diff options
author | Emily Shaffer <emilyshaffer@google.com> | 2018-09-27 14:50:15 -0700 |
---|---|---|
committer | Emily Shaffer <emilyshaffer@google.com> | 2018-10-01 14:08:15 -0700 |
commit | edb8bb069b5a5406dd06a6ef38251372ea988f5c (patch) | |
tree | dc084a9958431f6f377fc967eb53498ae19e2d2d /apphandler.cpp | |
parent | 6c9ee5196abdcf361e20fcec276b0c188f9ba803 (diff) | |
download | phosphor-host-ipmid-edb8bb069b5a5406dd06a6ef38251372ea988f5c.tar.gz phosphor-host-ipmid-edb8bb069b5a5406dd06a6ef38251372ea988f5c.zip |
apphandler: Fix buffer underflow in ipmi_app_get_device_guid
Change-Id: I7e27130bbe8bfc847f81968d850abacb8914ad78
Signed-off-by: Emily Shaffer <emilyshaffer@google.com>
Diffstat (limited to 'apphandler.cpp')
-rw-r--r-- | apphandler.cpp | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/apphandler.cpp b/apphandler.cpp index cbbd5f4..8c7df7c 100644 --- a/apphandler.cpp +++ b/apphandler.cpp @@ -447,6 +447,9 @@ ipmi_ret_t ipmi_app_get_device_guid(ipmi_netfn_t netfn, ipmi_cmd_t cmd, int i = 0; char* tokptr = NULL; char* id_octet = NULL; + size_t total_uuid_size = 0; + // 1 byte of resp is built from 2 chars of uuid. + constexpr size_t max_uuid_size = 2 * resp_size; // Status code. ipmi_ret_t rc = IPMI_CC_OK; @@ -495,6 +498,15 @@ ipmi_ret_t ipmi_app_get_device_guid(ipmi_netfn_t netfn, ipmi_cmd_t cmd, // Divide it by 2 for the array size since 1 byte is built from 2 chars int tmp_size = strlen(id_octet) / 2; + // Check if total UUID size has been exceeded + if ((total_uuid_size += strlen(id_octet)) > max_uuid_size) + { + // Error - UUID too long to store + log<level::ERR>("UUID too long", entry("UUID=%s", uuid)); + rc = IPMI_CC_RESPONSE_ERROR; + goto finish; + } + for (i = 0; i < tmp_size; i++) { // Holder of the 2 chars that will become a byte |