branches Tags
packages:main

No commits in common. "4c22c8c85d93540e1b0cb804cbd9cd3bffeba378" and "be05506c62bce4333c1bc5d8881400ca86563186" have entirely different histories.
4c22c8c85d ... be05506c62

7 changed files with 3 additions and 247 deletions
Show Stats Expand all files Collapse all files

BIN
OpenIPMI-2.0.31.tar.gz Normal file
View File

Binary file not shown.

BIN
OpenIPMI-2.0.32.tar.gz
View File

Binary file not shown.

46
OpenIPMI.spec
View File

@ -1,6 +1,6 @@
Name: OpenIPMI Name: OpenIPMI
Version: 2.0.32 Version: 2.0.31
Release: 4 Release: 1
Summary: IPMI (Intelligent Platform Management Interface) library and tools Summary: IPMI (Intelligent Platform Management Interface) library and tools
License: LGPLv2+ and GPLv2+ or BSD License: LGPLv2+ and GPLv2+ or BSD
URL: https://sourceforge.net/projects/openipmi/ URL: https://sourceforge.net/projects/openipmi/
@ -10,10 +10,6 @@ Source2: ipmi.service
Source3: openipmi-helper Source3: openipmi-helper
Patch0: 0001-man.patch Patch0: 0001-man.patch
Patch1: backport-fix-coredump-when-use-ipmi_ui.patch
Patch2: backport-0001-CVE-2024-42934.patch
Patch3: backport-0002-CVE-2024-42934.patch
Patch4: backport-0003-CVE-2024-42934.patch
BuildRequires: gdbm-devel swig glib2-devel net-snmp-devel ncurses-devel BuildRequires: gdbm-devel swig glib2-devel net-snmp-devel ncurses-devel
BuildRequires: openssl-devel python3-devel perl-devel perl-generators BuildRequires: openssl-devel python3-devel perl-devel perl-generators
@ -72,7 +68,6 @@ of the OpenIPMI project.
CFLAGS="-fPIC %{optflags} -z now -fno-strict-aliasing" \ CFLAGS="-fPIC %{optflags} -z now -fno-strict-aliasing" \
LDFLAGS="%{__global_ldflags} -Wl,--as-needed" \ LDFLAGS="%{__global_ldflags} -Wl,--as-needed" \
--disable-dependency-tracking \ --disable-dependency-tracking \
--disable-static \
--with-pythoninstall=%{python3_sitearch} \ --with-pythoninstall=%{python3_sitearch} \
--with-python=%{__python3} \ --with-python=%{__python3} \
--with-tcl=no \ --with-tcl=no \
@ -95,12 +90,6 @@ echo ".so man1/openipmish.1" > %{buildroot}%{_mandir}/man1/ipmish.1
%delete_la %delete_la
%check
#Ensure that the library file in the corresponding directory can be obtained during testcase execution
sed -i 's#-lgdbm#-lgdbm -Wl,--rpath=\\$progdir:\\$progdir/../../utils/.libs#g' unix/test_handlers
sed -i 's#-lpthread#-lpthread -Wl,--rpath=\\$progdir:\\$progdir/../../utils/.libs:\\$progdir/../../unix/.libs#g' lanserv/ipmi_sim
make check
%post %post
%systemd_post ipmi.service %systemd_post ipmi.service
@ -142,6 +131,7 @@ make check
%defattr(-,root,root) %defattr(-,root,root)
%{_includedir}/OpenIPMI %{_includedir}/OpenIPMI
%{_libdir}/*.so %{_libdir}/*.so
%{_libdir}/*.a
%{_libdir}/pkgconfig/*.pc %{_libdir}/pkgconfig/*.pc
%files help %files help
@ -151,36 +141,6 @@ make check
%exclude %{_mandir}/man1/openipmigui.1 %exclude %{_mandir}/man1/openipmigui.1
%changelog %changelog
* Fri Oct 11 2024 yanglu <yanglu72@h-partners.com> - 2.0.32-4
- Type:CVE
- CVE:CVE-2024-42934
- SUG:NA
- DESC:fix CVE-2024-42934
* Tue Nov 21 2023 yanglu <yanglu72@h-partners.com> - 2.0.32-3
- Type:enhancement
- CVE:NA
- SUG:NA
- DESC:enable test
* Sat Apr 01 2023 yanglu <yanglu72@h-partners.com> - 2.0.32-2
- Type:bugfix
- CVE:NA
- SUG:NA
- DESC:fix coredump when use ipmi_ui
* Mon Oct 31 2022 yanglu <yanglu72@h-partners.com> - 2.0.32-1
- Type:Requirement
- CVE:NA
- SUG:NA
- DESC:update OpenIPMI version to 2.0.32
* Fri Jun 17 2022 gaihuiying <eaglegai@163.com> - 2.0.31-2
- Type:bugfix
- CVE:
- SUG:NA
- DESC:Add the judgment on the validity of length in emu_cmd.c and session in lanserv_ipmi.c
* Fri Jan 29 2021 xihaochen <xihaochen@huawei.com> - 2.0.31-1 * Fri Jan 29 2021 xihaochen <xihaochen@huawei.com> - 2.0.31-1
- Type:requirements - Type:requirements
- Id:NA - Id:NA

