phosphor-host-ipmid will crash on aarch64
patrick at stwcx.xyz
Thu May 20 12:36:46 AEST 2021
On Mon, May 17, 2021 at 03:21:14AM +0000, CS20 CTCchien wrote:
> Hi Rthomaiy, Vmauery, Pstrinkle, Jayaprakashmutyala,
> When I build phosphor-host-ipmid for aarch64 platform, size_t will be 8 bytes, but in aarch32 sizte_t will be 4 bytes, so ipmid will crash at https://github.com/openbmc/phosphor-host-ipmid/blob/master/user_channel/passwd_mgr.cpp#L323, due to the data size of hashsize and ivsize and padsize and macsize is 4 bytes in /etc/ipmi_pass, but ipmid will read those data as 8 bytes.
Why does the data end up being only 4 bytes in the file? As best I can
tell line 538 is where the data is written and it also uses
sizeof(MetaPassStruct) to determine the amount to write.
> * Meta data struct for encrypted password file
> struct MetaPassStruct
> char signature;
> unsigned char reseved;
> size_t hashSize;
> size_t ivSize;
> size_t dataSize;
> size_t padSize;
> size_t macSize;
> If I replace size_t in this structure with unsigned int, then ipmid will not crash at this point.
We generally want to use 'size_t' for things which are sizes. The code
here is a little dangerous in that it is doing a raw cast to/from the
in-memory structure rather than doing a real serialization.
I'm not really seeing where the code is inconsistent with itself though
that would contribut to a crash.
> But those fields in this structure are also used to store the return value from other functions, like EVP_MD_block_size(),
> And the return type is also size_t.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 833 bytes
Desc: not available
More information about the openbmc