1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
|
From ee758f1f97890f51707e72b3c6b08c8c46c41595 Mon Sep 17 00:00:00 2001
From: Nitin Wankhade <nitinx.arunrao.wankhade@intel.com>
Date: Mon, 28 Jun 2021 19:59:57 +0000
Subject: [PATCH] Add checks on Event Subscription input parameters
There is no check on the size of input parameters(Context,
Destination and Header) during Event Subscription.This
creates out of memory situation.
This commit checks for the size of input parameters and
rejects if it is exceeding the input size limits.
Tested
- Validated using POST on Event Subscription.
- When Context, Destination and Headers were too long,
received a error message denoting the same.
Change-Id: Iec2cd766c0e137b72706fc2da468d4fefd8fbaae
Signed-off-by: Nitin Wankhade <nitinx.arunrao.wankhade@intel.com>
Signed-off-by: P Dheeraj Srujan Kumar <p.dheeraj.srujan.kumar@intel.com>
---
redfish-core/lib/event_service.hpp | 26 ++++++++++++++++++++++++++
1 file changed, 26 insertions(+)
diff --git a/redfish-core/lib/event_service.hpp b/redfish-core/lib/event_service.hpp
index 15e45dc..27dec86 100644
--- a/redfish-core/lib/event_service.hpp
+++ b/redfish-core/lib/event_service.hpp
@@ -22,6 +22,10 @@
#include <span>
+#define MAX_CONTEXT_SIZE 256
+#define MAX_DESTINATION_SIZE 1024
+#define MAX_HEADER_SIZE 8096
+
namespace redfish
{
static constexpr const std::array<const char*, 3> supportedRetryPolicies = {
@@ -223,6 +227,12 @@ inline void requestRoutesEventDestinationCollection(App& app)
return;
}
+ if (destUrl.size() > MAX_DESTINATION_SIZE)
+ {
+ messages::propertySizeExceeded(asyncResp->res, "Destination");
+ return;
+ }
+
if (regPrefixes && msgIds)
{
if (regPrefixes->size() && msgIds->size())
@@ -333,13 +343,29 @@ inline void requestRoutesEventDestinationCollection(App& app)
if (context)
{
+ if (context->size() > MAX_CONTEXT_SIZE)
+ {
+ messages::propertySizeExceeded(asyncResp->res, "Context");
+ return;
+ }
subValue->customText = *context;
}
if (headers)
{
+ size_t cumulativeLen = 0;
+
for (const nlohmann::json& headerChunk : *headers)
{
+ std::string hdr{headerChunk.dump(
+ -1, ' ', true, nlohmann::json::error_handler_t::replace)};
+ cumulativeLen += hdr.length();
+ if (cumulativeLen > MAX_HEADER_SIZE)
+ {
+ messages::propertySizeExceeded(asyncResp->res,
+ "HttpHeaders");
+ return;
+ }
for (const auto& item : headerChunk.items())
{
const std::string* value =
--
2.17.1
|
