From ab965b04ed84050725b192f6bad1bec275d8cb5e Mon Sep 17 00:00:00 2001 From: jbjohnso Date: Wed, 3 Oct 2012 19:56:29 +0000 Subject: [PATCH] Have IPMI more decisively quite should the password be incorrect. Hypothetically a DoS could be aimed at the client, but that's much less likely. git-svn-id: https://svn.code.sf.net/p/xcat/code/xcat-core/trunk@13944 8638fb3e-16cb-4fca-ae20-7b5d299a9bcd --- xCAT-server/lib/perl/xCAT/IPMI.pm | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/xCAT-server/lib/perl/xCAT/IPMI.pm b/xCAT-server/lib/perl/xCAT/IPMI.pm index a6cb2a084..770155a2f 100644 --- a/xCAT-server/lib/perl/xCAT/IPMI.pm +++ b/xCAT-server/lib/perl/xCAT/IPMI.pm @@ -21,6 +21,7 @@ use constant STATE_OPENSESSION=>1; use constant STATE_EXPECTINGRAKP2=>2; use constant STATE_EXPECTINGRAKP4=>3; use constant STATE_ESTABLISHED=>4; +use constant STATE_FAILED=>4; #my $ipmidbg; #open($ipmidbg,">","/tmp/ipmidbg"); #sub dprint { @@ -460,6 +461,8 @@ sub timedout { $self->{ipmicallback}->($rsp,$self->{ipmicallback_args}); $self->{nowait}=0; return; + } elsif ($self->{sessionestablishmentcontext} == STATE_FAILED) { + return; } if ($self->{sessionestablishmentcontext} == STATE_OPENSESSION) { #in this particular case, we want to craft a new rmcp session request with a new client side session id, to aid in distinguishing retry from new $self->open_rmcpplus_request(); @@ -777,6 +780,7 @@ sub got_rakp2 { my @expectedhash = (unpack("C*",hmac_sha1($hmacdata,$self->{password}))); foreach (0..(scalar(@expectedhash)-1)) { if ($expectedhash[$_] != $data[$_]) { + $self->{sessionestablishmentcontext}=STATE_FAILED; $self->{onlogon}->("ERROR: Incorrect password provided",$self->{onlogon_args}); return 9; }