46
backport-0001-CVE-2024-42934.patch
View File

@ -1,46 +0,0 @@
From b52e8e2538b2b48ef6b63bff12b5cc9e2d52eff1 Mon Sep 17 00:00:00 2001
From: Corey Minyard <minyard@acm.org>
Date: Mon, 29 Apr 2024 12:46:23 -0500
Subject: [PATCH] lanserv: Check some bounds on incoming messages
Signed-off-by: Corey Minyard <minyard@acm.org>
Reference:https://sourceforge.net/p/openipmi/code/ci/b52e8e2538b2b48ef6b63bff12b5cc9e2d52eff1/
Conflict:NA
---
lanserv/lanserv_ipmi.c | 11 +++++++++++
1 file changed, 11 insertions(+)
diff --git a/lanserv/lanserv_ipmi.c b/lanserv/lanserv_ipmi.c
index ccd6001..0ee6451 100644
--- a/lanserv/lanserv_ipmi.c
+++ b/lanserv/lanserv_ipmi.c
@@ -882,6 +882,12 @@ handle_temp_session(lanserv_data_t *lan, msg_t *msg)
}
auth = msg->data[0] & 0xf;
+ if (auth >= MAX_IPMI_AUTHS) {
+ lan->sysinfo->log(lan->sysinfo, NEW_SESSION_FAILED, msg,
+ "Activate session failed: Invalid auth: 0x%x", auth);
+ return;
+ }
+
user = &(lan->users[user_idx]);
if (! (user->valid)) {
lan->sysinfo->log(lan->sysinfo, NEW_SESSION_FAILED, msg,
@@ -3034,6 +3040,11 @@ ipmi_handle_lan_msg(lanserv_data_t *lan,
}
msg.authtype = data[4];
+ if (msg.authtype >= MAX_IPMI_AUTHS) {
+ lan->sysinfo->log(lan->sysinfo, LAN_ERR, &msg,
+ "LAN msg failure: Invalid authtype");
+ return;
+ }
msg.data = data+5;
msg.len = len - 5;
msg.channel = lan->channel.channel_num;
--
2.43.0

71
backport-0002-CVE-2024-42934.patch
View File

@ -1,71 +0,0 @@
From 663e3cd3b6d1d9fc82267c7d7474320cb67e03a4 Mon Sep 17 00:00:00 2001
From: Corey Minyard <minyard@acm.org>
Date: Sun, 2 Jun 2024 14:11:16 -0500
Subject: [PATCH] lanserv: Fix an issue logging an error on a message
A message structure was passed to the log, but it was not sufficiently
initialized and the logging program crashed. Rework the initialization
to make the message data ready and legal for the logging calls.
Found-by: Fabio Massimo Di Nitto
Signed-off-by: Corey Minyard <minyard@acm.org>
Reference:https://sourceforge.net/p/openipmi/code/ci/663e3cd3b6d1d9fc82267c7d7474320cb67e03a4/
Conflict:NA
---
lanserv/lanserv_ipmi.c | 20 ++++++++++++++++----
1 file changed, 16 insertions(+), 4 deletions(-)
diff --git a/lanserv/lanserv_ipmi.c b/lanserv/lanserv_ipmi.c
index 0ee6451..1ef5710 100644
--- a/lanserv/lanserv_ipmi.c
+++ b/lanserv/lanserv_ipmi.c
@@ -3022,17 +3022,33 @@ ipmi_handle_lan_msg(lanserv_data_t *lan,
{
msg_t msg;
+ memset(&msg, 0, sizeof(msg));
+
msg.src_addr = from_addr;
msg.src_len = from_len;
msg.oem_data = 0;
+ msg.channel = lan->channel.channel_num;
+ msg.orig_channel = &lan->channel;
+
+ /*
+ * Initialize the data so the log won't crash if it gets called, and
+ * so the log might have useful info.
+ */
+ msg.data = data;
+ msg.len = len;
+
if (len < 5) {
lan->sysinfo->log(lan->sysinfo, LAN_ERR, &msg,
"LAN msg failure: message too short");
return;
}
+ /* Length is at least marginally correct, skip the first part now. */
+ msg.data = data + 5;
+ msg.len = len - 5;
+
if (data[2] != 0xff) {
lan->sysinfo->log(lan->sysinfo, LAN_ERR, &msg,
"LAN msg failure: seq not ff");
@@ -3045,10 +3061,6 @@ ipmi_handle_lan_msg(lanserv_data_t *lan,
"LAN msg failure: Invalid authtype");
return;
}
- msg.data = data+5;
- msg.len = len - 5;
- msg.channel = lan->channel.channel_num;
- msg.orig_channel = &lan->channel;
if (msg.authtype == IPMI_AUTHTYPE_RMCP_PLUS) {
ipmi_handle_rmcpp_msg(lan, &msg);
--
2.43.0

