[Skiboot] [PATCH v2 14/52] libflash/ipmi-hiomap: Enforce message size for empty response

Andrew Jeffery andrew at aj.id.au
Thu Feb 21 17:28:13 AEDT 2019


The protocol defines the response to the associated messages as empty
except for the command ID and sequence fields. If the BMC is returning
extra data consider the message malformed.

Cc: stable
Signed-off-by: Andrew Jeffery <andrew at aj.id.au>
---
 libflash/ipmi-hiomap.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/libflash/ipmi-hiomap.c b/libflash/ipmi-hiomap.c
index 7a36449a5d0b..56492fa87067 100644
--- a/libflash/ipmi-hiomap.c
+++ b/libflash/ipmi-hiomap.c
@@ -208,6 +208,12 @@ static void ipmi_hiomap_cmd_cb(struct ipmi_msg *msg)
 	case HIOMAP_C_FLUSH:
 	case HIOMAP_C_ACK:
 	case HIOMAP_C_ERASE:
+		if (msg->resp_size != 2) {
+			prerror("%u: Unexpected response size: %u\n", msg->data[0],
+				msg->resp_size);
+			res->cc = IPMI_ERR_UNSPECIFIED;
+			break;
+		}
 		break;
 	default:
 		prlog(PR_WARNING, "Unimplemented command handler: %u\n",
-- 
2.19.1



More information about the Skiboot mailing list