| #
20bab748 |
| 24-May-2024 |
Andrew Geissler <geissonator@yahoo.com> |
SrvRqst: Add bounds checking on buffer parsing
There are multiple length fields provided by the user in this command.
Need to ensure those lengths do not exceed the input buffer size.
Tested:
- Exe
SrvRqst: Add bounds checking on buffer parsing
There are multiple length fields provided by the user in this command.
Need to ensure those lengths do not exceed the input buffer size.
Tested:
- Executed new unit tests successfully
Change-Id: Ife4b74d7541d6939bdc30a381fc5cc80cfd24057
Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
show more ...
|
| #
eebd0815 |
| 24-May-2024 |
Andrew Geissler <geissonator@yahoo.com> |
Only allow a maximum packet size of 255 bytes
This code was written with an assumption that the input/output buffer
sizes would not exceed 255 bytes. The assumption can be seen throughout
the code w
Only allow a maximum packet size of 255 bytes
This code was written with an assumption that the input/output buffer
sizes would not exceed 255 bytes. The assumption can be seen throughout
the code where it is using a "uint8_t" for size calculations when doing
offsets into the data buffers.
As this application was written for OpenBMC and the service list
provided by OpenBMC is very minimal, supporting a maximum request
buffer of 255 bytes is a fine assumption. Just need to enforce it.
Without this change, very unexpected things can happen with uint8_t
overflow issues when a packet size greater then 255 bytes is passed in
or created internally.
Tested:
- Verified a request with a packet size over 255 bytes is rejected
Change-Id: Icec15fe100d6514a3309fa89e9f79d565de05553
Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
show more ...
|
| #
edf88cb2 |
| 04-Apr-2023 |
Patrick Williams <patrick@stwcx.xyz> |
error: fix handling of error codes
GCC correctly warning as follows:
```
inlined from ‘slp::buffer slp::handler::processError(const slp::Message&, uint8_t)’ at slp_message_handler.cpp:363:16:
/
error: fix handling of error codes
GCC correctly warning as follows:
```
inlined from ‘slp::buffer slp::handler::processError(const slp::Message&, uint8_t)’ at slp_message_handler.cpp:363:16:
/usr/lib/gcc/x86_64-pc-linux-gnu/12/include/g++-v12/bits/stl_algobase.h:431:30: warning: ‘void* __builtin_memmove(void*, const void*, long unsigned int)’ reading 2 bytes from a region of size 1 [-Wstringop-overread]
431 | __builtin_memmove(__result, __first, sizeof(_Tp) * _Num);
| ~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
slp_message_handler.cpp: In function ‘slp::buffer slp::handler::processError(const slp::Message&, uint8_t)’:
slp_message_handler.cpp:358:49: note: source object ‘err’ of size 1
```
We were taking the address of a `uint8_t` and copying two bytes of it.
The original code was not correct anyhow because it used a static
OFFSET_ERROR constant. The location of errors is not constant because
it depends on the length of the language tag. Modify the code to
correctly place the 1 byte error type into the 2nd byte of the error
field, which is calculated as immediately after the language tag.
Change-Id: I1bee6bdb1b6301403cf1dff319641587c683f799
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
show more ...
|
| #
537ff140 |
| 01-Nov-2018 |
Patrick Venture <venture@google.com> |
add clang-format to repo for style
Add .clang-format to repo for style.
Change-Id: I286b3b245550d6a736d7df797f0ce21b51d7a235
Signed-off-by: Patrick Venture <venture@google.com>
|
| #
ead7a3ca |
| 05-Jan-2017 |
Ratan Gupta <ratagupt@in.ibm.com> |
Read the slp service info.
Read the info from the services file which are in the
services dir.
Change-Id: If31b98af8eea55d75356d895afa42bf6c3cb6493
Signed-off-by: Ratan Gupta <ratagupt@in.ibm.com>
|
| #
309ac445 |
| 13-Dec-2016 |
Ratan Gupta <ratagupt@in.ibm.com> |
SLP Server
This contains the entry point for the SLP
and starts the SLP Server.
Change-Id: I5976c8168a1af2703143c9bead61583197949115
Signed-off-by: Ratan Gupta <ratagupt@in.ibm.com>
|