From b43da33c7bc9ad4d5eea35c9ba68efdd6ed6d34d Mon Sep 17 00:00:00 2001
From: Nitin Wankhade <nitinx.arunrao.wankhade@intel.com>
Date: Mon, 28 Jun 2021 19:59:57 +0000
Subject: [PATCH] Add checks on Event Subscription input parameters

There is no check on the size of input parameters(Context,
Destination and Header) during Event Subscription.This
creates out of memory situation.
This commit checks for the size of input parameters and
rejects if it is exceeding the input size limits.

Tested
  - Validated using POST on Event Subscription.
  - When Context, Destination and Headers were too long,
    received a error message denoting the same.

Change-Id: Iec2cd766c0e137b72706fc2da468d4fefd8fbaae
Signed-off-by: Nitin Wankhade <nitinx.arunrao.wankhade@intel.com>
---
 redfish-core/lib/event_service.hpp | 30 +++++++++++++++++++++++++++++-
 1 file changed, 29 insertions(+), 1 deletion(-)

diff --git a/redfish-core/lib/event_service.hpp b/redfish-core/lib/event_service.hpp
index ed4955e..0cb0f00 100644
--- a/redfish-core/lib/event_service.hpp
+++ b/redfish-core/lib/event_service.hpp
@@ -16,6 +16,10 @@
 #pragma once
 #include "event_service_manager.hpp"
 
+#define MAX_CONTEXT_SIZE 256
+#define MAX_DESTINATION_SIZE 1024
+#define MAX_HEADER_SIZE 8096
+
 namespace redfish
 {
 static constexpr const std::array<const char*, 3> supportedRetryPolicies = {
@@ -243,7 +247,11 @@ class EventDestinationCollection : public Node
         {
             return;
         }
-
+        if (destUrl.size() > MAX_DESTINATION_SIZE)
+        {
+            messages::propertySizeExceeded(asyncResp->res, "Destination");
+            return;
+        }
         if (regPrefixes && msgIds)
         {
             if (regPrefixes->size() && msgIds->size())
@@ -350,11 +358,31 @@ class EventDestinationCollection : public Node
 
         if (context)
         {
+            if (context->size() > MAX_CONTEXT_SIZE)
+            {
+                messages::propertySizeExceeded(asyncResp->res, "Context");
+                return;
+            }
             subValue->customText = *context;
         }
 
         if (headers)
         {
+            size_t cumulativeLen = 0;
+
+            for (nlohmann::json& itr : *headers)
+            {
+                std::string hdr{itr.dump(
+                    -1, ' ', true, nlohmann::json::error_handler_t::replace)};
+                cumulativeLen += hdr.length();
+
+                if (cumulativeLen > MAX_HEADER_SIZE)
+                {
+                    messages::propertySizeExceeded(asyncResp->res,
+                                                   "HttpHeaders");
+                    return;
+                }
+            }
             subValue->httpHeaders = *headers;
         }
 
-- 
2.17.1