Skip to content
Commit c33fdfba authored by Jakub Kicinski's avatar Jakub Kicinski Committed by Corey Minyard
Browse files

ipmi: fix oob access due to uninit smi_msg type 



We're hitting OOB accesses in handle_ipmb_direct_rcv_rsp() (memcpy of
size -1) after user space generates a message. Looks like the message
is incorrectly assumed to be of the new IPMB type, because type is never
set and message is allocated with kmalloc() not kzalloc().

Fixes: 059747c2 ("ipmi: Add support for IPMB direct messages")
Signed-off-by: default avatarJakub Kicinski <kuba@kernel.org>
Message-Id: <20211124210323.1950976-1-kuba@kernel.org>
Signed-off-by: default avatarCorey Minyard <cminyard@mvista.com>
parent 5a3ba99b
Show whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment