diff options
author | Ed Tanous <edtanous@google.com> | 2021-02-19 19:51:17 +0300 |
---|---|---|
committer | Ed Tanous <ed@tanous.net> | 2021-02-19 23:39:57 +0300 |
commit | 71f52d96b51bda2a2f00374237f368e980396692 (patch) | |
tree | 1f14b4489ac5b383dbcadc055f7aa42a0e5c6dbc /redfish-core/lib/ethernet.hpp | |
parent | 797ac9a28e0fc9d156a143aa84457360a8bb6fcb (diff) | |
download | bmcweb-71f52d96b51bda2a2f00374237f368e980396692.tar.xz |
Fix nlohmann::json::dump calls
The nlohmann::json::dump call needs to be called with specific arguments
to avoid throwing in failure cases. http connection already does this
properly, but a bunch of code has snuck in (mostly in redfish) that
ignores this, and calls it incorrectly. This can potentially lead to a
crash if the wrong thing throws on invalid UTF8 characters.
This audits the whole codebase, and replaces every dump() call with the
correct dump(2, ' ', true, nlohmann::json::error_handler_t::replace)
call. For correct output, the callers should expect no change, and in
practice, this would require injecting non-utf8 characters into the
BMC.
Tested:
Ran several of the endpoints/error conditions in question, including
some of the error cases. Observed correct responses. I don't know of a
security issue that would allow injecting invalid utf8 into the BMC, but
in theory if it were possible, this would prevent a crash.
Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: I4a15b8e260e3db129bc20484ade4ed5449f75ad0
Diffstat (limited to 'redfish-core/lib/ethernet.hpp')
-rw-r--r-- | redfish-core/lib/ethernet.hpp | 34 |
1 files changed, 26 insertions, 8 deletions
diff --git a/redfish-core/lib/ethernet.hpp b/redfish-core/lib/ethernet.hpp index 159eda2433..4dfef0fcfa 100644 --- a/redfish-core/lib/ethernet.hpp +++ b/redfish-core/lib/ethernet.hpp @@ -1403,8 +1403,11 @@ class EthernetInterface : public Node { if ((!input.is_array()) || input.empty()) { - messages::propertyValueTypeError(asyncResp->res, input.dump(), - "IPv4StaticAddresses"); + messages::propertyValueTypeError( + asyncResp->res, + input.dump(2, ' ', true, + nlohmann::json::error_handler_t::replace), + "IPv4StaticAddresses"); return; } @@ -1432,7 +1435,10 @@ class EthernetInterface : public Node "Gateway", gateway)) { messages::propertyValueFormatError( - asyncResp->res, thisJson.dump(), pathString); + asyncResp->res, + thisJson.dump(2, ' ', true, + nlohmann::json::error_handler_t::replace), + pathString); return; } @@ -1552,7 +1558,10 @@ class EthernetInterface : public Node return; } messages::propertyValueFormatError( - asyncResp->res, thisJson.dump(), pathString); + asyncResp->res, + thisJson.dump(2, ' ', true, + nlohmann::json::error_handler_t::replace), + pathString); return; } @@ -1598,8 +1607,11 @@ class EthernetInterface : public Node { if (!input.is_array() || input.empty()) { - messages::propertyValueTypeError(asyncResp->res, input.dump(), - "IPv6StaticAddresses"); + messages::propertyValueTypeError( + asyncResp->res, + input.dump(2, ' ', true, + nlohmann::json::error_handler_t::replace), + "IPv6StaticAddresses"); return; } size_t entryIdx = 1; @@ -1620,7 +1632,10 @@ class EthernetInterface : public Node prefixLength)) { messages::propertyValueFormatError( - asyncResp->res, thisJson.dump(), pathString); + asyncResp->res, + thisJson.dump(2, ' ', true, + nlohmann::json::error_handler_t::replace), + pathString); return; } @@ -1687,7 +1702,10 @@ class EthernetInterface : public Node return; } messages::propertyValueFormatError( - asyncResp->res, thisJson.dump(), pathString); + asyncResp->res, + thisJson.dump(2, ' ', true, + nlohmann::json::error_handler_t::replace), + pathString); return; } |