From 36a24e9032591da8cc7688f69e7e9f5f41ffe4ab Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Frings-F=C3=BCrst?= Date: Sat, 10 Sep 2022 15:44:31 +0200 Subject: New upstream release --- AUTHORS | 2 +- debian/changelog | 6 ++++ doc/ipmievd.8 | 4 +-- doc/ipmitool.1 | 16 +++++----- include/ipmitool/ipmi.h | 1 + include/ipmitool/ipmi_channel.h | 2 ++ include/ipmitool/ipmi_hpmfwupg.h | 17 ++++++++++- include/ipmitool/ipmi_pef.h | 2 +- lib/dimm_spd.c | 11 +++++-- lib/helper.c | 1 - lib/ipmi_channel.c | 5 +++- lib/ipmi_ekanalyzer.c | 12 ++++---- lib/ipmi_fru.c | 35 ++++++++++++++++++++-- lib/ipmi_hpmfwupg.c | 5 +++- lib/ipmi_kontronoem.c | 4 +-- lib/ipmi_lanp.c | 16 +++++----- lib/ipmi_main.c | 1 + lib/ipmi_mc.c | 2 +- lib/ipmi_sdr.c | 40 +++++++++++++++---------- lib/ipmi_session.c | 12 +++++--- lib/ipmi_strings.c | 1 + lib/ipmi_tsol.c | 2 +- src/ipmievd.c | 4 +-- src/plugins/lanplus/lanplus.c | 4 +-- src/plugins/lanplus/lanplus_crypt_impl.c | 50 ++++++++++++++++++-------------- 25 files changed, 171 insertions(+), 84 deletions(-) diff --git a/AUTHORS b/AUTHORS index 9589d87..05baf65 100644 --- a/AUTHORS +++ b/AUTHORS @@ -1,5 +1,5 @@ Duncan Laurie -Fredrik Öhrn +Fredrik Öhrn Jon Cassorla Jeremy Ellington Petter Reinholdtsen diff --git a/debian/changelog b/debian/changelog index c08965e..b910c40 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +ipmitool (1.8.19-1) UNRELEASED; urgency=medium + + * New upstrem release. + + -- Jörg Frings-Fürst Sat, 10 Sep 2022 15:35:32 +0200 + ipmitool (1.8.18-11) unstable; urgency=medium * Remove useless debian/ipmitool.lintian-overrides. diff --git a/doc/ipmievd.8 b/doc/ipmievd.8 index a39dce0..a0ac7a2 100644 --- a/doc/ipmievd.8 +++ b/doc/ipmievd.8 @@ -56,7 +56,7 @@ This is not available with all commands. The remote server authentication, integrity, and encryption algorithms to use for IPMIv2 \fIlanplus\fP connections. See table 22\-19 in the IPMIv2 specification. The default is 3 which specifies RAKP\-HMAC\-SHA1 -authentication, HMAC\-SHA1\-96 integrity, and AES\-CBC\-128 encryption algorightms. +authentication, HMAC\-SHA1\-96 integrity, and AES\-CBC\-128 encryption algorithms. .TP \fB\-E\fR The remote server password is specified by the environment @@ -145,7 +145,7 @@ placed at the end of commands to get option usage help. > ipmievd help .br Commands: - open Use OpenIPMI for asyncronous notification of events + open Use OpenIPMI for asynchronous notification of events sel Poll SEL for notification of events .TP diff --git a/doc/ipmitool.1 b/doc/ipmitool.1 index 2e39fad..8c2cead 100644 --- a/doc/ipmitool.1 +++ b/doc/ipmitool.1 @@ -1035,7 +1035,7 @@ Display point to point physical connectivity between carriers and AMC modules. AMC slot B2 topology: Port 0 =====> On Carrier Device ID 0, Port 3 Port 2 =====> AMC slot B1, Port 2 - *-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* + *-*-*-* *-*-* *-*-* *-*-* *-*-* *-*-* *-*-* From Carrier file: carrierfru On Carrier Device ID 0 topology: Port 0 =====> AMC slot B1, Port 4 @@ -1091,7 +1091,7 @@ and an AMC module or between 2 AMC modules. Example: \-Link Type: AMC.2 Ethernet \-Link Type extension: 1000BASE-BX (SerDES Gigabit) Ethernet link \-Link Group ID: 0 || Link Asym. Match: exact match - *-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* + *-*-*-* *-*-* *-*-* *-*-* *-*-* *-*-* *-*-* AMC slot B1 port 1 ==> On-Carrier Device 0 port 12 Matching Result - From On-Carrier Device ID 0 @@ -1104,7 +1104,7 @@ and an AMC module or between 2 AMC modules. Example: \-Link Type: AMC.2 Ethernet \-Link Type extension: 1000BASE-BX (SerDES Gigabit) Ethernet link \-Link Group ID: 0 || Link Asym. Match: exact match - *-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* + *-*-*-* *-*-* *-*-* *-*-* *-*-* *-*-* *-*-* On-Carrier Device vs AMC slot A2 AMC slot A2 port 0 ==> On-Carrier Device 0 port 3 Matching Result @@ -1118,7 +1118,7 @@ and an AMC module or between 2 AMC modules. Example: \-Link Type: AMC.2 Ethernet \-Link Type extension: 1000BASE-BX (SerDES Gigabit) Ethernet link \-Link Group ID: 0 || Link Asym. Match: exact match - *-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* + *-*-*-* *-*-* *-*-* *-*-* *-*-* *-*-* *-*-* AMC slot B1 vs AMC slot A2 AMC slot A2 port 2 ==> AMC slot B1 port 2 Matching Result @@ -1132,7 +1132,7 @@ and an AMC module or between 2 AMC modules. Example: \-Link Type: AMC.3 Storage \-Link Type extension: Serial Attached SCSI (SAS/SATA) \-Link Group ID: 0 || Link Asym. Match: FC or SAS interface {exact match} - *-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* + *-*-*-* *-*-* *-*-* *-*-* *-*-* *-*-* *-*-* .TP \fIunmatch\fP <\fBxx=filename\fR> <\fBxx=filename\fR> \fB...\fr .br @@ -2478,7 +2478,7 @@ Discover Node Manager presence as well as the Node Manager version, revision, an .br Add a new power policy, or overwrite an existing policy. -The \fIcorrection\fP parameter is the agressiveness of frequency limiting, default is auto. +The \fIcorrection\fP parameter is the aggressiveness of frequency limiting, default is auto. The \fItrig_lim\fP is the correction time limit and must be at least 6000 and not greater than 65535. The \fIstats\fP setting is the averaging period in seconds and ranges from 1-65535. If domain is not supplied a default of platform is used. @@ -2489,7 +2489,7 @@ If domain is not supplied a default of platform is used. .br Add a new inlet temp policy, or overwrite an existing policy. -The \fIcorrection\fP parameter is the agressiveness of frequency limiting, default is auto. +The \fIcorrection\fP parameter is the aggressiveness of frequency limiting, default is auto. The \fItrig_lim\fP is the correction time limit and must be at least 6000 and not greater than 65535. The \fIstats\fP setting is the averaging period in seconds and ranges from 1-65535. If domain is not supplied a default of platform is used. @@ -3657,7 +3657,7 @@ and encryption algorithms to use for for \fIlanplus\fP session based on the cipher suite ID found in the IPMIv2.0 specification in table 22\-19. The default cipher suite is \fI3\fP which specifies RAKP\-HMAC\-SHA1 authentication, HMAC\-SHA1\-96 integrity, and AES\-CBC\-128 -encryption algorightms. +encryption algorithms. .SH "FREE INTERFACE" .LP diff --git a/include/ipmitool/ipmi.h b/include/ipmitool/ipmi.h index 6e42d06..23f9681 100644 --- a/include/ipmitool/ipmi.h +++ b/include/ipmitool/ipmi.h @@ -279,6 +279,7 @@ typedef enum IPMI_OEM { /* 4769 for [IBM Corporation] */ IPMI_OEM_IBM_4769 = 4769, IPMI_OEM_MAGNUM = 5593, + IPMI_OEM_NVIDIA = 5703, IPMI_OEM_TYAN = 6653, IPMI_OEM_QUANTA = 7244, IPMI_OEM_NEWISYS = 9237, diff --git a/include/ipmitool/ipmi_channel.h b/include/ipmitool/ipmi_channel.h index b138c26..d7cce5e 100644 --- a/include/ipmitool/ipmi_channel.h +++ b/include/ipmitool/ipmi_channel.h @@ -77,6 +77,8 @@ struct channel_access_t { uint8_t user_level_auth; }; +#define MAX_CIPHER_SUITE_DATA_LEN 0x10 + /* * The Get Authentication Capabilities response structure * From table 22-15 of the IPMI v2.0 spec diff --git a/include/ipmitool/ipmi_hpmfwupg.h b/include/ipmitool/ipmi_hpmfwupg.h index de65292..a994b9f 100644 --- a/include/ipmitool/ipmi_hpmfwupg.h +++ b/include/ipmitool/ipmi_hpmfwupg.h @@ -30,9 +30,22 @@ * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. */ + #ifndef IPMI_HPMFWUPG_H #define IPMI_HPMFWUPG_H + +#ifdef IPMI_HPMFWUPG_MOD + + #define EXTERN + +#else + + #define EXTERN extern + +#endif + + #include #include @@ -800,10 +813,12 @@ typedef struct _VERSIONINFO { char descString[HPMFWUPG_DESC_STRING_LENGTH + 1]; }VERSIONINFO, *PVERSIONINFO; -VERSIONINFO gVersionInfo[HPMFWUPG_COMPONENT_ID_MAX]; +EXTERN VERSIONINFO gVersionInfo[HPMFWUPG_COMPONENT_ID_MAX]; #define TARGET_VER (0x01) #define ROLLBACK_VER (0x02) #define IMAGE_VER (0x04) #endif /* IPMI_KFWUM_H */ + +#undef EXTERN diff --git a/include/ipmitool/ipmi_pef.h b/include/ipmitool/ipmi_pef.h index 14c6e18..42e2ddb 100644 --- a/include/ipmitool/ipmi_pef.h +++ b/include/ipmitool/ipmi_pef.h @@ -178,7 +178,7 @@ BIT_DESC_MAP_LIST, {"Entity presence", 37}, {"Monitor ASIC/IC", 38}, {"LAN", 39}, - {"Management subsytem health",40}, + {"Management subsystem health",40}, {"Battery", 41}, {NULL} } }; diff --git a/lib/dimm_spd.c b/lib/dimm_spd.c index 41e30db..8204405 100644 --- a/lib/dimm_spd.c +++ b/lib/dimm_spd.c @@ -798,7 +798,7 @@ const struct valstr jedec_id5_vals[] = { { 0xE3, "WIS Technologies" }, { 0x64, "GateChange Technologies" }, { 0xE5, "High Density Devices AS" }, - { 0xE6, "Synopsys" }, + { 0xE6, "Synopsis" }, { 0x67, "Gigaram" }, { 0x68, "Enigma Semiconductor Inc." }, { 0xE9, "Century Micro Inc." }, @@ -1621,7 +1621,7 @@ ipmi_spd_print_fru(struct ipmi_intf * intf, uint8_t id) struct ipmi_rq req; struct fru_info fru; uint8_t *spd_data, msg_data[4]; - int len, offset; + uint32_t len, offset; msg_data[0] = id; @@ -1697,6 +1697,13 @@ ipmi_spd_print_fru(struct ipmi_intf * intf, uint8_t id) } len = rsp->data[0]; + if(rsp->data_len < 1 + || len > rsp->data_len - 1 + || len > fru.size - offset) + { + printf(" Not enough buffer size"); + return -1; + } memcpy(&spd_data[offset], rsp->data + 1, len); offset += len; } while (offset < fru.size); diff --git a/lib/helper.c b/lib/helper.c index de91438..c3a1c80 100644 --- a/lib/helper.c +++ b/lib/helper.c @@ -829,7 +829,6 @@ ipmi_start_daemon(struct ipmi_intf *intf) #endif chdir("/"); - umask(0); for (fd=0; fd<64; fd++) { if (fd != intf->fd) diff --git a/lib/ipmi_channel.c b/lib/ipmi_channel.c index fab2e54..a744920 100644 --- a/lib/ipmi_channel.c +++ b/lib/ipmi_channel.c @@ -413,7 +413,10 @@ ipmi_get_channel_cipher_suites(struct ipmi_intf *intf, const char *payload_type, lprintf(LOG_ERR, "Unable to Get Channel Cipher Suites"); return -1; } - if (rsp->ccode > 0) { + if (rsp->ccode + || rsp->data_len < 1 + || rsp->data_len > sizeof(uint8_t) + MAX_CIPHER_SUITE_DATA_LEN) + { lprintf(LOG_ERR, "Get Channel Cipher Suites failed: %s", val2str(rsp->ccode, completion_code_vals)); return -1; diff --git a/lib/ipmi_ekanalyzer.c b/lib/ipmi_ekanalyzer.c index 7a6c63d..fee790c 100644 --- a/lib/ipmi_ekanalyzer.c +++ b/lib/ipmi_ekanalyzer.c @@ -3398,7 +3398,7 @@ ipmi_ek_display_board_p2p_record(struct ipmi_ek_multi_header *record) printf("ShMC Cross-connect (two-pair)\n"); break; default: - printf("Unknwon\n"); + printf("Unknown\n"); break; } } else if (d->type == FRU_PICMGEXT_LINK_TYPE_FABRIC_ETHERNET) { @@ -3413,17 +3413,17 @@ ipmi_ek_display_board_p2p_record(struct ipmi_ek_multi_header *record) printf("FC-PI\n"); break; default: - printf("Unknwon\n"); + printf("Unknown\n"); break; } } else if (d->type == FRU_PICMGEXT_LINK_TYPE_FABRIC_INFINIBAND) { - printf("Unknwon\n"); + printf("Unknown\n"); } else if (d->type == FRU_PICMGEXT_LINK_TYPE_FABRIC_STAR) { - printf("Unknwon\n"); + printf("Unknown\n"); } else if (d->type == FRU_PICMGEXT_LINK_TYPE_PCIE) { - printf("Unknwon\n"); + printf("Unknown\n"); } else { - printf("Unknwon\n"); + printf("Unknown\n"); } printf("\tLink Type:\t\t0x%02x - ", d->type); if (d->type == 0 || d->type == 0xff) { diff --git a/lib/ipmi_fru.c b/lib/ipmi_fru.c index cf00eff..98bc984 100644 --- a/lib/ipmi_fru.c +++ b/lib/ipmi_fru.c @@ -615,7 +615,10 @@ int read_fru_area(struct ipmi_intf * intf, struct fru_info *fru, uint8_t id, uint32_t offset, uint32_t length, uint8_t *frubuf) { - uint32_t off = offset, tmp, finish; + uint32_t off = offset; + uint32_t tmp; + uint32_t finish; + uint32_t size_left_in_buffer; struct ipmi_rs * rsp; struct ipmi_rq req; uint8_t msg_data[4]; @@ -628,10 +631,12 @@ read_fru_area(struct ipmi_intf * intf, struct fru_info *fru, uint8_t id, finish = offset + length; if (finish > fru->size) { + memset(frubuf + fru->size, 0, length - fru->size); finish = fru->size; lprintf(LOG_NOTICE, "Read FRU Area length %d too large, " "Adjusting to %d", offset + length, finish - offset); + length = finish - offset; } memset(&req, 0, sizeof(req)); @@ -667,6 +672,7 @@ read_fru_area(struct ipmi_intf * intf, struct fru_info *fru, uint8_t id, } } + size_left_in_buffer = length; do { tmp = fru->access ? off >> 1 : off; msg_data[0] = id; @@ -707,9 +713,18 @@ read_fru_area(struct ipmi_intf * intf, struct fru_info *fru, uint8_t id, } tmp = fru->access ? rsp->data[0] << 1 : rsp->data[0]; + if(rsp->data_len < 1 + || tmp > rsp->data_len - 1 + || tmp > size_left_in_buffer) + { + printf(" Not enough buffer size"); + return -1; + } + memcpy(frubuf, rsp->data + 1, tmp); off += tmp; frubuf += tmp; + size_left_in_buffer -= tmp; /* sometimes the size returned in the Info command * is too large. return 0 so higher level function * still attempts to parse what was returned */ @@ -742,7 +757,9 @@ read_fru_area_section(struct ipmi_intf * intf, struct fru_info *fru, uint8_t id, uint32_t offset, uint32_t length, uint8_t *frubuf) { static uint32_t fru_data_rqst_size = 20; - uint32_t off = offset, tmp, finish; + uint32_t off = offset; + uint32_t tmp, finish; + uint32_t size_left_in_buffer; struct ipmi_rs * rsp; struct ipmi_rq req; uint8_t msg_data[4]; @@ -755,10 +772,12 @@ read_fru_area_section(struct ipmi_intf * intf, struct fru_info *fru, uint8_t id, finish = offset + length; if (finish > fru->size) { + memset(frubuf + fru->size, 0, length - fru->size); finish = fru->size; lprintf(LOG_NOTICE, "Read FRU Area length %d too large, " "Adjusting to %d", offset + length, finish - offset); + length = finish - offset; } memset(&req, 0, sizeof(req)); @@ -773,6 +792,8 @@ read_fru_area_section(struct ipmi_intf * intf, struct fru_info *fru, uint8_t id, if (fru->access && fru_data_rqst_size > 16) #endif fru_data_rqst_size = 16; + + size_left_in_buffer = length; do { tmp = fru->access ? off >> 1 : off; msg_data[0] = id; @@ -804,8 +825,16 @@ read_fru_area_section(struct ipmi_intf * intf, struct fru_info *fru, uint8_t id, } tmp = fru->access ? rsp->data[0] << 1 : rsp->data[0]; + if(rsp->data_len < 1 + || tmp > rsp->data_len - 1 + || tmp > size_left_in_buffer) + { + printf(" Not enough buffer size"); + return -1; + } memcpy((frubuf + off)-offset, rsp->data + 1, tmp); off += tmp; + size_left_in_buffer -= tmp; /* sometimes the size returned in the Info command * is too large. return 0 so higher level function @@ -3033,7 +3062,7 @@ ipmi_fru_print(struct ipmi_intf * intf, struct sdr_record_fru_locator * fru) return 0; memset(desc, 0, sizeof(desc)); - memcpy(desc, fru->id_string, fru->id_code & 0x01f); + memcpy(desc, fru->id_string, __min(fru->id_code & 0x01f, sizeof(desc))); desc[fru->id_code & 0x01f] = 0; printf("FRU Device Description : %s (ID %d)\n", desc, fru->device_id); diff --git a/lib/ipmi_hpmfwupg.c b/lib/ipmi_hpmfwupg.c index bbcffc0..acab8de 100644 --- a/lib/ipmi_hpmfwupg.c +++ b/lib/ipmi_hpmfwupg.c @@ -37,7 +37,10 @@ #include #include + +#define IPMI_HPMFWUPG_MOD #include + #include #include #include @@ -1507,7 +1510,7 @@ HpmfwupgGetTargetUpgCapabilities(struct ipmi_intf *intf, pCtx->resp.GlobalCapabilities.bitField.autRollbackOverride ? 