diff options
Diffstat (limited to 'meta-openbmc-mods/meta-common/recipes-phosphor/interfaces/bmcweb/eventservice/0008-Add-checks-on-Event-Subscription-input-parameters.patch')
-rw-r--r-- | meta-openbmc-mods/meta-common/recipes-phosphor/interfaces/bmcweb/eventservice/0008-Add-checks-on-Event-Subscription-input-parameters.patch | 92 |
1 files changed, 46 insertions, 46 deletions
diff --git a/meta-openbmc-mods/meta-common/recipes-phosphor/interfaces/bmcweb/eventservice/0008-Add-checks-on-Event-Subscription-input-parameters.patch b/meta-openbmc-mods/meta-common/recipes-phosphor/interfaces/bmcweb/eventservice/0008-Add-checks-on-Event-Subscription-input-parameters.patch index 874c82e2f..84ceb4ba8 100644 --- a/meta-openbmc-mods/meta-common/recipes-phosphor/interfaces/bmcweb/eventservice/0008-Add-checks-on-Event-Subscription-input-parameters.patch +++ b/meta-openbmc-mods/meta-common/recipes-phosphor/interfaces/bmcweb/eventservice/0008-Add-checks-on-Event-Subscription-input-parameters.patch @@ -1,4 +1,4 @@ -From b43da33c7bc9ad4d5eea35c9ba68efdd6ed6d34d Mon Sep 17 00:00:00 2001 +From 05fdea2bb8e486b058d137a067ce1f5c885d2a96 Mon Sep 17 00:00:00 2001 From: Nitin Wankhade <nitinx.arunrao.wankhade@intel.com> Date: Mon, 28 Jun 2021 19:59:57 +0000 Subject: [PATCH] Add checks on Event Subscription input parameters @@ -17,16 +17,16 @@ Tested Change-Id: Iec2cd766c0e137b72706fc2da468d4fefd8fbaae Signed-off-by: Nitin Wankhade <nitinx.arunrao.wankhade@intel.com> --- - redfish-core/lib/event_service.hpp | 30 +++++++++++++++++++++++++++++- - 1 file changed, 29 insertions(+), 1 deletion(-) + redfish-core/lib/event_service.hpp | 30 ++++++++++++++++++++++++++++++ + 1 file changed, 30 insertions(+) diff --git a/redfish-core/lib/event_service.hpp b/redfish-core/lib/event_service.hpp -index ed4955e..0cb0f00 100644 +index 52b01e5..f8a1671 100644 --- a/redfish-core/lib/event_service.hpp +++ b/redfish-core/lib/event_service.hpp -@@ -16,6 +16,10 @@ - #pragma once - #include "event_service_manager.hpp" +@@ -19,6 +19,10 @@ + #include <app.hpp> + #include <registries/privilege_registry.hpp> +#define MAX_CONTEXT_SIZE 256 +#define MAX_DESTINATION_SIZE 1024 @@ -35,50 +35,50 @@ index ed4955e..0cb0f00 100644 namespace redfish { static constexpr const std::array<const char*, 3> supportedRetryPolicies = { -@@ -243,7 +247,11 @@ class EventDestinationCollection : public Node - { - return; - } -- -+ if (destUrl.size() > MAX_DESTINATION_SIZE) -+ { -+ messages::propertySizeExceeded(asyncResp->res, "Destination"); -+ return; -+ } - if (regPrefixes && msgIds) - { - if (regPrefixes->size() && msgIds->size()) -@@ -350,11 +358,31 @@ class EventDestinationCollection : public Node +@@ -220,6 +224,12 @@ inline void requestRoutesEventDestinationCollection(App& app) + return; + } - if (context) - { -+ if (context->size() > MAX_CONTEXT_SIZE) -+ { -+ messages::propertySizeExceeded(asyncResp->res, "Context"); -+ return; -+ } - subValue->customText = *context; - } ++ if (destUrl.size() > MAX_DESTINATION_SIZE) ++ { ++ messages::propertySizeExceeded(asyncResp->res, "Destination"); ++ return; ++ } ++ + if (regPrefixes && msgIds) + { + if (regPrefixes->size() && msgIds->size()) +@@ -330,11 +340,31 @@ inline void requestRoutesEventDestinationCollection(App& app) - if (headers) - { -+ size_t cumulativeLen = 0; + if (context) + { ++ if (context->size() > MAX_CONTEXT_SIZE) ++ { ++ messages::propertySizeExceeded(asyncResp->res, "Context"); ++ return; ++ } + subValue->customText = *context; + } + + if (headers) + { ++ size_t cumulativeLen = 0; + -+ for (nlohmann::json& itr : *headers) -+ { -+ std::string hdr{itr.dump( -+ -1, ' ', true, nlohmann::json::error_handler_t::replace)}; -+ cumulativeLen += hdr.length(); ++ for (nlohmann::json& itr : *headers) ++ { ++ std::string hdr{itr.dump( ++ -1, ' ', true, nlohmann::json::error_handler_t::replace)}; ++ cumulativeLen += hdr.length(); + -+ if (cumulativeLen > MAX_HEADER_SIZE) -+ { -+ messages::propertySizeExceeded(asyncResp->res, ++ if (cumulativeLen > MAX_HEADER_SIZE) ++ { ++ messages::propertySizeExceeded(asyncResp->res, + "HttpHeaders"); -+ return; -+ } -+ } - subValue->httpHeaders = *headers; - } ++ return; ++ } ++ } + subValue->httpHeaders = *headers; + } -- 2.17.1 |