50
backport-0003-CVE-2024-42934.patch
View File

@ -1,50 +0,0 @@
From 4c129d0540f3578ecc078d8612bbf84b6cd24c87 Mon Sep 17 00:00:00 2001
From: Corey Minyard <corey@minyard.net>
Date: Thu, 1 Aug 2024 10:56:06 -0500
Subject: [PATCH] lanserv: Fix an issue with authorization range checking
A recent change added a range check on authorization type, but it didn't
take into account the RMCP authorization type that's special. Add a
check for that.
Fixes: b52e8e2538b2b48ef6b6 "lanserv: Check some bounds on incoming messages"
Signed-off-by: Corey Minyard <corey@minyard.net>
Reference:https://sourceforge.net/p/openipmi/code/ci/4c129d0540f3578ecc078d8612bbf84b6cd24c87/
Conflict:NA
---
lanserv/lanserv_ipmi.c | 11 ++++-------
1 file changed, 4 insertions(+), 7 deletions(-)
diff --git a/lanserv/lanserv_ipmi.c b/lanserv/lanserv_ipmi.c
index 1ef5710..5de396e 100644
--- a/lanserv/lanserv_ipmi.c
+++ b/lanserv/lanserv_ipmi.c
@@ -3056,18 +3056,15 @@ ipmi_handle_lan_msg(lanserv_data_t *lan,
}
msg.authtype = data[4];
- if (msg.authtype >= MAX_IPMI_AUTHS) {
- lan->sysinfo->log(lan->sysinfo, LAN_ERR, &msg,
- "LAN msg failure: Invalid authtype");
- return;
- }
-
if (msg.authtype == IPMI_AUTHTYPE_RMCP_PLUS) {
ipmi_handle_rmcpp_msg(lan, &msg);
+ } else if (msg.authtype >= MAX_IPMI_AUTHS) {
+ lan->sysinfo->log(lan->sysinfo, LAN_ERR, &msg,
+ "LAN msg failure: Invalid authtype: %d", data[4]);
+ return;
} else {
ipmi_handle_rmcp_msg(lan, &msg);
}
-
}
static void
--
2.43.0

37
backport-fix-coredump-when-use-ipmi_ui.patch
View File

@ -1,37 +0,0 @@
From 732ee129ca0851081bf4c515c410dc64d7f8a6f9 Mon Sep 17 00:00:00 2001
From: eaglegai <eaglegai@163.com>
Date: Mon, 20 Mar 2023 09:37:50 +0800
Subject: [PATCH] fix coredump when use ipmi_ui
Signed-off-by: eaglegai <eaglegai@163.com>
Signed-off-by: Corey Minyard <cminyard@mvista.com>
Conflict: NA
Reference: https://sourceforge.net/p/openipmi/code/ci/732ee129ca0851081bf4c515c410dc64d7f8a6f9
---
ui/ui.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/ui/ui.c b/ui/ui.c
index 529ff223..9c6a51f0 100644
--- a/ui/ui.c
+++ b/ui/ui.c
@@ -586,7 +586,6 @@ leave(int rv, char *format, ...)
{
va_list ap;
- ipmi_shutdown();
ipmi_ui_os_hnd->stop_timer(ipmi_ui_os_hnd, redisplay_timer);
ipmi_ui_os_hnd->free_timer(ipmi_ui_os_hnd, redisplay_timer);
@@ -628,6 +627,7 @@ leave(int rv, char *format, ...)
va_start(ap, format);
vfprintf(stderr, format, ap);
va_end(ap);
+ ipmi_shutdown();
ipmi_debug_malloc_cleanup();
exit(rv);
--
2.27.0