diff options
author | Ed Tanous <ed.tanous@intel.com> | 2018-10-29 21:40:58 +0300 |
---|---|---|
committer | Ed Tanous <ed.tanous@intel.com> | 2018-11-01 17:17:38 +0300 |
commit | 27826b5f6a4e886a5d4c1b3775b5d62d0438da95 (patch) | |
tree | 6aadd6e28c630dcb4b918e6b00c3dcdcf670ff32 | |
parent | cc9139ec3fe5e354d046d5e00f33a5e97426924e (diff) | |
download | bmcweb-27826b5f6a4e886a5d4c1b3775b5d62d0438da95.tar.xz |
bmcweb: fix a possible buffer overflow issue
This commit fixes a possible buffer overflow that could occur if dbus
paths don't follow the dbus specification.
Change-Id: Ib3c5d4743b1ac7f65a480a88613267ec0b4b7c2b
Signed-off-by: Ed Tanous <ed.tanous@intel.com>
-rw-r--r-- | redfish-core/lib/update_service.hpp | 7 |
1 files changed, 3 insertions, 4 deletions
diff --git a/redfish-core/lib/update_service.hpp b/redfish-core/lib/update_service.hpp index e4d5798961..74638bbd87 100644 --- a/redfish-core/lib/update_service.hpp +++ b/redfish-core/lib/update_service.hpp @@ -21,6 +21,7 @@ namespace redfish { + static std::unique_ptr<sdbusplus::bus::match::match> fwUpdateMatcher; class UpdateService : public Node @@ -233,15 +234,13 @@ class SoftwareInventoryCollection : public Node &connections = obj.second; // if can't parse fw id then return - std::size_t idPos = obj.first.rfind("/"); - if (idPos == std::string::npos || - idPos + 1 == obj.first.size()) + std::size_t idPos; + if ((idPos = obj.first.rfind("/")) == std::string::npos) { messages::internalError(asyncResp->res); BMCWEB_LOG_DEBUG << "Can't parse firmware ID!!"; return; } - std::string swId = obj.first.substr(idPos + 1); for (auto &conn : connections) |