From 05fdea2bb8e486b058d137a067ce1f5c885d2a96 Mon Sep 17 00:00:00 2001
From: Nitin Wankhade <nitinx.arunrao.wankhade@intel.com>
Date: Mon, 28 Jun 2021 19:59:57 +0000
Subject: [PATCH] Add checks on Event Subscription input parameters

There is no check on the size of input parameters(Context,
Destination and Header) during Event Subscription.This
creates out of memory situation.
This commit checks for the size of input parameters and
rejects if it is exceeding the input size limits.

Tested
  - Validated using POST on Event Subscription.
  - When Context, Destination and Headers were too long,
    received a error message denoting the same.

Change-Id: Iec2cd766c0e137b72706fc2da468d4fefd8fbaae
Signed-off-by: Nitin Wankhade <nitinx.arunrao.wankhade@intel.com>
---
 redfish-core/lib/event_service.hpp | 30 ++++++++++++++++++++++++++++++
 1 file changed, 30 insertions(+)

diff --git a/redfish-core/lib/event_service.hpp b/redfish-core/lib/event_service.hpp
index 52b01e5..f8a1671 100644
--- a/redfish-core/lib/event_service.hpp
+++ b/redfish-core/lib/event_service.hpp
@@ -19,6 +19,10 @@
 #include <app.hpp>
 #include <registries/privilege_registry.hpp>
 
+#define MAX_CONTEXT_SIZE 256
+#define MAX_DESTINATION_SIZE 1024
+#define MAX_HEADER_SIZE 8096
+
 namespace redfish
 {
 static constexpr const std::array<const char*, 3> supportedRetryPolicies = {
@@ -220,6 +224,12 @@ inline void requestRoutesEventDestinationCollection(App& app)
                     return;
                 }
 
+                if (destUrl.size() > MAX_DESTINATION_SIZE)
+                {
+                    messages::propertySizeExceeded(asyncResp->res, "Destination");
+                    return;
+                }
+
                 if (regPrefixes && msgIds)
                 {
                     if (regPrefixes->size() && msgIds->size())
@@ -330,11 +340,31 @@ inline void requestRoutesEventDestinationCollection(App& app)
 
                 if (context)
                 {
+                    if (context->size() > MAX_CONTEXT_SIZE)
+                    {
+                        messages::propertySizeExceeded(asyncResp->res, "Context");
+                        return;
+                    }
                     subValue->customText = *context;
                 }
 
                 if (headers)
                 {
+                    size_t cumulativeLen = 0;
+
+                    for (nlohmann::json& itr : *headers)
+                    {
+                        std::string hdr{itr.dump(
+                            -1, ' ', true, nlohmann::json::error_handler_t::replace)};
+                        cumulativeLen += hdr.length();
+
+                        if (cumulativeLen > MAX_HEADER_SIZE)
+                        {
+                            messages::propertySizeExceeded(asyncResp->res,
+                                                   "HttpHeaders");
+                            return;
+                        }
+                    }
                     subValue->httpHeaders = *headers;
                 }
 
-- 
2.17.1