From f96a2d32dc02d4d6f9b05c46f29a010abd8a5130 Mon Sep 17 00:00:00 2001
From: Alexander Amelkin <alexander@amelkin.msk.ru>
Date: Tue, 15 Sep 2020 16:49:20 +0300
Subject: fru: Fix crashes on 6-bit ASCII strings

Fix calculation of the buffer size for decoded 6-bit ASCII
strings. Previously the program could allocate too a short buffer
that caused buffer overflows and segmentation fault crashes on
certain FRU contents.

Signed-off-by: Alexander Amelkin <alexander@amelkin.msk.ru>
---
 lib/ipmi_fru.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/ipmi_fru.c b/lib/ipmi_fru.c
index 501ef26..3d1d8a1 100644
--- a/lib/ipmi_fru.c
+++ b/lib/ipmi_fru.c
@@ -175,8 +175,8 @@ char * get_fru_area_str(uint8_t * data, uint32_t * offset)
 		size = (len * 2);
 		break;
 	case 2:           /* 10b: 6-bit ASCII */
-		/* 4 chars per group of 1-3 bytes */
-		size = (((len * 4 + 2) / 3) & ~3);
+		/* 4 chars per group of 1-3 bytes, round up to 4 bytes boundary */
+		size = (len / 3 + 1) * 4;
 		break;
 	case 3:           /* 11b: 8-bit ASCII */
 		/* no length adjustment */
-- 
cgit v1.2.1