From patchwork Wed Sep 16 17:44:51 2020
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: Heiko Thiery <heiko.thiery@gmail.com>
X-Patchwork-Id: 1365506
Return-Path: <buildroot-bounces@busybox.net>
X-Original-To: incoming-buildroot@patchwork.ozlabs.org
Delivered-To: patchwork-incoming-buildroot@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
 spf=pass (sender SPF authorized) smtp.mailfrom=busybox.net
 (client-ip=140.211.166.136; helo=silver.osuosl.org;
 envelope-from=buildroot-bounces@busybox.net; receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org;
 dmarc=fail (p=none dis=none) header.from=gmail.com
Authentication-Results: ozlabs.org;
	dkim=fail reason="signature verification failed" (2048-bit key;
 unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256
 header.s=20161025 header.b=LdLQybgX;
	dkim-atps=neutral
Received: from silver.osuosl.org (smtp3.osuosl.org [140.211.166.136])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 4BsHkD4QG5z9sXf
	for <incoming-buildroot@patchwork.ozlabs.org>;
 Thu, 17 Sep 2020 10:23:09 +1000 (AEST)
Received: from localhost (localhost [127.0.0.1])
	by silver.osuosl.org (Postfix) with ESMTP id 4B4EE20794;
	Wed, 16 Sep 2020 17:47:50 +0000 (UTC)
X-Virus-Scanned: amavisd-new at osuosl.org
Received: from silver.osuosl.org ([127.0.0.1])
	by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id hYJH-zAcSEbG; Wed, 16 Sep 2020 17:47:43 +0000 (UTC)
Received: from ash.osuosl.org (ash.osuosl.org [140.211.166.34])
	by silver.osuosl.org (Postfix) with ESMTP id 333BC2E11B;
	Wed, 16 Sep 2020 17:45:08 +0000 (UTC)
X-Original-To: buildroot@lists.busybox.net
Delivered-To: buildroot@osuosl.org
Received: from hemlock.osuosl.org (smtp2.osuosl.org [140.211.166.133])
 by ash.osuosl.org (Postfix) with ESMTP id 4C30D1BF860
 for <buildroot@lists.busybox.net>; Wed, 16 Sep 2020 17:45:06 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by hemlock.osuosl.org (Postfix) with ESMTP id 491BC8745D
 for <buildroot@lists.busybox.net>; Wed, 16 Sep 2020 17:45:06 +0000 (UTC)
X-Virus-Scanned: amavisd-new at osuosl.org
Received: from hemlock.osuosl.org ([127.0.0.1])
 by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id em2fCiz-tTEw for <buildroot@lists.busybox.net>;
 Wed, 16 Sep 2020 17:45:04 +0000 (UTC)
X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6
Received: from mail-wm1-f66.google.com (mail-wm1-f66.google.com
 [209.85.128.66])
 by hemlock.osuosl.org (Postfix) with ESMTPS id 719A787462
 for <buildroot@buildroot.org>; Wed, 16 Sep 2020 17:45:04 +0000 (UTC)
Received: by mail-wm1-f66.google.com with SMTP id b79so3913881wmb.4
 for <buildroot@buildroot.org>; Wed, 16 Sep 2020 10:45:04 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
 h=from:to:cc:subject:date:message-id:mime-version
 :content-transfer-encoding;
 bh=i26eFQnC4YKPKzHZ5ZUCG3aoHIze3z09Mk2Z5cazInM=;
 b=LdLQybgXb2VLPWkqt58TqbUok9Kc5fyTf2BDr0FzYNmTZBKSrxFx3FbN4ZG14Qwri9
 bIaHWmAhW8kW5YamOcMJFipJb7D7foUMuU15g1RY74YK1QccK1JYwMDBBNkofmVXLUUq
 zYoeMsZFPL0lBztDhNqVTY5fCn+/hX0kb1xlUs1GNwCkkpLkq+8YlmXEdyRgrOXYl3cA
 rX5usjXDieRHQqPVmLnGugmbfRz027M6t//fl45IBm86Jwx7ayYDJFnBUOlxNsuJU+Z3
 ocp6t/CD3C6hXPc4TS8i2Z3+ce1W+teZJmKH++PpGHUBmuUiY6yksKdx78u+wm4wlWtc
 Gpyg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version
 :content-transfer-encoding;
 bh=i26eFQnC4YKPKzHZ5ZUCG3aoHIze3z09Mk2Z5cazInM=;
 b=qzuIBUKFuEnHni2wHoEvg2djPE+dgDONTBkPrMjC+KktmDuol41OUDv6ttFSwiVTQR
 JPGR2ix3Xpdow9FUTlaseYjWFWKYJS3jDJH9vY/QC09f6spHoKV9nPPREFzI0bE2rWad
 x/egKUgKt2FkKBAsOzi/qlTRaMhJ8XpCGf23/rl65ne2WzwexyC8x5/xYfjcR1fAEntq
 K3omspuEqexl/QcaYvsNuvEnNctnorCcJyw3RjlhNO5CaD90pWxPbsNnWkwnHJ9XwMwm
 jk1Tl7XLEewfHN6c5bmx1yLsWv5BObQiv/dkbCSgo5ELQPqd9gbnxayi94NFJ5pNGDVk
 7XuQ==
X-Gm-Message-State: AOAM532LCxQzwKo1TAL4vduJRQ0gRnU7dbFXcVcz/regIAPOzz28DgIc
 CmpQuQSw9nITbnghiPKtQWdHmkb02dg=
X-Google-Smtp-Source: 
 ABdhPJw1UKIuTGhdyR8b0HjPDZnIaFKU5oHTWB672Kuz9+MSgDl49kJjx9ounuzsv9ltWpn4HItL0g==
X-Received: by 2002:a7b:c210:: with SMTP id x16mr5718628wmi.76.1600278302499;
 Wed, 16 Sep 2020 10:45:02 -0700 (PDT)
Received: from t450s.fritz.box (ip5b427139.dynamic.kabel-deutschland.de.
 [91.66.113.57])
 by smtp.gmail.com with ESMTPSA id w14sm37491683wrk.95.2020.09.16.10.45.01
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Wed, 16 Sep 2020 10:45:01 -0700 (PDT)
From: Heiko Thiery <heiko.thiery@gmail.com>
To: buildroot@buildroot.org
Date: Wed, 16 Sep 2020 19:44:51 +0200
Message-Id: <20200916174452.5730-1-heiko.thiery@gmail.com>
X-Mailer: git-send-email 2.20.1
MIME-Version: 1.0
Subject: [Buildroot] [PATCH] package/ipmitool: fix patch
X-BeenThere: buildroot@busybox.net
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussion and development of buildroot <buildroot.busybox.net>
List-Unsubscribe: <http://lists.busybox.net/mailman/options/buildroot>,
 <mailto:buildroot-request@busybox.net?subject=unsubscribe>
List-Archive: <http://lists.busybox.net/pipermail/buildroot/>
List-Post: <mailto:buildroot@busybox.net>
List-Help: <mailto:buildroot-request@busybox.net?subject=help>
List-Subscribe: <http://lists.busybox.net/mailman/listinfo/buildroot>,
 <mailto:buildroot-request@busybox.net?subject=subscribe>
Cc: Floris Bos <bos@je-eigen-domein.nl>,
 Heiko Thiery <heiko.thiery@gmail.com>,
 Peter Korsgaard <peter@korsgaard.com>,
 Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Errors-To: buildroot-bounces@busybox.net
Sender: "buildroot" <buildroot-bounces@busybox.net>

