lanserv: Check that message and negotiated authtypes are the same

If you sent a message with "none" authentication to a session that had another authtype, it would crash the server with a NULL pointer reference. Signed-off-by: Corey Minyard <[email protected]>
cminyard · Sep 24, 2024 · e0aa009 · e0aa009
1 parent 19b51c7
commit e0aa009
Showing 1 changed file with 7 additions and 0 deletions.
diff --git a/lanserv/lanserv_ipmi.c b/lanserv/lanserv_ipmi.c
@@ -2986,6 +2986,13 @@ ipmi_handle_rmcp_msg(lanserv_data_t *lan, msg_t *msg)
 	    return;
 	}
 
+	if (session->authtype != msg->authtype) {
+	    lan->sysinfo->log(lan->sysinfo, INVALID_MSG, msg,
+		     "Normal session message failure:"
+		     " Message authtype does not match session authtype");
+	    return;
+	}
+
 	rv = auth_check(session, tsid, tseq, msg->data, msg->len,
 			msg->rmcp.authcode);
 	if (rv) {