Bug 1189065
| Summary: | Endian bug in authentication code | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 7 | Reporter: | Denys Vlasenko <dvlasenk> |
| Component: | freeipmi | Assignee: | Ales Ledvinka <aledvink> |
| Status: | CLOSED ERRATA | QA Contact: | Rachel Sibley <rasibley> |
| Severity: | urgent | Docs Contact: | |
| Priority: | high | ||
| Version: | 7.1 | CC: | aledvink, chu11, dvlasenk, jsafrane, lmiksik, mhradile, qe-baseos-daemons, tgummels, tlavigne, tsmetana, woodard |
| Target Milestone: | rc | Keywords: | ZStream |
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | freeipmi-1.2.9-7.el7 | Doc Type: | Bug Fix |
| Doc Text: |
Cause: Code stores name length in specific byte order non-compatible with big-endian.
Consequence: The code does not work on big-endian.
Fix: Replaced the code storing the length with a portable one.
Result: Works on big-endian.
|
Story Points: | --- |
| Clone Of: | 1022178 | Environment: | |
| Last Closed: | 2015-11-19 12:48:15 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 1022178 | ||
| Bug Blocks: | 993793, 1032963, 1133060, 1154125 | ||
|
Comment 2
Denys Vlasenko
2015-02-04 11:58:05 UTC
ALL TESTS PASSED
After speaking with dev, since this a trivial fix, SanityOnly verification is sufficient.
[rasibley@localhost freeipmi]$ git log --oneline --grep=1189065
3b87ff7 Resolves: #1189065
Verified the fix is in the source code for freeipmi:
commit 3b87ff7ee4686d3ab6d2a8efa13be73d366921cf
Author: Ales Ledvinka <aledvink>
Date: Mon Jul 6 12:11:20 2015 +0200
Resolves: #1189065
diff --git a/freeipmi-1.2.1-bigendauth.patch b/freeipmi-1.2.1-bigendauth.patch
new file mode 100644
index 0000000..03db1e8
--- /dev/null
+++ b/freeipmi-1.2.1-bigendauth.patch
@@ -0,0 +1,32 @@
+diff -urpN freeipmi-1.3.2.orig/libfreeipmi/util/ipmi-rmcpplus-util.c freeipmi-1.3.2.fixed/libfreeipmi/util/ipmi-rmcpplus-util.c
+--- freeipmi-1.3.2.orig/libfreeipmi/util/ipmi-rmcpplus-util.c 2013-09-11 01:23:16.000000000 +0200
++++ freeipmi-1.3.2.fixed/libfreeipmi/util/ipmi-rmcpplus-util.c 2013-10-22 17:56:59.439103790 +0200
+@@ -157,15 +157,8 @@ ipmi_calculate_sik (uint8_t authenticati
+ priv_byte |= 0x10;
+ priv_byte |= (requested_privilege_level & 0xF);
+
+- memcpy (hash_data + hash_data_len,
+- (void *)&priv_byte,
+- sizeof (uint8_t));
+- hash_data_len += sizeof (uint8_t);
+-
+- memcpy (hash_data + hash_data_len,
+- (void *)&user_name_len,
+- sizeof (uint8_t));
+- hash_data_len += sizeof (uint8_t);
++ hash_data[hash_data_len++] = priv_byte;
++ hash_data[hash_data_len++] = user_name_len;
+
+ if (user_name && user_name_len > 0)
+ {
+@@ -1257,8 +1250,8 @@ ipmi_rmcpplus_check_rakp_4_integrity_che
+
+ rv = memcmp (digest, integrity_check_value, compare_len) ? 0 : 1;
+ cleanup:
+- secure_memset (buf, '\0', IPMI_MAX_KEY_DATA_LENGTH);
+- secure_memset (buf, '\0', IPMI_MAX_KEY_EXCHANGE_AUTHENTICATION_CODE_LENGTH);
++ secure_memset (buf, '\0', sizeof(buf));
++ secure_memset (digest, '\0', sizeof(digest));
+ return (rv);
+ }
+
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHBA-2015-2408.html |