Bug 739233 - Buffer overflow error in ipmiutil ipmiutil-2.7.7-1.el6.x86_64
Summary: Buffer overflow error in ipmiutil ipmiutil-2.7.7-1.el6.x86_64
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora EPEL
Classification: Fedora
Component: ipmiutil
Version: el6
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Andy Cress
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2011-09-16 21:57 UTC by Nathan Huff
Modified: 2011-10-08 22:26 UTC (History)
1 user (show)

Fixed In Version: ipmiutil-2.7.8-1.el6
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2011-10-08 22:26:43 UTC


Attachments (Terms of Use)

Description Nathan Huff 2011-09-16 21:57:46 UTC
Description of problem:

When trying to update the Product Asset Tag or Product Serial Number on the BMC
ipmiutil dies with a buffer overflow detected error.

Version-Release number of selected component (if applicable):

2.7.7-1.el6.x86_64

How reproducible:

Try to update the asset tag or product serial number with ifru

Steps to Reproduce:
1. /usr/sbin/ifru -a xxxxx or /usr/sbin/ifru -s xxxxxxxxxxxx

  
Actual results:

Writing new product data (,,xxxxxxx) ...
*** buffer overflow detected ***: ipmiutil terminated

Expected results:

Values written to BMC

Additional info:


*** buffer overflow detected ***: ipmiutil terminated
======= Backtrace: =========
/lib64/libc.so.6(__fortify_fail+0x37)[0x7ff54b036397]
/lib64/libc.so.6(+0xfd280)[0x7ff54b034280]
ipmiutil[0x40abab]
ipmiutil[0x40de31]
ipmiutil[0x403697]
/lib64/libc.so.6(__libc_start_main+0xfd)[0x7ff54af55cdd]
ipmiutil[0x403499]
======= Memory map: ========
00400000-0048c000 r-xp 00000000 09:02 139178                             /usr/sbin/ipmiutil
0068c000-00693000 rw-p 0008c000 09:02 139178                             /usr/sbin/ipmiutil
00693000-00716000 rw-p 00000000 00:00 0 
01a2c000-01a4e000 rw-p 00000000 00:00 0                                  [heap]
7ff54a908000-7ff54a91e000 r-xp 00000000 09:02 12                         /lib64/libgcc_s-4.4.5-20110214.so.1
7ff54a91e000-7ff54ab1d000 ---p 00016000 09:02 12                         /lib64/libgcc_s-4.4.5-20110214.so.1
7ff54ab1d000-7ff54ab1e000 rw-p 00015000 09:02 12                         /lib64/libgcc_s-4.4.5-20110214.so.1
7ff54ab1e000-7ff54ab33000 r-xp 00000000 09:02 70                         /lib64/libz.so.1.2.3
7ff54ab33000-7ff54ad32000 ---p 00015000 09:02 70                         /lib64/libz.so.1.2.3
7ff54ad32000-7ff54ad33000 rw-p 00014000 09:02 70                         /lib64/libz.so.1.2.3
7ff54ad33000-7ff54ad35000 r-xp 00000000 09:02 29                         /lib64/libdl-2.12.so
7ff54ad35000-7ff54af35000 ---p 00002000 09:02 29                         /lib64/libdl-2.12.so
7ff54af35000-7ff54af36000 r--p 00002000 09:02 29                         /lib64/libdl-2.12.so
7ff54af36000-7ff54af37000 rw-p 00003000 09:02 29                         /lib64/libdl-2.12.so
7ff54af37000-7ff54b0bd000 r-xp 00000000 09:02 23                         /lib64/libc-2.12.so
7ff54b0bd000-7ff54b2bc000 ---p 00186000 09:02 23                         /lib64/libc-2.12.so
7ff54b2bc000-7ff54b2c0000 r--p 00185000 09:02 23                         /lib64/libc-2.12.so
7ff54b2c0000-7ff54b2c1000 rw-p 00189000 09:02 23                         /lib64/libc-2.12.so
7ff54b2c1000-7ff54b2c6000 rw-p 00000000 00:00 0 
7ff54b2c6000-7ff54b2dd000 r-xp 00000000 09:02 47                         /lib64/libpthread-2.12.so
7ff54b2dd000-7ff54b4dc000 ---p 00017000 09:02 47                         /lib64/libpthread-2.12.so
7ff54b4dc000-7ff54b4dd000 r--p 00016000 09:02 47                         /lib64/libpthread-2.12.so
7ff54b4dd000-7ff54b4de000 rw-p 00017000 09:02 47                         /lib64/libpthread-2.12.so
7ff54b4de000-7ff54b4e2000 rw-p 00000000 00:00 0 
7ff54b4e2000-7ff54b652000 r-xp 00000000 09:02 136177                     /usr/lib64/libcrypto.so.1.0.0
7ff54b652000-7ff54b852000 ---p 00170000 09:02 136177                     /usr/lib64/libcrypto.so.1.0.0
7ff54b852000-7ff54b874000 rw-p 00170000 09:02 136177                     /usr/lib64/libcrypto.so.1.0.0
7ff54b874000-7ff54b878000 rw-p 00000000 00:00 0 
7ff54b878000-7ff54b898000 r-xp 00000000 09:02 563                        /lib64/ld-2.12.so
7ff54ba8b000-7ff54ba8f000 rw-p 00000000 00:00 0 
7ff54ba94000-7ff54ba97000 rw-p 00000000 00:00 0 
7ff54ba97000-7ff54ba98000 r--p 0001f000 09:02 563                        /lib64/ld-2.12.so
7ff54ba98000-7ff54ba99000 rw-p 00020000 09:02 563                        /lib64/ld-2.12.so
7ff54ba99000-7ff54ba9a000 rw-p 00000000 00:00 0 
7fff9bad7000-7fff9baec000 rw-p 00000000 00:00 0                          [stack]
7fff9bbe4000-7fff9bbe5000 r-xp 00000000 00:00 0                          [vdso]
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0                  [vsyscall]
/usr/sbin/ifru: line 2:  1377 Aborted                 ipmiutil fru $*

Comment 1 Andy Cress 2011-09-19 13:05:15 UTC
Yes, most systems only have an asset tag on the baseboard FRU, but this bug was exposed when the asset tag also exists in another FRU, resulting in a negative offset.
This is fixed in ipmiutil-2.7.8 with two safeguards:
  - restrict the asset tag offsets to be only on the baseboard
  - check for negative offsets before copying the data

Comment 2 Fedora Update System 2011-09-19 16:59:37 UTC
ipmiutil-2.7.8-1.el6 has been submitted as an update for Fedora EPEL 6.
https://admin.fedoraproject.org/updates/ipmiutil-2.7.8-1.el6

Comment 3 Fedora Update System 2011-09-20 02:33:36 UTC
Package ipmiutil-2.7.8-1.el6:
* should fix your issue,
* was pushed to the Fedora EPEL 6 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=epel-testing ipmiutil-2.7.8-1.el6'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/ipmiutil-2.7.8-1.el6
then log in and leave karma (feedback).

Comment 4 Nathan Huff 2011-09-20 14:42:17 UTC
ipmiutil-2.7.8-1.el6 fixes the problem for me.

Comment 5 Fedora Update System 2011-10-08 22:26:43 UTC
ipmiutil-2.7.8-1.el6 has been pushed to the Fedora EPEL 6 stable repository.  If problems still persist, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.