'y' : 'n'); lprintf(LOG_NOTICE, "IPMC degraded...........[%c] ", pCtx->resp.GlobalCapabilities.bitField.ipmcDegradedDurinUpg ? 'y' : 'n'); - lprintf(LOG_NOTICE, "Defered activation......[%c] ", + lprintf(LOG_NOTICE, "Deferred activation......[%c] ", pCtx->resp.GlobalCapabilities.bitField.deferActivation ? 'y' : 'n'); lprintf(LOG_NOTICE, "Service affected........[%c] ", pCtx->resp.GlobalCapabilities.bitField.servAffectDuringUpg ? 'y' : 'n'); diff --git a/lib/ipmi_kontronoem.c b/lib/ipmi_kontronoem.c index 64860be..e7f49cb 100644 --- a/lib/ipmi_kontronoem.c +++ b/lib/ipmi_kontronoem.c @@ -85,7 +85,7 @@ ipmi_kontronoem_main(struct ipmi_intf *intf, int argc, char **argv) return (-1); } if (ipmi_kontron_set_serial_number(intf) > 0) { - printf("FRU serial number setted successfully\n"); + printf("FRU serial number set successfully\n"); } else { printf("FRU serial number set failed\n"); rc = (-1); @@ -96,7 +96,7 @@ ipmi_kontronoem_main(struct ipmi_intf *intf, int argc, char **argv) return (-1); } if (ipmi_kontron_set_mfg_date(intf) > 0) { - printf("FRU manufacturing date setted successfully\n"); + printf("FRU manufacturing date set successfully\n"); } else { printf("FRU manufacturing date set failed\n"); rc = (-1); diff --git a/lib/ipmi_lanp.c b/lib/ipmi_lanp.c index 65d881b..c3be3de 100644 --- a/lib/ipmi_lanp.c +++ b/lib/ipmi_lanp.c @@ -1271,7 +1271,7 @@ print_lan_set_bad_pass_thresh_usage(void) { lprintf(LOG_NOTICE, "lan set bad_pass_thresh <1|0> \n" -" Bad Pasword Threshold number.\n" +" Bad Password Threshold number.\n" " <1|0> 1 = generate a Session Audit sensor event.\n" " 0 = do not generate an event.\n" " Attempt Count Reset Interval. In tens of seconds.\n" @@ -1809,7 +1809,7 @@ ipmi_lan_alert_set(struct ipmi_intf * intf, uint8_t chan, uint8_t alert, if (p == NULL) { return (-1); } - memcpy(data, p->data, p->data_len); + memcpy(data, p->data, __min(p->data_len, sizeof(data))); /* set new ipaddr */ memcpy(data+3, temp, 4); printf("Setting LAN Alert %d IP Address to %d.%d.%d.%d\n", alert, @@ -1824,7 +1824,7 @@ ipmi_lan_alert_set(struct ipmi_intf * intf, uint8_t chan, uint8_t alert, if (p == NULL) { return (-1); } - memcpy(data, p->data, p->data_len); + memcpy(data, p->data, __min(p->data_len, sizeof(data))); /* set new macaddr */ memcpy(data+7, temp, 6); printf("Setting LAN Alert %d MAC Address to " @@ -1838,7 +1838,7 @@ ipmi_lan_alert_set(struct ipmi_intf * intf, uint8_t chan, uint8_t alert, if (p == NULL) { return (-1); } - memcpy(data, p->data, p->data_len); + memcpy(data, p->data, __min(p->data_len, sizeof(data))); if (strncasecmp(argv[1], "def", 3) == 0 || strncasecmp(argv[1], "default", 7) == 0) { @@ -1864,7 +1864,7 @@ ipmi_lan_alert_set(struct ipmi_intf * intf, uint8_t chan, uint8_t alert, if (p == NULL) { return (-1); } - memcpy(data, p->data, p->data_len); + memcpy(data, p->data, __min(p->data_len, sizeof(data))); if (strncasecmp(argv[1], "on", 2) == 0 || strncasecmp(argv[1], "yes", 3) == 0) { @@ -1889,7 +1889,7 @@ ipmi_lan_alert_set(struct ipmi_intf * intf, uint8_t chan, uint8_t alert, if (p == NULL) { return (-1); } - memcpy(data, p->data, p->data_len); + memcpy(data, p->data, __min(p->data_len, sizeof(data))); if (strncasecmp(argv[1], "pet", 3) == 0) { printf("Setting LAN Alert %d destination to PET Trap\n", alert); @@ -1917,7 +1917,7 @@ ipmi_lan_alert_set(struct ipmi_intf * intf, uint8_t chan, uint8_t alert, if (p == NULL) { return (-1); } - memcpy(data, p->data, p->data_len); + memcpy(data, p->data, __min(p->data_len, sizeof(data))); if (str2uchar(argv[1], &data[2]) != 0) { lprintf(LOG_ERR, "Invalid time: %s", argv[1]); @@ -1933,7 +1933,7 @@ ipmi_lan_alert_set(struct ipmi_intf * intf, uint8_t chan, uint8_t alert, if (p == NULL) { return (-1); } - memcpy(data, p->data, p->data_len); + memcpy(data, p->data, __min(p->data_len, sizeof(data))); if (str2uchar(argv[1], &data[3]) != 0) { lprintf(LOG_ERR, "Invalid retry: %s", argv[1]); diff --git a/lib/ipmi_main.c b/lib/ipmi_main.c index 811c80b..65f1ac4 100644 --- a/lib/ipmi_main.c +++ b/lib/ipmi_main.c @@ -34,6 +34,7 @@ (_XOPEN_SOURCE >= 500 || \ _XOPEN_SOURCE && _XOPEN_SOURCE_EXTENDED) && \ !