starlingx
/
metal
Code Issues Proposed changes

Fix out of band issue. In some case array or string is possible to be 

illegal accessed. Fix with add boundry checking.

Verified with deployed system, check with system host-list command to
ensure get_adminAction_str/get_adminState_str/get_operState_str in
nodeClass correct,daemon_init in rmon with no error message, active
monitor is corect for hbsClient and pmon is correct in hbsClient.log
and pmon.log

Closes-Bug: 1795110

Change-Id: Iff81d93702cfa5636c3d8c9567363ff9601be5f6
Signed-off-by: Martin, Chen <haochuan.z.chen@intel.com>
This commit is contained in:
haochuan 2018-10-30 13:55:20 +08:00 committed by Martin, Chen
parent f5de6cc2d6
commit 85cd4ebf2e
4 changed files with 15 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
mtce/src/common/nodeClass.cpp
View File

@ -77,7 +77,7 @@ const char mtc_nodeAdminAction_str[MTC_ADMIN_ACTIONS][20] =
const char * get_adminAction_str ( mtc_nodeAdminAction_enum action ) const char * get_adminAction_str ( mtc_nodeAdminAction_enum action )
{ {
if ( action > MTC_ADMIN_ACTIONS ) if ( action >= MTC_ADMIN_ACTIONS )
{ {
slog ("Invalid admin action (%d)\n", action); slog ("Invalid admin action (%d)\n", action);
action = MTC_ADMIN_ACTION__NONE ; action = MTC_ADMIN_ACTION__NONE ;
@ -94,7 +94,7 @@ const char mtc_nodeAdminState_str[MTC_ADMIN_STATES][15] =
string get_adminState_str ( mtc_nodeAdminState_enum adminState ) string get_adminState_str ( mtc_nodeAdminState_enum adminState )
{ {
if ( adminState > MTC_ADMIN_STATES ) if ( adminState >= MTC_ADMIN_STATES )
{ {
slog ("Invalid admin state (%d)\n", adminState ); slog ("Invalid admin state (%d)\n", adminState );
adminState = MTC_ADMIN_STATE__LOCKED ; adminState = MTC_ADMIN_STATE__LOCKED ;
@ -120,7 +120,7 @@ const char mtc_nodeOperState_str[MTC_OPER_STATES][15] =
string get_operState_str ( mtc_nodeOperState_enum operState ) string get_operState_str ( mtc_nodeOperState_enum operState )
{ {
if ( operState > MTC_OPER_STATES ) if ( operState >= MTC_OPER_STATES )
{ {
slog ("Invalid oper state (%d)\n", operState ); slog ("Invalid oper state (%d)\n", operState );
operState = MTC_OPER_STATE__DISABLED ; operState = MTC_OPER_STATE__DISABLED ;
@ -7554,24 +7554,24 @@ void nodeLinkClass::manage_pulse_flags ( struct nodeLinkClass::node * node_ptr,
int nodeLinkClass::create_pulse_list ( iface_enum iface ) int nodeLinkClass::create_pulse_list ( iface_enum iface )
{ {
struct node * ptr = head ; struct node * ptr = head ;
pulses[iface] = 0 ;
/* No check-in list if there is no inventory */
if (( head == NULL ) || ( hosts == 0 ))
{
return (pulses[iface]) ;
}
if ( iface >= MAX_IFACES ) if ( iface >= MAX_IFACES )
{ {
dlog ("Invalid interface (%d)\n", iface ); dlog ("Invalid interface (%d)\n", iface );
return (pulses[iface]); return 0;
} }
pulses[iface] = 0;
pulse_list[iface].last_ptr = NULL ; pulse_list[iface].last_ptr = NULL ;
pulse_list[iface].head_ptr = NULL ; pulse_list[iface].head_ptr = NULL ;
pulse_list[iface].tail_ptr = NULL ; pulse_list[iface].tail_ptr = NULL ;
/* No check-in list if there is no inventory */
if (( head == NULL ) || ( hosts == 0 ))
{
return 0;
}
/* walk the node list looking for nodes that should be monitored */ /* walk the node list looking for nodes that should be monitored */
for ( ; ptr != NULL ; ptr = ptr->next ) for ( ; ptr != NULL ; ptr = ptr->next )
{ {

2
mtce/src/hwmon/hwmonThreads.cpp
View File

@ -567,7 +567,7 @@ void * hwmonThread_ipmitool ( void * arg )
* start at 1 to handle the 'i-1' case */ * start at 1 to handle the 'i-1' case */
int i = 1 ; /* aka character in line count or index */ int i = 1 ; /* aka character in line count or index */
while (( buffer[i+1] != '\0' ) && ( i < IPMITOOL_MAX_LINE_LEN )) while (( buffer[i] != '\0' ) && ( i < IPMITOOL_MAX_LINE_LEN ))
{ {
if ( buffer[i] == '|' ) if ( buffer[i] == '|' )
{ {

2
mtce/src/public/amon.c
View File

@ -209,7 +209,7 @@ int active_monitor_dispatch ( void )
do do
{ {
memset ( amon.rx_buf, 0 , AMON_MAX_LEN ); memset ( amon.rx_buf, 0 , AMON_MAX_LEN );
rc = recvfrom ( amon.rx_sock, amon.rx_buf, AMON_MAX_LEN, 0, rc = recvfrom ( amon.rx_sock, amon.rx_buf, AMON_MAX_LEN-1, 0,
(struct sockaddr *)&amon.rx_addr, &len); (struct sockaddr *)&amon.rx_addr, &len);
if ( rc == -1 ) if ( rc == -1 )
{ {

4
mtce/src/rmon/rmonHdlr.cpp
View File

@ -653,7 +653,7 @@ int rmon_hdlr_init ( rmon_ctrl_type * ctrl_ptr )
/* Initialize the Resource Monitor Array */ /* Initialize the Resource Monitor Array */
memset ( (char*)&resource_config[0], 0, sizeof(resource_config_type)*MAX_RESOURCES); memset ( (char*)&resource_config[0], 0, sizeof(resource_config_type)*MAX_RESOURCES);
memset ( (char*)&interface_resource_config[0], 0, sizeof(interface_resource_config_type)*MAX_RESOURCES); memset ( (char*)&interface_resource_config[0], 0, sizeof(interface_resource_config_type)*MAX_RESOURCES);
memset ( (char*)&thinmeta_resource_config[0], 0, sizeof(interface_resource_config_type)*MAX_RESOURCES); memset ( (char*)&thinmeta_resource_config[0], 0, sizeof(thinmeta_resource_config_type)*MAX_RESOURCES);
memset ( (char*)&registered_clt[0], 0, sizeof(registered_clients)*MAX_CLIENTS); memset ( (char*)&registered_clt[0], 0, sizeof(registered_clients)*MAX_CLIENTS);
/* Read in the list of config files and their contents */ /* Read in the list of config files and their contents */
@ -2676,7 +2676,7 @@ void add_fs_resource ( int resource_index, int criticality_index, int enabled,
int i = _rmon_ctrl_ptr->resources; int i = _rmon_ctrl_ptr->resources;
if (i > MAX_RESOURCES) { if (i >= MAX_RESOURCES) {
wlog ("Cannot Monitor more than %d resources\n", MAX_RESOURCES ); wlog ("Cannot Monitor more than %d resources\n", MAX_RESOURCES );
} }
else { else {