diff options
author | Luk Claes <luk@debian.org> | 2011-09-20 08:01:55 +0200 |
---|---|---|
committer | Luk Claes <luk@debian.org> | 2011-09-20 08:01:55 +0200 |
commit | d98b020b3b3164ad13bbb9f5a672dd5679a7a828 (patch) | |
tree | f9fea673b63c7e2fa667641b2fc3df8b71862acb | |
parent | 410bf328786be508e4d03d4e95e31b1b6cc09c39 (diff) |
Fix buffer overflow in tsol session.
-rw-r--r-- | debian/changelog | 3 | ||||
-rw-r--r-- | debian/patches/101_fix_buf_overflow | 12 | ||||
-rw-r--r-- | debian/patches/series | 1 |
3 files changed, 15 insertions, 1 deletions
diff --git a/debian/changelog b/debian/changelog index bf0039b..9227063 100644 --- a/debian/changelog +++ b/debian/changelog @@ -6,8 +6,9 @@ ipmitool (1.8.11-4) unstable; urgency=low * debian/ipmitool.ipmievd.init: Test if /etc/default/rcS exists, before executing it. * debian/ipmitool.{post,pre}{inst,rm}: Add -e. + * Fix buffer overflow in tsol session. - -- Luk Claes <luk@debian.org> Tue, 20 Sep 2011 07:55:44 +0200 + -- Luk Claes <luk@debian.org> Tue, 20 Sep 2011 08:00:57 +0200 ipmitool (1.8.11-3) unstable; urgency=high diff --git a/debian/patches/101_fix_buf_overflow b/debian/patches/101_fix_buf_overflow new file mode 100644 index 0000000..56b2d89 --- /dev/null +++ b/debian/patches/101_fix_buf_overflow @@ -0,0 +1,12 @@ +diff -Naurp ipmitool-1.8.11.orig//lib/ipmi_tsol.c ipmitool-1.8.11//lib/ipmi_tsol.c +--- ipmitool-1.8.11.orig//lib/ipmi_tsol.c 2009-02-25 15:38:52.000000000 -0500 ++++ ipmitool-1.8.11//lib/ipmi_tsol.c 2010-09-08 09:10:24.611519035 -0400 +@@ -385,7 +385,7 @@ ipmi_tsol_main(struct ipmi_intf * intf, + socklen_t mylen; + char *recvip = NULL; + char out_buff[IPMI_BUF_SIZE * 8], in_buff[IPMI_BUF_SIZE]; +- char buff[IPMI_BUF_SIZE + 4]; ++ char buff[IPMI_BUF_SIZE * 8 + 4]; + int fd_socket, result, i; + int out_buff_fill, in_buff_fill; + int ip1, ip2, ip3, ip4; diff --git a/debian/patches/series b/debian/patches/series index ca8572e..1d8f38f 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -1,3 +1,4 @@ 99_readme_typo passwd_option fix_sdr_segfault +101_fix_buf_overflow |