diff options
| author | Vernon Mauery <vernon.mauery@linux.intel.com> | 2020-01-13 16:28:59 -0800 |
|---|---|---|
| committer | Vernon Mauery <vernon.mauery@linux.intel.com> | 2020-02-11 00:26:25 +0000 |
| commit | 51f781418013b993f4b3d5c1572ce19a5b93edf0 (patch) | |
| tree | f392f5d4a553cbd2afc8157a38ae05f6bfe38f2c /ipmid-new.cpp | |
| parent | df661155de7967c7b184ec04745f4db5b45e0245 (diff) | |
| download | phosphor-host-ipmid-master.tar.gz phosphor-host-ipmid-master.zip | |
Filters are executed first and the actual ipmi command handler will not
execute if the filter rejects it for any reason.
However, if a filter returns a value for a command that is not even
implemented, the old logic would return that value instead of command
not implemented (C1h). This is incorrect behavior.
This fix will run the filter and then check to see if the command is
registered. If the command is registered AND the filter has returned
some error, only then will the filter error get returned. If the command
is registered and the filter returns no error, the command is executed.
If the command is not registered, C1h is returned, as per the spec.
Tested:
1) Add some bogus command definitions to the whitelist filter
2) Run the bogus command
3) See that C1h is returned, not insufficient privilege
Change-Id: I069df8f47a169d6b2961460a561bf9cae6ae285c
Signed-off-by: Vernon Mauery <vernon.mauery@linux.intel.com>
Diffstat (limited to 'ipmid-new.cpp')
| -rw-r--r-- | ipmid-new.cpp | 16 |
1 files changed, 11 insertions, 5 deletions
diff --git a/ipmid-new.cpp b/ipmid-new.cpp index bb427f7..abd0a10 100644 --- a/ipmid-new.cpp +++ b/ipmid-new.cpp @@ -233,17 +233,18 @@ message::Response::ptr executeIpmiCommandCommon( { // filter the command first; a non-null message::Response::ptr // means that the message has been rejected for some reason - message::Response::ptr response = filterIpmiCommand(request); - if (response) - { - return response; - } + message::Response::ptr filterResponse = filterIpmiCommand(request); Cmd cmd = request->ctx->cmd; unsigned int key = makeCmdKey(keyCommon, cmd); auto cmdIter = handlers.find(key); if (cmdIter != handlers.end()) { + // only return the filter response if the command is found + if (filterResponse) + { + return filterResponse; + } HandlerTuple& chosen = cmdIter->second; if (request->ctx->priv < std::get<Privilege>(chosen)) { @@ -257,6 +258,11 @@ message::Response::ptr executeIpmiCommandCommon( cmdIter = handlers.find(wildcard); if (cmdIter != handlers.end()) { + // only return the filter response if the command is found + if (filterResponse) + { + return filterResponse; + } HandlerTuple& chosen = cmdIter->second; if (request->ctx->priv < std::get<Privilege>(chosen)) { |