The previous commit to this package
(37c5e903a7e18f5b3847c11a40af5f74984d6c77) introduced a bunch of patches
to fix a CVE. Unfortunatly only applying of the patches was tested but
not building the package.

This commit replaces a define that was introduced in a previous patch
upstream and caused the build failure.

Tested:

                             br-arm-full [1/6]: OK
                  br-arm-cortex-a9-glibc [2/6]: OK
                   br-arm-cortex-m4-full [3/6]: SKIPPED
                          br-x86-64-musl [4/6]: OK
                      br-arm-full-static [5/6]: OK
                            sourcery-arm [6/6]: OK

Fixes:
 - http://autobuild.buildroot.net/results/3f7fe8ad181318153c459ba5e1afbbc8b49d541c/
 - and more

Cc: Peter Korsgaard <peter@korsgaard.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Heiko Thiery <heiko.thiery@gmail.com>
---
 package/ipmitool/0011-channel-Fix-buffer-overflow.patch | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/package/ipmitool/0011-channel-Fix-buffer-overflow.patch b/package/ipmitool/0011-channel-Fix-buffer-overflow.patch
index 8d7ecb9550..62e04c3e27 100644
--- a/package/ipmitool/0011-channel-Fix-buffer-overflow.patch
+++ b/package/ipmitool/0011-channel-Fix-buffer-overflow.patch
@@ -14,7 +14,12 @@ the final response’s `data_len`, which can lead to stack buffer overflow
 on the final copy.
 
 [Retrieve from:
-https://github.com/ipmitool/ipmitool/commit/9452be87181a6e83cfcc768b3ed8321763db50e4]
+https://github.com/ipmitool/ipmitool/commit/9452be87181a6e83cfcc768b3ed8321763db50e4
+
+The patch is slightly modified manually. The define
+(MAX_CIPHER_SUITE_DATA_LEN) was introduced upstream in another patch.
+Replace the define by the value 0x10.]
+
 Signed-off-by: Heiko Thiery <heiko.thiery@gmail.com>
 ---
  lib/ipmi_channel.c | 5 ++++-
@@ -31,7 +36,7 @@ index fab2e54..59ac227 100644
 -		if (rsp->ccode > 0) {
 +		if (rsp->ccode
 +		    || rsp->data_len < 1
-+		    || rsp->data_len > sizeof(uint8_t) + MAX_CIPHER_SUITE_DATA_LEN)
++		    || rsp->data_len > sizeof(uint8_t) + 0x10)
 +		{
  			lprintf(LOG_ERR, "Get Channel Cipher Suites failed: %s",
  					val2str(rsp->ccode, completion_code_vals));