Security Issues in libmctp #3
Description
Opening issue to discuss libmctp security related topics.
If MCTP packets are received with End of message (EOM) or start of message (SOM) not set, they get added to context buffer. If context buffer is full , it gets reallocated to 2* its previous size.
This allows peripheral device to DoS BMC by causing large memory resource to be locked.
Security impact: Peripheral MCTP device can generate malformed packets to corrupt BMC memory and overflow heap.
This issue probably can be handled by limiting number of "middle packets" per context buffer