From 8e8c8e29dd7c0a2a448bebae6897d2f8c6030e5d Mon Sep 17 00:00:00 2001 From: Suryakanth Sekar Date: Fri, 30 Aug 2019 11:54:20 +0530 Subject: As per 802.1q,valid VLAN ID should be 0-4095 Issue: In Set LAN configuration, able to set VLAN ID out its range. Fix: Added proper conditions to validate the request. Tested: //Setting the VLAN with invalid VLAN ID (4096) ipmitool -I lanplus -U root -P 0penBmc -H raw 0x0c 0x01 0x01 0x14 0x00 0x90 0xCC //Invalid data field in request //Setting the VLAN ID reserved bits with VLAN ID disable ipmitool -I lanplus -U root -P 0penBmc -H raw 0x0c 0x01 0x01 0x14 0x00 0x70 0xCC //Invalid data field in request //Setting the VLAN ID reserved bits with VLAN ID enabled ipmitool -I lanplus -U root -P 0penBmc -H raw 0x0c 0x01 0x01 0x14 0x00 0xf0 0xCC //Invalid data field in request Signed-off-by: Rajashekar Gade Reddy Change-Id: I03987cff13845bdfb7156367fedee3d78b957651 --- transporthandler.cpp | 25 +++++++++++++++++++------ 1 file changed, 19 insertions(+), 6 deletions(-) diff --git a/transporthandler.cpp b/transporthandler.cpp index d7eef14..e112668 100644 --- a/transporthandler.cpp +++ b/transporthandler.cpp @@ -1497,17 +1497,30 @@ RspType<> setLan(uint4_t channelBits, uint4_t, uint8_t parameter, } case LanParam::VLANId: { - uint16_t vlanData; - if (req.unpack(vlanData) != 0 || !req.fullyUnpacked()) + uint12_t vlanData = 0; + uint3_t reserved = 0; + bool vlanEnable = 0; + + if (req.unpack(vlanData) || req.unpack(reserved) || + req.unpack(vlanEnable) || !req.fullyUnpacked()) { return responseReqDataLenInvalid(); } - if ((vlanData & VLAN_ENABLE_FLAG) == 0) + + if (reserved) + { + return responseInvalidFieldRequest(); + } + + uint16_t vlan = static_cast(vlanData); + + if (!vlanEnable) { - lastDisabledVlan[channel] = vlanData & VLAN_VALUE_MASK; - vlanData = 0; + lastDisabledVlan[channel] = vlan; + vlan = 0; } - channelCall(channel, vlanData & VLAN_VALUE_MASK); + channelCall(channel, vlan); + return responseSuccess(); } case LanParam::CiphersuiteSupport: -- cgit v1.2.1