diff options
| author | Andrew Jeffery <andrew@aj.id.au> | 2019-02-21 16:58:13 +1030 |
|---|---|---|
| committer | Stewart Smith <stewart@linux.ibm.com> | 2019-02-24 17:43:37 -0600 |
| commit | 4af122b23402ca163012de527277901d7770c376 (patch) | |
| tree | b7926f9f140c3ca61470e9ed3d21609c2d1aaf18 /libflash | |
| parent | 6d8bd2dd9eab3792d3aafde33d5573c0276b72b8 (diff) | |
| download | talos-skiboot-4af122b23402ca163012de527277901d7770c376.tar.gz talos-skiboot-4af122b23402ca163012de527277901d7770c376.zip | |
libflash/ipmi-hiomap: Enforce message size for empty response
The protocol defines the response to the associated messages as empty
except for the command ID and sequence fields. If the BMC is returning
extra data consider the message malformed.
Cc: stable
Signed-off-by: Andrew Jeffery <andrew@aj.id.au>
Signed-off-by: Stewart Smith <stewart@linux.ibm.com>
Diffstat (limited to 'libflash')
| -rw-r--r-- | libflash/ipmi-hiomap.c | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/libflash/ipmi-hiomap.c b/libflash/ipmi-hiomap.c index 7a36449a..56492fa8 100644 --- a/libflash/ipmi-hiomap.c +++ b/libflash/ipmi-hiomap.c @@ -208,6 +208,12 @@ static void ipmi_hiomap_cmd_cb(struct ipmi_msg *msg) case HIOMAP_C_FLUSH: case HIOMAP_C_ACK: case HIOMAP_C_ERASE: + if (msg->resp_size != 2) { + prerror("%u: Unexpected response size: %u\n", msg->data[0], + msg->resp_size); + res->cc = IPMI_ERR_UNSPECIFIED; + break; + } break; default: prlog(PR_WARNING, "Unimplemented command handler: %u\n", |