(_POSIX_C_SOURCE >= 200112L || _XOPEN_SOURCE >= 600) +#define _DEFAULT_SOURCE #include #include diff --git a/lib/ipmi_mc.c b/lib/ipmi_mc.c index 4580bfb..af7c2e0 100644 --- a/lib/ipmi_mc.c +++ b/lib/ipmi_mc.c @@ -583,7 +583,7 @@ static int ipmi_mc_get_selftest(struct ipmi_intf * intf) printf(" -> SEL device not accessible\n"); } if (sft_res->test & IPM_SELFTEST_SDR_ERROR) { - printf(" -> SDR repository not accesible\n"); + printf(" -> SDR repository not accessible\n"); } if (sft_res->test & IPM_SELFTEST_FRU_ERROR) { printf("FRU device not accessible\n"); diff --git a/lib/ipmi_sdr.c b/lib/ipmi_sdr.c index 2a9cbe3..62aac08 100644 --- a/lib/ipmi_sdr.c +++ b/lib/ipmi_sdr.c @@ -2084,7 +2084,7 @@ ipmi_sdr_print_sensor_eventonly(struct ipmi_intf *intf, return -1; memset(desc, 0, sizeof (desc)); - snprintf(desc, (sensor->id_code & 0x1f) + 1, "%s", sensor->id_string); + snprintf(desc, sizeof(desc), "%.*s", (sensor->id_code & 0x1f) + 1, sensor->id_string); if (verbose) { printf("Sensor ID : %s (0x%x)\n", @@ -2135,7 +2135,7 @@ ipmi_sdr_print_sensor_mc_locator(struct ipmi_intf *intf, return -1; memset(desc, 0, sizeof (desc)); - snprintf(desc, (mc->id_code & 0x1f) + 1, "%s", mc->id_string); + snprintf(desc, sizeof(desc), "%.*s", (mc->id_code & 0x1f) + 1, mc->id_string); if (verbose == 0) { if (csv_output) @@ -2228,7 +2228,7 @@ ipmi_sdr_print_sensor_generic_locator(struct ipmi_intf *intf, char desc[17]; memset(desc, 0, sizeof (desc)); - snprintf(desc, (dev->id_code & 0x1f) + 1, "%s", dev->id_string); + snprintf(desc, sizeof(desc), "%.*s", (dev->id_code & 0x1f) + 1, dev->id_string); if (!verbose) { if (csv_output) @@ -2285,7 +2285,7 @@ ipmi_sdr_print_sensor_fru_locator(struct ipmi_intf *intf, char desc[17]; memset(desc, 0, sizeof (desc)); - snprintf(desc, (fru->id_code & 0x1f) + 1, "%s", fru->id_string); + snprintf(desc, sizeof(desc), "%.*s", (fru->id_code & 0x1f) + 1, fru->id_string); if (!verbose) { if (csv_output) @@ -2489,35 +2489,43 @@ ipmi_sdr_print_name_from_rawentry(struct ipmi_intf *intf, uint16_t id, int rc =0; char desc[17]; + const char *id_string; + uint8_t id_code; memset(desc, ' ', sizeof (desc)); switch ( type) { case SDR_RECORD_TYPE_FULL_SENSOR: record.full = (struct sdr_record_full_sensor *) raw; - snprintf(desc, (record.full->id_code & 0x1f) +1, "%s", - (const char *)record.full->id_string); + id_code = record.full->id_code; + id_string = record.full->id_string; break; + case SDR_RECORD_TYPE_COMPACT_SENSOR: record.compact = (struct sdr_record_compact_sensor *) raw ; - snprintf(desc, (record.compact->id_code & 0x1f) +1, "%s", - (const char *)record.compact->id_string); + id_code = record.compact->id_code; + id_string = record.compact->id_string; break; + case SDR_RECORD_TYPE_EVENTONLY_SENSOR: record.eventonly = (struct sdr_record_eventonly_sensor *) raw ; - snprintf(desc, (record.eventonly->id_code & 0x1f) +1, "%s", - (const char *)record.eventonly->id_string); - break; + id_code = record.eventonly->id_code; + id_string = record.eventonly->id_string; + break; + case SDR_RECORD_TYPE_MC_DEVICE_LOCATOR: record.mcloc = (struct sdr_record_mc_locator *) raw ; - snprintf(desc, (record.mcloc->id_code & 0x1f) +1, "%s", - (const char *)record.mcloc->id_string); + id_code = record.mcloc->id_code; + id_string = record.mcloc->id_string; break; + default: rc = -1; - break; - } + } + if (!rc) { + snprintf(desc, sizeof(desc), "%.