diff -wruN -x '*~' -x '*.o' -x '*.a' -x '*.so' -x '*.so.[0-9]' -x autom4te.cache -x .deps -x .libs -x Makefile -x Makefile.in ../orig-ipmitool-1.8.12/lib/ipmi_fwum.c ./lib/ipmi_fwum.c
--- ../orig-ipmitool-1.8.12/lib/ipmi_fwum.c	2012-01-21 06:35:49.000000000 +0100
+++ ./lib/ipmi_fwum.c	2013-02-28 13:39:10.666350090 +0100
@@ -141,7 +141,8 @@
 
 extern int verbose;
 static unsigned char fileName[512];
-static unsigned char firmBuf[1024*512];
+#define MAX_FW_FILE_SIZE 1024*512
+static unsigned char firmBuf[MAX_FW_FILE_SIZE];
 static tKFWUM_SaveFirmwareInfo saveFirmwareInfo;
 
 static void KfwumOutputHelp(void);
@@ -508,6 +509,12 @@
    tKFWUM_Status status = KFWUM_STATUS_OK;
    FILE * pFileHandle;
 
+   if(fileSize >= MAX_FW_FILE_SIZE)
+   {
+      printf("Error: Firmware file size exceeds %dK\n", MAX_FW_FILE_SIZE / 1024);
+      return KFWUM_STATUS_ERROR;
+   }
+
    pFileHandle = fopen((const char *)pFileName, "rb");
 
    if(pFileHandle)
@@ -538,6 +545,7 @@
       {
          KfwumShowProgress((const unsigned char *)"Reading Firmware from File", 100, 100);
       }
+      fclose(pFileHandle);
    }
    return(status);
 }