From 71f52d96b51bda2a2f00374237f368e980396692 Mon Sep 17 00:00:00 2001 From: Ed Tanous Date: Fri, 19 Feb 2021 08:51:17 -0800 Subject: Fix nlohmann::json::dump calls The nlohmann::json::dump call needs to be called with specific arguments to avoid throwing in failure cases. http connection already does this properly, but a bunch of code has snuck in (mostly in redfish) that ignores this, and calls it incorrectly. This can potentially lead to a crash if the wrong thing throws on invalid UTF8 characters. This audits the whole codebase, and replaces every dump() call with the correct dump(2, ' ', true, nlohmann::json::error_handler_t::replace) call. For correct output, the callers should expect no change, and in practice, this would require injecting non-utf8 characters into the BMC. Tested: Ran several of the endpoints/error conditions in question, including some of the error cases. Observed correct responses. I don't know of a security issue that would allow injecting invalid utf8 into the BMC, but in theory if it were possible, this would prevent a crash. Signed-off-by: Ed Tanous Change-Id: I4a15b8e260e3db129bc20484ade4ed5449f75ad0 --- redfish-core/lib/hypervisor_system.hpp | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) (limited to 'redfish-core/lib/hypervisor_system.hpp') diff --git a/redfish-core/lib/hypervisor_system.hpp b/redfish-core/lib/hypervisor_system.hpp index 290bac7188..10b16f9656 100644 --- a/redfish-core/lib/hypervisor_system.hpp +++ b/redfish-core/lib/hypervisor_system.hpp @@ -553,8 +553,11 @@ class HypervisorInterface : public Node address, "SubnetMask", subnetMask, "Gateway", gateway)) { - messages::propertyValueFormatError(asyncResp->res, - thisJson.dump(), pathString); + messages::propertyValueFormatError( + asyncResp->res, + thisJson.dump(2, ' ', true, + nlohmann::json::error_handler_t::replace), + pathString); return; } -- cgit v1.2.3