Bug#559363: ipmitool: password from file option (-f) reads 1 too few characters

Thu, 03 Dec 2009 14:11:13 -0800 

Package: ipmitool
Version: 1.8.11-1
Severity: important
Tags: patch


The -f option reads the server password from a file, and IPMI 1.5
supports passwords up to 16 characters, however the line for actually
reading that password is:

>fgets(pass, 16, fp)

You probably realize that that means fgets actually only reads up to
15 characters (16th character is null terminator obviously). At a bare
minimum, this 16 (and the corresponding malloc) should be 17. You can
imagine the frustration this caused me with 16 char passwords, and
a good WTF moment with wireshark ;)

Actually IPMI 2.0 supports 20 character long passwords, so this should
probably be actually be 21. The patch I attached does just that.

-- System Information:
Debian Release: 5.0.3
  APT prefers stable
  APT policy: (800, 'stable'), (600, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.30-2-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages ipmitool depends on:
ii  libc6                   2.9-25           GNU C Library: Shared libraries
ii  libncurses5             5.7+20081213-1   shared libraries for terminal hand
ii  libreadline5            5.2-3.1          GNU readline and history libraries
ii  libssl0.9.8             0.9.8g-15+lenny3 SSL shared libraries
ii  lsb-base                3.2-20           Linux Standard Base 3.2 init scrip

ipmitool recommends no packages.

Versions of packages ipmitool suggests:
ii  openipmi                      2.0.14-1   Intelligent Platform Management In

-- no debconf information

diff -rupN ipmitool-1.8.11/lib/ipmi_main.c ipmitool-1.8.11.fixed/lib/ipmi_main.c
--- ipmitool-1.8.11/lib/ipmi_main.c	2009-02-26 05:38:52.000000000 +0900
+++ ipmitool-1.8.11.fixed/lib/ipmi_main.c	2009-12-04 06:50:08.246119798 +0900
@@ -106,7 +106,7 @@ ipmi_password_file_read(char * filename)
 	char * pass = NULL;
 	int l;
 
-	pass = malloc(16);
+	pass = malloc(21);
 	if (pass == NULL) {
 		lprintf(LOG_ERR, "ipmitool: malloc failure");
 		return NULL;
@@ -120,7 +120,7 @@ ipmi_password_file_read(char * filename)
 	}
 
 	/* read in id */
-	if (fgets(pass, 16, fp) == NULL) {
+	if (fgets(pass, 21, fp) == NULL) {
 		lprintf(LOG_ERR, "Unable to read password from file %s",
 			filename);
 		fclose(fp);

Reply via email to