diff options
author | James Feist <james.feist@linux.intel.com> | 2020-02-07 12:23:27 -0800 |
---|---|---|
committer | James Feist <james.feist@linux.intel.com> | 2020-02-10 20:23:25 +0000 |
commit | e69d9de2d9453ff301e727554dc74fa8bc0f8482 (patch) | |
tree | 05cd0a79fbb9eef301fa8edfc40a58604954c5bc | |
parent | 6ee7f774bf6393d48c7215e02d6dbf00322bc9f5 (diff) | |
download | bmcweb-e69d9de2d9453ff301e727554dc74fa8bc0f8482.tar.gz bmcweb-e69d9de2d9453ff301e727554dc74fa8bc0f8482.zip |
Add a pid controller size limit
Right now there is no limit, so someone could attack
the bmc by adding a very large number of controllers.
Create a limit so this isn't possible.
Tested: Add / Remove functionality still works
Change-Id: Ib408293431250d93b0af71616a1668f6a3d0904a
Signed-off-by: James Feist <james.feist@linux.intel.com>
-rw-r--r-- | redfish-core/lib/managers.hpp | 33 |
1 files changed, 33 insertions, 0 deletions
diff --git a/redfish-core/lib/managers.hpp b/redfish-core/lib/managers.hpp index 623f8fe..b6d554f 100644 --- a/redfish-core/lib/managers.hpp +++ b/redfish-core/lib/managers.hpp @@ -1240,6 +1240,30 @@ struct SetPIDValues : std::enable_shared_from_this<SetPIDValues> messages::internalError(self->asyncResp->res); return; } + const std::array<const char*, 3> configurations = { + pidConfigurationIface, pidZoneConfigurationIface, + stepwiseConfigurationIface}; + + // erase the paths we don't care about + for (auto it = mObj.begin(); it != mObj.end();) + { + bool found = false; + for (const auto& [interface, _] : it->second) + { + if (std::find(configurations.begin(), + configurations.end(), + interface) != configurations.end()) + { + found = true; + it++; + break; + } + } + if (!found) + { + it = mObj.erase(it); + } + } self->managedObj = std::move(mObj); }, "xyz.openbmc_project.EntityManager", "/", objectManagerIface, @@ -1446,6 +1470,15 @@ struct SetPIDValues : std::enable_shared_from_this<SetPIDValues> } BMCWEB_LOG_DEBUG << "Create new = " << createNewObject << "\n"; + + // arbitrary limit to avoid attacks + constexpr const size_t controllerLimit = 500; + if (createNewObject && managedObj.size() >= controllerLimit) + { + messages::resourceExhaustion(response->res, type); + continue; + } + output["Name"] = boost::replace_all_copy(name, "_", " "); std::string chassis; |