| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
| |
Signed-off-by: Alexander Amelkin <alexander@amelkin.msk.ru>
|
| |
|
|
| |
Signed-off-by: Alexander Amelkin <alexander@amelkin.msk.ru>
|
| |
|
|
| |
Signed-off-by: Alexander Amelkin <alexander@amelkin.msk.ru>
|
| |
|
|
| |
Signed-off-by: Alexander Amelkin <alexander@amelkin.msk.ru>
|
| |
|
|
| |
Signed-off-by: Alexander Amelkin <alexander@amelkin.msk.ru>
|
| | |
|
| |
|
|
|
|
| |
Fixed by using centralised exiting.
Signed-off-by: Václav Doležal <vdolezal@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
The current behavior:
- correct date format is not accepted by "sel time set".
- incorrect date format that looks correct is accepted, but time is not
set correctly.
- commands like
ipmitool sel time set "11/22/2013 trash"
are accepted.
|
| |
|
| |
Instead of non-portable MAX() use __max() in hpmfwupg
|
| |
|
|
| |
Signed-off-by: Vaclav Dolezal <vdolezal@redhat.com>
|
| |
|
|
| |
This is a refix of commit f0d5c17e
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Final part of the fixes for CVE-2020-5208, see
https://github.com/ipmitool/ipmitool/security/advisories/GHSA-g659-9qxw-p7cp
9 variants of stack buffer overflow when parsing `id_string` field of
SDR records returned from `CMD_GET_SDR` command.
SDR record structs have an `id_code` field, and an `id_string` `char`
array.
The length of `id_string` is calculated as `(id_code & 0x1f) + 1`,
which can be larger than expected 16 characters (if `id_code = 0xff`,
then length will be `(0xff & 0x1f) + 1 = 32`).
In numerous places, this can cause stack buffer overflow when copying
into fixed buffer of size `17` bytes from this calculated length.
|
| |
|
|
|
|
|
|
|
| |
Partial fix for CVE-2020-5208, see
https://github.com/ipmitool/ipmitool/security/advisories/GHSA-g659-9qxw-p7cp
The `get_lan_param_select` function is missing a validation check on the
response’s `data_len`, which it then returns to caller functions, where
stack buffer overflow can occur.
|
| |
|
|
|
|
|
|
|
| |
Partial fix for CVE-2020-5208, see
https://github.com/ipmitool/ipmitool/security/advisories/GHSA-g659-9qxw-p7cp
The `ipmi_get_channel_cipher_suites` function does not properly check
the final response’s `data_len`, which can lead to stack buffer overflow
on the final copy.
|
| |
|
|
|
|
|
|
|
| |
Partial fix for CVE-2020-5208, see
https://github.com/ipmitool/ipmitool/security/advisories/GHSA-g659-9qxw-p7cp
The `ipmi_get_session_info` function does not properly check the
response `data_len`, which is used as a copy size, allowing stack buffer
overflow.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Partial fix for CVE-2020-5208, see
https://github.com/ipmitool/ipmitool/security/advisories/GHSA-g659-9qxw-p7cp
The `ipmi_spd_print_fru` function has a similar issue as the one fixed
by the previous commit in `read_fru_area_section`. An initial request is
made to get the `fru.size`, which is used as the size for the allocation
of `spd_data`. Inside a loop, further requests are performed to get the
copy sizes which are not checked before being used as the size for a
copy into the buffer.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Partial fix for CVE-2020-5208, see
https://github.com/ipmitool/ipmitool/security/advisories/GHSA-g659-9qxw-p7cp
The `read_fru_area_section` function only performs size validation of
requested read size, and falsely assumes that the IPMI message will not
respond with more than the requested amount of data; it uses the
unvalidated response size to copy into `frubuf`. If the response is
larger than the request, this can result in overflowing the buffer.
The same issue affects the `read_fru_area` function.
|
| |
|
|
|
|
|
|
| |
Fix ipmitool not writing the last block of boot mailbox data if the
block is shorter than 3 bytes.
Signed-off-by: Ivan Mikhaylov <fr0st61te@gmail.com>
Signed-off-by: Alexander Amelkin <alexander@amelkin.msk.ru>
|
| |
|
|
|
|
|
|
| |
Libraries ncurses, curses, tinfo and termcap are not actually
needed as the tgetent() function listed as required is not actually
used anywhere in the code.
Signed-off-by: Alexander Amelkin <alexander@amelkin.msk.ru>
|
| |
|
|
| |
Signed-off-by: Alexander Amelkin <alexander@amelkin.msk.ru>
|
| |
|
|
|
|
|
| |
The `sudo` was missing from `make install` which prevented installation
if build is performed, as it should be, by an unpriviliged user.
Signed-off-by: Alexander Amelkin <alexander@amelkin.msk.ru>
|
| |
|
|
| |
This re-enables "nm policy add" functionality.
|
| |
|
|
|
|
|
|
| |
Add some documenation on packages to install on Ubuntu 16.04 and
Fedora 31 before building the software.
