Mitigate Baron SameEdit (CVE-2021-3156) vulnerability

sles 15.1
obsolete weakness #73

1

Weakness Breakdown


Definition:

An obsolete weakness occurs when someone uses deprecated or obsolete functions when building a system. As a programming language evolves, some functions occasionally become obsolete.

Warning code(s):

This C routine is considered obsolete.

File Name:

ipmitool-1.8.18/src/plugins/lan/lan.c

Context:

The highlighted line of code below is the trigger point of this particular Sles 15.1 obsolete weakness.

 			continue;
		}

		/* if we are set to noanswer we do not expect response */
		if (intf->noanswer)
			break;

		if (ipmi_oem_active(intf, "intelwv2"))
			ipmi_lan_thump(intf);

		usleep(100);

		rsp = ipmi_lan_poll_recv(intf);

		/* Duplicate Request ccode most likely indicates a response to
		   a previous retry. Ignore and keep polling. */
		if(rsp && rsp->ccode == 0xcf) {
			rsp = NULL;
			rsp = ipmi_lan_poll_recv(intf);
		}
		
		if (rsp)
			break;

		usleep(5000);
		if (++try >= intf->ssn_params.retry) {
			lprintf(LOG_DEBUG, "  No response from remote controller");
			break;
		}
	}

	// We need to cleanup the existing entries from the list. Because if we 
	// keep it and then when we send the new command and if the response is for
	// old command it still matches it and then returns success.
	// This is the corner case where the remote controller responds very slowly.
	//
	// Example: We have to send command 23 and 2d.
	// If we send command,seq as 23,10 and if we don't get any response it will
	// retry 4 times with 23,10 and then come out here and indicate that there is no
	// response from the remote controller and will send the next command for
	// ie 2d,11. And if the BMC is slow to respond and returns 23,10 then it 
	// will match it in the list and will take response of command 23 as response 
	// for command 2d and return success. So ideally when retries are done and 
	// are out of this function we should be clearing the list to be safe so that
	// we don't match the old response with new request.
	//          [23, 10] --> BMC
	//          [23, 10] --> BMC
	//          [23, 10] --> BMC
	//          [23, 10] --> BMC
	//          [2D, 11] --> BMC 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.