Fix out of band issue. In some case array or string is possible to be

illegal accessed. Fix with add boundry checking. Verified with deployed system, check with system host-list command to ensure get_adminAction_str/get_adminState_str/get_operState_str in nodeClass correct,daemon_init in rmon with no error message, active monitor is corect for hbsClient and pmon is correct in hbsClient.log and pmon.log Closes-Bug: 1795110 Change-Id: Iff81d93702cfa5636c3d8c9567363ff9601be5f6 Signed-off-by: Martin, Chen <haochuan.z.chen@intel.com>
2018-10-30 13:55:20 +08:00 · 2018-10-30 13:55:20 +08:00 · 85cd4ebf2e
parent f5de6cc2d6
commit 85cd4ebf2e
4 changed files with 15 additions and 15 deletions
--- a/mtce/src/common/nodeClass.cpp
+++ b/mtce/src/common/nodeClass.cpp
@ -77,7 +77,7 @@ const char mtc_nodeAdminAction_str[MTC_ADMIN_ACTIONS][20] =

 const char * get_adminAction_str ( mtc_nodeAdminAction_enum action )
 {
-    if ( action > MTC_ADMIN_ACTIONS )
+    if ( action >= MTC_ADMIN_ACTIONS )
    {
        slog ("Invalid admin action (%d)\n", action);
        action = MTC_ADMIN_ACTION__NONE ;
@ -94,7 +94,7 @@ const char mtc_nodeAdminState_str[MTC_ADMIN_STATES][15] =

 string get_adminState_str ( mtc_nodeAdminState_enum adminState )
 {
-    if ( adminState > MTC_ADMIN_STATES )
+    if ( adminState >= MTC_ADMIN_STATES )
    {
        slog ("Invalid admin state (%d)\n", adminState );
        adminState = MTC_ADMIN_STATE__LOCKED ;
@ -120,7 +120,7 @@ const char mtc_nodeOperState_str[MTC_OPER_STATES][15] =

 string get_operState_str ( mtc_nodeOperState_enum operState )
 {
-    if ( operState > MTC_OPER_STATES )
+    if ( operState >= MTC_OPER_STATES )
    {
        slog ("Invalid oper state (%d)\n", operState );
        operState = MTC_OPER_STATE__DISABLED ;
@ -7554,24 +7554,24 @@ void nodeLinkClass::manage_pulse_flags ( struct nodeLinkClass::node * node_ptr,
 int nodeLinkClass::create_pulse_list ( iface_enum iface )
 {
    struct node * ptr = head ;
-    pulses[iface] = 0 ;
-    
-    /* No check-in list if there is no inventory */
-    if (( head == NULL ) || ( hosts == 0 ))
-    {
-        return (pulses[iface]) ;       
-    }

    if ( iface >= MAX_IFACES )
    {
        dlog ("Invalid interface (%d)\n", iface );
-        return (pulses[iface]);
+        return 0;
    }

+    pulses[iface] = 0;
    pulse_list[iface].last_ptr = NULL ;
    pulse_list[iface].head_ptr = NULL ;
    pulse_list[iface].tail_ptr = NULL ;

+    /* No check-in list if there is no inventory */
+    if (( head == NULL ) || ( hosts == 0 ))
+    {
+        return 0;
+    }
+
    /* walk the node list looking for nodes that should be monitored */
    for ( ; ptr != NULL ; ptr = ptr->next )
    {
--- a/mtce/src/hwmon/hwmonThreads.cpp
+++ b/mtce/src/hwmon/hwmonThreads.cpp
@ -567,7 +567,7 @@ void * hwmonThread_ipmitool ( void * arg )
                             * start at 1 to handle the 'i-1' case   */

                            int i = 1 ; /* aka character in line count or index */
-                            while (( buffer[i+1] != '\0' ) && ( i < IPMITOOL_MAX_LINE_LEN ))
+                            while (( buffer[i] != '\0' ) && ( i < IPMITOOL_MAX_LINE_LEN ))
                            {
                                if ( buffer[i] == '|' )
                                {
--- a/mtce/src/public/amon.c
+++ b/mtce/src/public/amon.c
@ -209,7 +209,7 @@ int  active_monitor_dispatch ( void )
    do
    {
        memset ( amon.rx_buf, 0 , AMON_MAX_LEN );
-        rc = recvfrom ( amon.rx_sock, amon.rx_buf, AMON_MAX_LEN, 0,
+        rc = recvfrom ( amon.rx_sock, amon.rx_buf, AMON_MAX_LEN-1, 0,
                        (struct sockaddr *)&amon.rx_addr, &len);
        if ( rc == -1 )
        {
--- a/mtce/src/rmon/rmonHdlr.cpp
+++ b/mtce/src/rmon/rmonHdlr.cpp
@ -653,7 +653,7 @@ int rmon_hdlr_init ( rmon_ctrl_type * ctrl_ptr )
    /* Initialize the Resource Monitor Array */
    memset ( (char*)&resource_config[0], 0, sizeof(resource_config_type)*MAX_RESOURCES);
    memset ( (char*)&interface_resource_config[0], 0, sizeof(interface_resource_config_type)*MAX_RESOURCES);
-    memset ( (char*)&thinmeta_resource_config[0], 0, sizeof(interface_resource_config_type)*MAX_RESOURCES);
+    memset ( (char*)&thinmeta_resource_config[0], 0, sizeof(thinmeta_resource_config_type)*MAX_RESOURCES);
    memset ( (char*)&registered_clt[0], 0, sizeof(registered_clients)*MAX_CLIENTS);

    /* Read in the list of config files and their contents */
@ -2676,7 +2676,7 @@ void add_fs_resource ( int resource_index, int criticality_index, int enabled,
    
    int i = _rmon_ctrl_ptr->resources;

-    if (i > MAX_RESOURCES) {
+    if (i >= MAX_RESOURCES) {
        wlog ("Cannot Monitor more than %d resources\n", MAX_RESOURCES ); 
    }
    else {