libflash/ipmi-hiomap: Enforce message size for empty response

[ Upstream commit 4af122b ] The protocol defines the response to the associated messages as empty except for the command ID and sequence fields. If the BMC is returning extra data consider the message malformed. Cc: stable Signed-off-by: Andrew Jeffery <andrew@aj.id.au> Signed-off-by: Stewart Smith <stewart@linux.ibm.com> Signed-off-by: Vasant Hegde <hegdevasant@linux.vnet.ibm.com>
open-power · Mar 4, 2019 · b64b354 · b64b354
1 parent 041d61e
commit b64b354
Showing 1 changed file with 6 additions and 0 deletions.
diff --git a/libflash/ipmi-hiomap.c b/libflash/ipmi-hiomap.c
@@ -208,6 +208,12 @@ static void ipmi_hiomap_cmd_cb(struct ipmi_msg *msg)
 	case HIOMAP_C_FLUSH:
 	case HIOMAP_C_ACK:
 	case HIOMAP_C_ERASE:
+		if (msg->resp_size != 2) {
+			prerror("%u: Unexpected response size: %u\n", msg->data[0],
+				msg->resp_size);
+			res->cc = IPMI_ERR_UNSPECIFIED;
+			break;
+		}
 		break;
 	default:
 		prlog(PR_WARNING, "Unimplemented command handler: %u\n",