Increase possible file size for FW upgrades and avoid segfaults if still too big Also close a file descriptor which gets opened, but never closed, compare with: https://bugzilla.novell.com/show_bug.cgi?id=534909 Signed-off-by: Thomas Renninger --- lib/ipmi_fwum.c | 86 ++++++++++++++++++++++++++++++-------------------------- 1 file changed, 47 insertions(+), 39 deletions(-) Index: ipmitool-1.8.11/lib/ipmi_fwum.c =================================================================== --- ipmitool-1.8.11.orig/lib/ipmi_fwum.c +++ ipmitool-1.8.11/lib/ipmi_fwum.c @@ -141,7 +141,8 @@ typedef struct sKFWUM_SaveFirmwareInfo extern int verbose; static unsigned char fileName[512]; -static unsigned char firmBuf[1024*512]; +#define MAX_FW_FILE_SIZE 1024*512 +static unsigned char firmBuf[MAX_FW_FILE_SIZE]; static tKFWUM_SaveFirmwareInfo saveFirmwareInfo; static void KfwumOutputHelp(void); @@ -508,6 +509,12 @@ static tKFWUM_Status KfwumSetupBuffersFr tKFWUM_Status status = KFWUM_STATUS_OK; FILE * pFileHandle; + if(fileSize >= MAX_FW_FILE_SIZE) + { + printf("Error: Firmware file size exceeds %dK\n", MAX_FW_FILE_SIZE / 1024); + return KFWUM_STATUS_ERROR; + } + pFileHandle = fopen((const char *)pFileName, "rb"); if(pFileHandle) @@ -538,6 +545,7 @@ static tKFWUM_Status KfwumSetupBuffersFr { KfwumShowProgress((const unsigned char *)"Reading Firmware from File", 100, 100); } + fclose(pFileHandle); } return(status); } @@ -986,9 +994,9 @@ static tKFWUM_Status KfwumManualRollback return status; } -#ifdef PRAGMA_PACK -#pramga pack(1) -#endif +#ifdef PRAGMA_PACK +#pramga pack(1) +#endif struct KfwumStartFirmwareDownloadReq{ unsigned char lengthLSB; unsigned char lengthMid; @@ -996,20 +1004,20 @@ struct KfwumStartFirmwareDownloadReq{ unsigned char paddingLSB; unsigned char paddingMSB; unsigned char useSequence; -} ATTRIBUTE_PACKING; -#ifdef PRAGMA_PACK -#pramga pack(0) -#endif - -#ifdef PRAGMA_PACK -#pramga pack(1) -#endif +} ATTRIBUTE_PACKING; +#ifdef PRAGMA_PACK +#pramga pack(0) +#endif + +#ifdef PRAGMA_PACK +#pramga pack(1) +#endif struct KfwumStartFirmwareDownloadResp { unsigned char bank; -} ATTRIBUTE_PACKING; -#ifdef PRAGMA_PACK -#pramga pack(0) -#endif +} ATTRIBUTE_PACKING; +#ifdef PRAGMA_PACK +#pramga pack(0) +#endif static tKFWUM_Status KfwumStartFirmwareImage(struct ipmi_intf * intf, unsigned long length,unsigned short padding) @@ -1065,9 +1073,9 @@ static tKFWUM_Status KfwumStartFirmwareI return status; } -#ifdef PRAGMA_PACK -#pramga pack(1) -#endif +#ifdef PRAGMA_PACK +#pramga pack(1) +#endif struct KfwumSaveFirmwareAddressReq { unsigned char addressLSB; @@ -1075,22 +1083,22 @@ struct KfwumSaveFirmwareAddressReq unsigned char addressMSB; unsigned char numBytes; unsigned char txBuf[KFWUM_SMALL_BUFFER-KFWUM_OLD_CMD_OVERHEAD]; -} ATTRIBUTE_PACKING; -#ifdef PRAGMA_PACK -#pramga pack(0) -#endif - -#ifdef PRAGMA_PACK -#pramga pack(1) -#endif +} ATTRIBUTE_PACKING; +#ifdef PRAGMA_PACK +#pramga pack(0) +#endif + +#ifdef PRAGMA_PACK +#pramga pack(1) +#endif struct KfwumSaveFirmwareSequenceReq { unsigned char sequenceNumber; unsigned char txBuf[KFWUM_BIG_BUFFER]; -} ATTRIBUTE_PACKING; -#ifdef PRAGMA_PACK -#pramga pack(0) -#endif +} ATTRIBUTE_PACKING; +#ifdef PRAGMA_PACK +#pramga pack(0) +#endif #define FWUM_SAVE_FIRMWARE_NO_RESPONSE_LIMIT ((unsigned char)6) @@ -1234,19 +1242,19 @@ static tKFWUM_Status KfwumSaveFirmwareIm return status; } -#ifdef PRAGMA_PACK -#pramga pack(1) -#endif +#ifdef PRAGMA_PACK +#pramga pack(1) +#endif struct KfwumFinishFirmwareDownloadReq{ unsigned char versionMaj; unsigned char versionMinSub; unsigned char versionSdr; unsigned char reserved; -} ATTRIBUTE_PACKING; -#ifdef PRAGMA_PACK -#pramga pack(0) -#endif - +} ATTRIBUTE_PACKING; +#ifdef PRAGMA_PACK +#pramga pack(0) +#endif + static tKFWUM_Status KfwumFinishFirmwareImage(struct ipmi_intf * intf, tKFWUM_InFirmwareInfo firmInfo) {