This will make it easier for people who are building ipmitool as they
won't need to figure out all the package dependencies on their own.
|
| |
|
|
|
|
|
|
| |
For parameter checking replace calls to strncmp() with calls
to strcmp() in order to improve readability and get rid of literal
string lengths.
Signed-off-by: Alexander Amelkin <alexander@amelkin.msk.ru>
|
| |
|
|
|
|
|
|
|
|
| |
In ipmi_chassis_main:
* Default to error return code (-1).
* Use centralized exit.
Signed-off-by: Alexander Amelkin <alexander@amelkin.msk.ru>
|
| |
|
|
|
|
|
|
|
|
| |
* Get rid of magic '8' in bootdev options processing.
* Optimize the code of bootdev arguments processing, remove the
special crafting of flags for 'clear-cmos' argument, make it use
the same code as other options.
Signed-off-by: Alexander Amelkin <alexander@amelkin.msk.ru>
|
| |
|
|
|
|
| |
Move bootdev options parsing to a separate helper function
Signed-off-by: Alexander Amelkin <alexander@amelkin.msk.ru>
|
| |
|
|
|
|
|
| |
There was a wrong help message regarding the console redirection,
and also the help formatting was a bit off. Straightened this all up.
Signed-off-by: Alexander Amelkin <alexander@amelkin.msk.ru>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Refactor the boot flags decoder:
* Add macros for boot flag bits, replace magic numbers in
the `chassis bootparam get 5` and in `chassis bootdev`
handlers.
The macros are prefixed with BFx_ where x stands for the
boot flags data byte as per IPMI 2.0 specification Table 28-14;
* Add decoding of remote/redirected media boot flags;
* Remove erroneous decoding of boot flags byte 3 bit 1 as
Sleep button lockout whereas the bit is a part of console
redirection setting;
* Fix console redirection settings reported under the 'BIOS verbosity'
header and vice versa;
* Fix resetting of all other boot flags in the data byte when
setting any of the bits in the same byte. This fixes inability
to set both 'efiboot' and 'persistent' bits at the same time,
and other similar cases.
Resolves ipmitool/ipmitool#163
Signed-off-by: Alexander Amelkin <alexander@amelkin.msk.ru>
|
| |
|
|
|
|
|
|
|
|
|
| |
ftp://ftp.supermicro.com/utility/IPMICFG/IPMICFG_1.30.0_build.190710.zip
contains MBType.dat file that lists all known Supermicro product IDs
with their respective names.
Import that knowledge into ipmitool.
Resolves ipmitool/ipmitool#151
Signed-off-by: Alexander Amelkin <alexander@amelkin.msk.ru>
|
| |
|
|
|
|
|
|
|
| |
Commit 6e2b688e introduced a bug due to which VLAN id range checking
was negated and resulted in error messages printed for correct VLAN ids.
Resolves ipmitool/ipmitool#55
Signed-off-by: Alexander Amelkin <alexander@amelkin.msk.ru>
|
| |
|
|
|
|
|
|
|
|
|
| |
Document password length argument to "set password", as per usage info.
Since we don't check whether we're using IPMI1.5/2.0 when setting the
password, ipmitool can't reject 20-char passwords being sent to
16-char interfaces, so the behaviour is somewhat undefined.
For 20-chars, it's now clearer and long passwords will be rejected.
Man page changed to reflect the above.
|
| |
|
|
|
|
| |
Get rid of magic numbers, fix some formatting, drop unneeded checks.
Signed-off-by: Alexander Amelkin <alexander@amelkin.msk.ru>
|
| |
|
|
|
|
|
| |
No longer truncate passwords (16 < p <= 20) silently, instead attempt
to set a 20-char password when such a password is given.
Fail if an explicit length is exceeded, and any time the upper limit
is exceeded.
|
| |
|
|
|
| |
This changes the usage string to match reality and note that [<16|20>]
is an optional argument to set password.
|
| |
|
|
|
|
|
|
|
|
| |
ipmi_intf.h was missing a couple of declarations for the functions
used by fru, sdr and hpmfwupg modules. Add those declarations
to ipmi_intf.h and remove local declarations.
This fixes a couple of compilation warnings.
Signed-off-by: Alexander Amelkin <alexander@amelkin.msk.ru>
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The ipmi_event_fromfile() function was massively repeating the code of
ipmi_send_platform_event() and ipmi_event_msg_print().
This commit cleans up ipmi_event_fromfile() to simply call
ipmi_send_platform_event() with all the prepared data read from the
file. That function in its turn calls ipmi_event_msg_print().
This commit also replaces the dummy generator ID 2 that was printed to
the user with a more relevant generator ID that will actually be sent
by ipmi_send_platform_event().
Signed-off-by: Alexander Amelkin <alexander@amelkin.msk.ru>
|
| |
|
|
|
|
| |
Get rid of magic numbers, reduce code duplication
Signed-off-by: Alexander Amelkin <alexander@amelkin.msk.ru>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
IPMI 2.0 specification is quite inconsistent about system interfaces.
