On Mon, Apr 23, 2012 at 9:56 PM, Jim Mankovich <firstname.lastname@example.org>
I already have a fix for the 16 character username problem. I
already posted a patch for it to the Patch tracker
for version 1.8.11 and I was going to post a patch for it to TOB
after I complete the Threshold/Discrete/Analog
Display issue which is currently in review. If you look closely
you will see I assigned these defect to myself.
Both of the defects you mention are for the same issue, the problem
is that ipmitool permits a user to specify greater
than 16 character passwords. The IPMI password length limit is 16.
Indeed it is. That's not the point. The point is anyone with any tool, or just modified ipmitool, can send username/password longer than 16 byte and make BMC to hang. ipmitool is one of places it should get fixed, but not the only one. That's it the point.
Such bug could have make it a great DoS. Hmm.
I'll try to post a patch for review for the 16 character username
limit sometime this week.
Do you what you can with the resources you have a hand.
Any/All help is much appreciated.
Once the patches I've posted get "somewhere", I'll post more. But sacrifice time at stuff that doesn't go anywhere? Been there, done that and life is too short ;)
On 4/23/2012 12:22 PM, Duncan Idaho wrote:
On Mon, Apr 23, 2012 at 6:26 PM, Jim
report and I could not find any existing resolution to in the
TOB CVS for ipmitool. If anyone
has any time to work on ipmitool, please look at Tracker items
first for something to do.