*s", (id_code & 0x1f) + 1, id_string); + } - lprintf(LOG_INFO, "ID: 0x%04x , NAME: %-16s", id, desc); + lprintf(LOG_INFO, "ID: 0x%04x , NAME: %-16s", id, desc); return rc; } diff --git a/lib/ipmi_session.c b/lib/ipmi_session.c index 141f0f4..b9af1fd 100644 --- a/lib/ipmi_session.c +++ b/lib/ipmi_session.c @@ -309,8 +309,10 @@ ipmi_get_session_info(struct ipmi_intf * intf, } else { - memcpy(&session_info, rsp->data, rsp->data_len); - print_session_info(&session_info, rsp->data_len); + memcpy(&session_info, rsp->data, + __min(rsp->data_len, sizeof(session_info))); + print_session_info(&session_info, + __min(rsp->data_len, sizeof(session_info))); } break; @@ -341,8 +343,10 @@ ipmi_get_session_info(struct ipmi_intf * intf, break; } - memcpy(&session_info, rsp->data, rsp->data_len); - print_session_info(&session_info, rsp->data_len); + memcpy(&session_info, rsp->data, + __min(rsp->data_len, sizeof(session_info))); + print_session_info(&session_info, + __min(rsp->data_len, sizeof(session_info))); } while (i <= session_info.session_slot_count); break; diff --git a/lib/ipmi_strings.c b/lib/ipmi_strings.c index 94b2abd..ac4b009 100644 --- a/lib/ipmi_strings.c +++ b/lib/ipmi_strings.c @@ -96,6 +96,7 @@ const struct valstr ipmi_oem_info[] = { { IPMI_OEM_IBM_4769, "IBM Corporation" }, { IPMI_OEM_IBM_20301, "IBM eServer X" }, { IPMI_OEM_ADLINK_24339, "ADLINK Technology Inc." }, + { IPMI_OEM_NVIDIA, "NVIDIA Corporation" }, { 0xffff , NULL }, }; diff --git a/lib/ipmi_tsol.c b/lib/ipmi_tsol.c index d89bcfd..ae4abc3 100644 --- a/lib/ipmi_tsol.c +++ b/lib/ipmi_tsol.c @@ -375,7 +375,7 @@ ipmi_tsol_main(struct ipmi_intf *intf, int argc, char **argv) char *recvip = NULL; char in_buff[IPMI_BUF_SIZE]; char out_buff[IPMI_BUF_SIZE * 8]; - char buff[IPMI_BUF_SIZE + 4]; + char buff[IPMI_BUF_SIZE * 8 + 4]; int fd_socket, result, i; int out_buff_fill, in_buff_fill; int ip1, ip2, ip3, ip4; diff --git a/src/ipmievd.c b/src/ipmievd.c index 67788e5..ac4597d 100644 --- a/src/ipmievd.c +++ b/src/ipmievd.c @@ -125,7 +125,7 @@ static int openipmi_wait(struct ipmi_event_intf * eintf); static int openipmi_read(struct ipmi_event_intf * eintf); static struct ipmi_event_intf openipmi_event_intf = { .name = "open", - .desc = "OpenIPMI asyncronous notification of events", + .desc = "OpenIPMI asynchronous notification of events", .prefix = "", .setup = openipmi_setup, .wait = openipmi_wait, @@ -864,7 +864,7 @@ ipmievd_open_main(struct ipmi_intf * intf, int argc, char ** argv) struct ipmi_cmd ipmievd_cmd_list[] = { #ifdef IPMI_INTF_OPEN - { ipmievd_open_main, "open", "Use OpenIPMI for asyncronous notification of events" }, + { ipmievd_open_main, "open", "Use OpenIPMI for asynchronous notification of events" }, #endif { ipmievd_sel_main, "sel", "Poll SEL for notification of events" }, { NULL } diff --git a/src/plugins/lanplus/lanplus.c b/src/plugins/lanplus/lanplus.c index a0e388c..e72e235 100644 --- a/src/plugins/lanplus/lanplus.c +++ b/src/plugins/lanplus/lanplus.c @@ -819,7 +819,7 @@ ipmi_lan_poll_single(struct ipmi_intf * intf) * rsp->data_len becomes the length of that data */ extra_data_length = payload_size - (offset - payload_start) - 1; - if (extra_data_length) { + if (extra_data_length > 0) { rsp->data_len = extra_data_length; memmove(rsp->data, rsp->data + offset, extra_data_length); } else { @@ -873,7 +873,7 @@ ipmi_lan_poll_single(struct ipmi_intf * intf) } read_sol_packet(rsp, &offset); extra_data_length = payload_size - (offset - payload_start); - if (rsp && extra_data_length) { + if (rsp && extra_data_length > 0) { rsp->data_len = extra_data_length; memmove(rsp->data, rsp->data + offset, extra_data_length); } else { diff --git a/src/plugins/lanplus/lanplus_crypt_impl.c b/src/plugins/lanplus/lanplus_crypt_impl.c index d5fac37..9652a5e 100644 --- a/src/plugins/lanplus/lanplus_crypt_impl.c +++ b/src/plugins/lanplus/lanplus_crypt_impl.c @@ -164,11 +164,7 @@ lanplus_encrypt_aes_cbc_128(const uint8_t * iv, uint8_t * output, uint32_t * bytes_written) { - EVP_CIPHER_CTX ctx; - EVP_CIPHER_CTX_init(&ctx); - EVP_EncryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, key, iv); - EVP_CIPHER_CTX_set_padding(&ctx, 0); - + EVP_CIPHER_CTX *ctx = NULL; *bytes_written = 0; @@ -182,6 +178,14 @@ lanplus_encrypt_aes_cbc_128(const uint8_t * iv, printbuf(input, input_length, "encrypting this data"); } + ctx = EVP_CIPHER_CTX_new(); + if (ctx == NULL) { + lprintf(LOG_DEBUG, "ERROR: EVP_CIPHER_CTX_new() failed"); + return; + } + EVP_CIPHER_CTX_init(ctx); + EVP_EncryptInit_ex(ctx, EVP_aes_128_cbc(), NULL, key, iv); + EVP_CIPHER_CTX_set_padding(ctx, 0); /* * The default implementation adds a whole block of padding if the input @@ -191,28 +195,28 @@ lanplus_encrypt_aes_cbc_128(const uint8_t * iv, assert((input_length % IPMI_CRYPT_AES_CBC_128_BLOCK_SIZE) == 0); - if(!EVP_EncryptUpdate(&ctx, output, (int *)bytes_written, input, input_length)) + if(!EVP_EncryptUpdate(ctx, output, (int *)bytes_written, input, input_length)) { /* Error */ *bytes_written = 0; - return; } else { uint32_t tmplen; - if(!EVP_EncryptFinal_ex(&ctx, output + *bytes_written, (int *)&tmplen)) + if(!EVP_EncryptFinal_ex(ctx, output + *bytes_written, (int *)&tmplen)) { + /* Error */ *bytes_written = 0; - return; /* Error */ } else { /* Success */ *bytes_written += tmplen; - EVP_CIPHER_CTX_cleanup(&ctx); } } + /* performs cleanup and free */ + EVP_CIPHER_CTX_free(ctx); } @@ -239,11 +243,7 @@ lanplus_decrypt_aes_cbc_128(const uint8_t * iv, uint8_t * output, uint32_t * bytes_written) { - EVP_CIPHER_CTX ctx; - EVP_CIPHER_CTX_init(&ctx); - EVP_DecryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, key, iv); - EVP_CIPHER_CTX_set_padding(&ctx, 0); - + EVP_CIPHER_CTX *ctx = NULL; if (verbose >= 5) { @@ -252,12 +252,20 @@ lanplus_decrypt_aes_cbc_128(const uint8_t * iv, printbuf(input, input_length, "decrypting this data"); } - *bytes_written = 0; if (input_length == 0) return; + ctx = EVP_CIPHER_CTX_new(); + if (ctx == NULL) { + lprintf(LOG_DEBUG, "ERROR: EVP_CIPHER_CTX_new() failed"); + return; + } + EVP_CIPHER_CTX_init(ctx); + EVP_DecryptInit_ex(ctx, EVP_aes_128_cbc(), NULL, key, iv); + EVP_CIPHER_CTX_set_padding(ctx, 0); + /* * The default implementation adds a whole block of padding if the input * data is perfectly aligned. We would like to keep that from happening. @@ -266,33 +274,33 @@ lanplus_decrypt_aes_cbc_128(const uint8_t * iv, assert((input_length % IPMI_CRYPT_AES_CBC_128_BLOCK_SIZE) == 0); - if (!EVP_DecryptUpdate(&ctx, output, (int *)bytes_written, input, input_length)) + if (!EVP_DecryptUpdate(ctx, output, (int *)bytes_written, input, input_length)) { /* Error */ lprintf(LOG_DEBUG, "ERROR: decrypt update failed"); *bytes_written = 0; - return; } else { uint32_t tmplen; - if (!EVP_DecryptFinal_ex(&ctx, output + *bytes_written, (int *)&tmplen)) + if (!EVP_DecryptFinal_ex(ctx, output + *bytes_written, (int *)&tmplen)) { + /* Error */ char buffer[1000]; ERR_error_string(ERR_get_error(), buffer); lprintf(LOG_DEBUG, "the ERR error %s", buffer); lprintf(LOG_DEBUG, "ERROR: decrypt final failed"); *bytes_written = 0; - return; /* Error */ } else { /* Success */ *bytes_written += tmplen; - EVP_CIPHER_CTX_cleanup(&ctx); } } + /* performs cleanup and free */ + EVP_CIPHER_CTX_free(ctx); if (verbose >= 5) { -- cgit v1.2.3