libflash/ipmi-hiomap: Enforce message size for empty response

[ Upstream commit 4af122b23402ca163012de527277901d7770c376 ] The protocol defines the response to the associated messages as empty except for the command ID and sequence fields. If the BMC is returning extra data consider the message malformed. Cc: stable Signed-off-by: Andrew Jeffery <andrew@aj.id.au> Signed-off-by: Stewart Smith <stewart@linux.ibm.com> Signed-off-by: Vasant Hegde <hegdevasant@linux.vnet.ibm.com>
author: Andrew Jeffery <andrew@aj.id.au> 2019-02-21 16:58:13 +1030
committer: Vasant Hegde <hegdevasant@linux.vnet.ibm.com> 2019-03-04 23:03:40 +0530
commit: bdf19fbcb226d970112dd47f45583d88083548ac (patch)
tree: 93179883be14b5ffdea168801a48bf9cd233e583
parent: 5117b2c56d65c3b0142a083a306b4cd1c678a953 (diff)
download: skiboot-bdf19fbcb226d970112dd47f45583d88083548ac.zip
skiboot-bdf19fbcb226d970112dd47f45583d88083548ac.tar.gz
skiboot-bdf19fbcb226d970112dd47f45583d88083548ac.tar.bz2
1 files changed, 6 insertions, 0 deletions
diff --git a/libflash/ipmi-hiomap.c b/libflash/ipmi-hiomap.c
index 7a36449..56492fa 100644
--- a/libflash/ipmi-hiomap.c
+++ b/libflash/ipmi-hiomap.c
@@ -208,6 +208,12 @@ static void ipmi_hiomap_cmd_cb(struct ipmi_msg *msg)
 	case HIOMAP_C_FLUSH:
 	case HIOMAP_C_ACK:
 	case HIOMAP_C_ERASE:
+		if (msg->resp_size != 2) {
+			prerror("%u: Unexpected response size: %u\n", msg->data[0],
+				msg->resp_size);
+			res->cc = IPMI_ERR_UNSPECIFIED;
+			break;
+		}
 		break;
 	default:
 		prlog(PR_WARNING, "Unimplemented command handler: %u\n",
author	Andrew Jeffery <andrew@aj.id.au>	2019-02-21 16:58:13 +1030
committer	Vasant Hegde <hegdevasant@linux.vnet.ibm.com>	2019-03-04 23:03:40 +0530
commit	bdf19fbcb226d970112dd47f45583d88083548ac (patch)
tree	93179883be14b5ffdea168801a48bf9cd233e583
parent	5117b2c56d65c3b0142a083a306b4cd1c678a953 (diff)
download	skiboot-bdf19fbcb226d970112dd47f45583d88083548ac.zip skiboot-bdf19fbcb226d970112dd47f45583d88083548ac.tar.gz skiboot-bdf19fbcb226d970112dd47f45583d88083548ac.tar.bz2