Gitiles
Code Review Sign In
gerrit.openbmc.org / openbmc / phosphor-host-ipmid / 2aeb1c1ac24f1ada244954b852eed5effb450c05
commit2aeb1c1ac24f1ada244954b852eed5effb450c05[log] [tgz]
authorP Dheeraj Srujan Kumar <p.dheeraj.srujan.kumar@intel.com>Tue Jul 20 04:26:13 2021 +0530
committerVernon Mauery <vernon.mauery@linux.intel.com>Fri Jul 30 19:59:51 2021 +0000
tree7425dae5b0cfec8c22046f6fd260d67c7a14c818
parent83c8d1a455ab1bd88bfb8fd7ab79d0b9b329bd18 [diff]
Restructure pam conversation function(Klockwork fix)

Altered return values form the function. With the earlier
implementation, the function returned PAM_AUTH_ERR on failure scenarios
which is incorrect. Replaced PAM_AUTH_ERR with PAM_CONV_ERR and
PAM_BUF_ERR at respetive places.

Added a check for number of messages received by the conversation
function capped at PAM_MAX_NUM_MSG.

Added a check for password size, which is capped at PAM_MAX_RESP_SIZE
as the bytes in the password greater than this limit would be discarded
by PAM.

Though pam_response structure and response, which are dynamically
allocated by the pam conversation function are the responsibility of the
caller to free them, with the current implemention, there is a possibility of
memory leak when numMsg would be zero or if PAM_PROMPT_ECHO_OFF
message never arrived.
This commit fixes the possible memory leak by allocating only on
receiving PAM_PROMPT_ECHO_OFF message.

Tested:
 - ipmitool tool command passed with correct credentials:
 - With Correct Creds: ipmitool -I lanplus -H x.x.x.x -C 17 -U root -P
   0penBmc raw 0x00 0x01
   Reply : 01 00 03 70
 - With Incorrect Creds: ipmitool -I lanplus -H x.x.x.x -C 17 -U root
   -P 0pen raw 0x00 0x01
   Reply : Error: Unable to establish IPMI session

Signed-off-by: P Dheeraj Srujan Kumar <p.dheeraj.srujan.kumar@intel.com>
Change-Id: I670c3316eec01993a5cd0d79d1d6be248cf64328
1 file changed
tree: 7425dae5b0cfec8c22046f6fd260d67c7a14c818
  1. app/
  2. dbus-sdr/
  3. docs/
  4. include/
  5. libipmid/
  6. libipmid-host/
  7. scripts/
  8. softoff/
  9. test/
  10. user_channel/
  11. xyz/
  12. .build.sh
  13. .clang-format
  14. .gitignore
  15. .shellcheck
  16. .travis.yml
  17. apphandler.cpp
  18. apphandler.hpp
  19. bootstrap.sh
  20. chassishandler.cpp
  21. chassishandler.hpp
  22. configure.ac
  23. dcmihandler.cpp
  24. dcmihandler.hpp
  25. elog-errors.hpp
  26. entity_map_json.cpp
  27. entity_map_json.hpp
  28. error-HostEvent.hpp
  29. fruread.hpp
  30. generate_whitelist.sh
  31. globalhandler.cpp
  32. globalhandler.hpp
  33. groupext.cpp
  34. host-cmd-manager.cpp
  35. host-cmd-manager.hpp
  36. host-interface.cpp
  37. host-interface.hpp
  38. host-ipmid-whitelist.conf
  39. ipmi_fru_info_area.cpp
  40. ipmi_fru_info_area.hpp
  41. ipmid-new.cpp
  42. ipmisensor.cpp
  43. ipmiwhitelist.hpp
  44. LICENSE
  45. MAINTAINERS
  46. Makefile.am
  47. read_fru_data.cpp
  48. read_fru_data.hpp
  49. README.md
  50. sample.cpp
  51. sample.h
  52. selutility.cpp
  53. selutility.hpp
  54. sensordatahandler.cpp
  55. sensordatahandler.hpp
  56. sensorhandler.cpp
  57. sensorhandler.hpp
  58. settings.cpp
  59. settings.hpp
  60. storageaddsel.cpp
  61. storageaddsel.hpp
  62. storagehandler.cpp
  63. storagehandler.hpp
  64. sys_info_param.cpp
  65. sys_info_param.hpp
  66. systemintfcmds.cpp
  67. systemintfcmds.hpp
  68. testaddsel.cpp
  69. testit.cpp
  70. transporthandler.cpp
  71. transporthandler.hpp
  72. whitelist-filter.cpp
README.md

To build this package, do the following steps:

1. ./bootstrap.sh
2. ./configure ${CONFIGURE_FLAGS}
3. make

To clean the repository run ./bootstrap.sh clean.