From d98b020b3b3164ad13bbb9f5a672dd5679a7a828 Mon Sep 17 00:00:00 2001
From: Luk Claes <luk@debian.org>
Date: Tue, 20 Sep 2011 08:01:55 +0200
Subject: Fix buffer overflow in tsol session.

---
 debian/changelog                    |  3 ++-
 debian/patches/101_fix_buf_overflow | 12 ++++++++++++
 debian/patches/series               |  1 +
 3 files changed, 15 insertions(+), 1 deletion(-)
 create mode 100644 debian/patches/101_fix_buf_overflow

diff --git a/debian/changelog b/debian/changelog
index bf0039b..9227063 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -6,8 +6,9 @@ ipmitool (1.8.11-4) unstable; urgency=low
   * debian/ipmitool.ipmievd.init: Test if /etc/default/rcS
     exists, before executing it.
   * debian/ipmitool.{post,pre}{inst,rm}: Add -e.
+  * Fix buffer overflow in tsol session.
 
- -- Luk Claes <luk@debian.org>  Tue, 20 Sep 2011 07:55:44 +0200
+ -- Luk Claes <luk@debian.org>  Tue, 20 Sep 2011 08:00:57 +0200
 
 ipmitool (1.8.11-3) unstable; urgency=high
 
diff --git a/debian/patches/101_fix_buf_overflow b/debian/patches/101_fix_buf_overflow
new file mode 100644
index 0000000..56b2d89
--- /dev/null
+++ b/debian/patches/101_fix_buf_overflow
@@ -0,0 +1,12 @@
+diff -Naurp ipmitool-1.8.11.orig//lib/ipmi_tsol.c ipmitool-1.8.11//lib/ipmi_tsol.c
+--- ipmitool-1.8.11.orig//lib/ipmi_tsol.c	2009-02-25 15:38:52.000000000 -0500
++++ ipmitool-1.8.11//lib/ipmi_tsol.c	2010-09-08 09:10:24.611519035 -0400
+@@ -385,7 +385,7 @@ ipmi_tsol_main(struct ipmi_intf * intf,
+ 	socklen_t mylen;
+ 	char *recvip = NULL;
+ 	char out_buff[IPMI_BUF_SIZE * 8], in_buff[IPMI_BUF_SIZE];
+-	char buff[IPMI_BUF_SIZE + 4];
++	char buff[IPMI_BUF_SIZE * 8 + 4];
+ 	int fd_socket, result, i;
+ 	int out_buff_fill, in_buff_fill;
+ 	int ip1, ip2, ip3, ip4;
diff --git a/debian/patches/series b/debian/patches/series
index ca8572e..1d8f38f 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,3 +1,4 @@
 99_readme_typo
 passwd_option
 fix_sdr_segfault
+101_fix_buf_overflow
-- 
cgit v1.2.3