They have section 1.7.16 "System Interfaces" that clearly states that
there are FOUR system interfaces (KCS, SMIC, BT and SSIF), but then they
have section 1.7.31 saying that "It is mandatory to implement a system
interface that is compatible with one of the **three** specified system
interfaces" without specifying which three of the four interfaces are
meant. Then in section 6 "IPMI Messaging interfaces" they again say that
"As mentioned earlier, there are three System Interface implementations
specified for the BMC: SMIC, KCS, and BT". Is all looks like during
update from 1.5 to 2.0 they have updated section 1.7.16, but forgot to
update Table 6-3, section 1.7.31 and section 6. Yet again, there is 'Get
System Interface Capabilities' command that has a parameter 'System
Interface Type' that can specify that SI is of SSIF type.
All that have lead to a situation where some BMC manufacturers treated
the specification as if it prohibited specifying media type 0xC
(which is "System Interface") for system interfaces using SSIF
(SMBus Sustem Interface), and so they specified an SMBUS media type
for their system interface channels.
As a result, ipmitool failed to properly send event data via such
system interfaces as it treated them as non-system and didn't add
the required Generator ID.
To mitigate the inconsistency of IPMI specification and yet not
ask BMC manufacturers to alter their code, thus increasing compatibility
with legacy BMCs, this commit adds checking of current interface number.
The system interface, according to Table 6-1 of IPMI Specification is
required to have channel number 15 (0Fh). So with this commit the
generator ID is added for any interfaces that are either marked
as media type 0Ch 'System Interface' or have channel number 0Fh.
Resolves ipmitool/ipmitool#111
Signed-off-by: Alexander Amelkin <alexander@amelkin.msk.ru>
|
| |
|
|
|
|
|
|
|
| |
In order to support packaging, installation rules in Makefile
have to obey the specified DESTDIR. That support was missing
and is now added.
Signed-off-by: Andrey Kosteltsev <a.kosteltsev@yadro.com>
Signed-off-by: Alexander Amelkin <alexander@amelkin.msk.ru>
|
| |
|
|
|
|
| |
Resolves ipmitool/ipmitool#141
Signed-off-by: Dawid Frycki <dawid.frycki@intel.com>
|
| |
|
|
|
|
| |
Ignore logs, ViM swap files, and patch rejects and originals.
Signed-off-by: Alexander Amelkin <alexander@amelkin.msk.ru>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If a manufacturer's IANA PEN (aka manufacturer ID) was above
65535, it wasn't reported properly. Luckily there are no such
IDs so far, the biggest is 54077 as of 2019/06/18.
There is, however, an ID 0xFFFFFE used by fake_ipmistack
for debug purposes, and it was not reported correctly.
This commit expands the value argument to string searching functions
from 16-bit to 32-bit to allow for any possible IANA PEN.
Fixes: 73d6af57827fc85e78c700ca1dff00b3dbc63948
Signed-off-by: Alexander Amelkin <alexander@amelkin.msk.ru>
|
| |
|
|
|
|
|
|
|
|
|
| |
Download and install the IANA PEN database (enterprise-numbers).
The download is performed using either wget or curl,
and the database is installed into @IANADIR@.
Resolves ipmitool/ipmitool#11
Signed-off-by: Alexander Amelkin <alexander@amelkin.msk.ru>
|
| |
|
|
|
|
|
|
|
|
| |
Add information regarding IANA PEN registry locations into
ipmitool and ipmievd man pages. The locations in man pages are
automatically generated based on `configure` options.
Partially resolves ipmitool/ipmitool#11
Signed-off-by: Alexander Amelkin <alexander@amelkin.msk.ru>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Add support for IANADIR and IANAUSERDIR variables to configure
to allow for customizable locations of system and user-supplied
IANA PEN registry.
Also make path building code portable to Windows.
Partially resolves ipmitool/ipmitool#11
Signed-off-by: Alexander Amelkin <alexander@amelkin.msk.ru>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Previously, the OEM names dictionary was compiled in and
updating it required rebuilding of `ipmitool`, thus taking a
long time for newly registered OEMs to get supported by the tool.
Building also required a direct internet connection to succeed.
With this commit, the OEM enterprise dictionary is now loaded from
either ${HOME}/.local/usr/share/misc/enterprise-numbers or from
/usr/share/misc/enterprise-numbers (in that precedence).
Those files can be downloaded from iana.org at
http://www.iana.org/assignments/enterprise-numbers
Partially resolves ipmitool/ipmitool#11
Fixes: 9d41136c9b7c7d392f1a3f3adeb6d7fe3bd3135e
Signed-off-by: Alexander Amelkin <alexander@amelkin.msk.ru>
|
| |
|
|
|
|
| |
The `INCLUDES` variable is obsolete, `AM_CPPFLAGS` is the new name.
Signed-off-by: Alexander Amelkin <alexander@amelkin.msk.ru>
|
| |
|
|
|
|
|
|
|
|
|
| |
Renamed the oem strings containing Newisys to Viking Enterprise Solutions.
IANA 9237
Built and tested with AMI's IPMI stack LTS 12.01.
Resolves ipmitool/ipmitool#124
Signed-off-by: dan mcgee <dan.mcgee@vikingenterprise.com>
Signed-off-by: dan mcgee <dan.mcgee@sanmina.com>
|
