diff options
| author | Tom Joseph <tomjoseph@in.ibm.com> | 2018-04-26 18:46:27 +0530 |
|---|---|---|
| committer | Vernon Mauery <vernon.mauery@linux.intel.com> | 2018-05-08 17:20:01 +0000 |
| commit | efcd68b23d7dafb4038aa76e4c0914b9a54d0103 (patch) | |
| tree | a617e25a8700085eeb0039a4ee85bc8596b81490 | |
| parent | b93e9807c1cf1da10ebc1e73bf14756c65a42e51 (diff) | |
| download | phosphor-host-ipmid-efcd68b23d7dafb4038aa76e4c0914b9a54d0103.tar.gz phosphor-host-ipmid-efcd68b23d7dafb4038aa76e4c0914b9a54d0103.zip | |
Check the offset length in the Read FRU command
The offset length is validated against the size of the FRU area,
before proceeding with populating the response of the Read FRU command.
Resolves openbmc/openbmc#3132
Change-Id: I2bc660b7e389f5c85bac0acc8068dd53ab328a65
Signed-off-by: Tom Joseph <tomjoseph@in.ibm.com>
| -rw-r--r-- | storagehandler.cpp | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/storagehandler.cpp b/storagehandler.cpp index 6f97bef..3f1ebe2 100644 --- a/storagehandler.cpp +++ b/storagehandler.cpp @@ -652,6 +652,11 @@ ipmi_ret_t ipmi_storage_read_fru_data( const auto& fruArea = getFruAreaData(reqptr->fruID); auto size = fruArea.size(); + if (offset >= size) + { + return IPMI_CC_PARM_OUT_OF_RANGE; + } + // Write the count of response data. if ((offset + reqptr->count) <= size) { |
