osaf/libs/agents/saf/lga/lga_api.c | 18 +++++++++++++++++
tests/logsv/tet_saLogStreamOpen_2.c | 4 +++
tests/logsv/tet_saLogWriteLogAsync.c | 38 ++++++++++++++++++++++++++++++++++++
3 files changed, 60 insertions(+), 0 deletions(-)
When accidentally passing an invalid value of logBufSize to saLogWriteLogAsync()
such as a very large number which is caused by not using strlen() on logBuf,
it will cause a lot of troubles.
Add code to verify if logBufSize is calculated based on logBuf or not
and also prevent too big data sent to server side.
diff --git a/osaf/libs/agents/saf/lga/lga_api.c
b/osaf/libs/agents/saf/lga/lga_api.c
--- a/osaf/libs/agents/saf/lga/lga_api.c
+++ b/osaf/libs/agents/saf/lga/lga_api.c
@@ -996,6 +996,24 @@ static SaAisErrorT handle_log_record(con
ais_rc = SA_AIS_ERR_INVALID_PARAM;
goto done;
}
+
+ if (logRecord->logBuffer->logBuf != NULL) {
+ SaSizeT size = logRecord->logBuffer->logBufSize;
+ bool sizeOver = size > strlen((char
*)logRecord->logBuffer->logBuf) + 1;
+ /* Prevent log client accidently assign too big number
to logBufSize */
+ if (sizeOver == true) {
+ TRACE("logBufSize > strlen(logBuf) + 1");
+ ais_rc = SA_AIS_ERR_INVALID_PARAM;
+ goto done;
+ }
+
+ /* Prevent sending too big data to server side */
+ if (size > SA_LOG_MAX_RECORD_SIZE) {
+ TRACE("logBuf data is too big (max: %d)",
SA_LOG_MAX_RECORD_SIZE);
+ ais_rc = SA_AIS_ERR_INVALID_PARAM;
+ goto done;
+ }
+ }
}
/* Set timeStamp data if not provided by application user */
diff --git a/tests/logsv/tet_saLogStreamOpen_2.c
b/tests/logsv/tet_saLogStreamOpen_2.c
--- a/tests/logsv/tet_saLogStreamOpen_2.c
+++ b/tests/logsv/tet_saLogStreamOpen_2.c
@@ -724,6 +724,8 @@ extern void saLogWriteLogAsync_14(void);
extern void saLogWriteLogAsync_15(void);
extern void saLogWriteLogAsync_16(void);
extern void saLogWriteLogAsync_17(void);
+extern void saLogWriteLogAsync_18(void);
+extern void saLogWriteLogAsync_19(void);
extern void saLogWriteLogCallbackT_01(void);
extern void saLogWriteLogCallbackT_02(void);
extern void saLogWriteLogCallbackT_03(void);
@@ -774,6 +776,8 @@ extern void saLogStreamClose_01(void);
test_case_add(2, saLogWriteLogAsync_15, "saLogWriteAsyncLog() NTF
notificationObject length == 256");
test_case_add(2, saLogWriteLogAsync_16, "saLogWriteAsyncLog() NTF
notifyingObject length == 256");
test_case_add(2, saLogWriteLogAsync_17, "saLogWriteLogAsync() Generic
logSvcUsrName length == 256");
+ test_case_add(2, saLogWriteLogAsync_18, "saLogWriteLogAsync() logBufSize >
strlen(logBuf) + 1");
+ test_case_add(2, saLogWriteLogAsync_19, "saLogWriteLogAsync() logBufSize >
SA_LOG_MAX_RECORD_SIZE");
test_case_add(2, saLogWriteLogCallbackT_01, "saLogWriteLogCallbackT()
SA_DISPATCH_ONE");
test_case_add(2, saLogWriteLogCallbackT_02, "saLogWriteLogCallbackT()
SA_DISPATCH_ALL");
test_case_add(2, saLogFilterSetCallbackT_01, "saLogFilterSetCallbackT OK");
diff --git a/tests/logsv/tet_saLogWriteLogAsync.c
b/tests/logsv/tet_saLogWriteLogAsync.c
--- a/tests/logsv/tet_saLogWriteLogAsync.c
+++ b/tests/logsv/tet_saLogWriteLogAsync.c
@@ -514,3 +514,41 @@ void saLogWriteLogAsync_17(void)
test_validate(rc1, SA_AIS_ERR_INVALID_PARAM);
}
}
+
+/**
+ * saLogWriteAsyncLog() - logBufSize > strlen(logBuf) + 1
+ */
+void saLogWriteLogAsync_18(void)
+{
+ SaInvocationT invocation = 0;
+
+ strcpy((char*)genLogRecord.logBuffer->logBuf, __FUNCTION__);
+ genLogRecord.logBuffer->logBufSize = strlen(__FUNCTION__) + 2;
+ safassert(saLogInitialize(&logHandle, &logCallbacks, &logVersion),
SA_AIS_OK);
+ safassert(saLogStreamOpen_2(logHandle, &systemStreamName, NULL, 0,
+ SA_TIME_ONE_SECOND, &logStreamHandle),
SA_AIS_OK);
+ rc = saLogWriteLogAsync(logStreamHandle, invocation, 0, &genLogRecord);
+ safassert(saLogFinalize(logHandle), SA_AIS_OK);
+ test_validate(rc, SA_AIS_ERR_INVALID_PARAM);
+}
+
+/**
+ * saLogWriteAsyncLog() - big logBufSize > SA_LOG_MAX_RECORD_SIZE
+ */
+void saLogWriteLogAsync_19(void)
+{
+ SaInvocationT invocation = 0;
+ char logBuf[SA_LOG_MAX_RECORD_SIZE + 10];
+
+ memset(logBuf, 'A', sizeof(logBuf));
+ logBuf[sizeof(logBuf) - 1] = '\0';
+
+ genLogRecord.logBuffer->logBuf = (SaUint8T *)&logBuf;
+ genLogRecord.logBuffer->logBufSize = SA_LOG_MAX_RECORD_SIZE + 10;
+ safassert(saLogInitialize(&logHandle, &logCallbacks, &logVersion),
SA_AIS_OK);
+ safassert(saLogStreamOpen_2(logHandle, &systemStreamName, NULL, 0,
+ SA_TIME_ONE_SECOND, &logStreamHandle),
SA_AIS_OK);
+ rc = saLogWriteLogAsync(logStreamHandle, invocation, 0, &genLogRecord);
+ safassert(saLogFinalize(logHandle), SA_AIS_OK);
+ test_validate(rc, SA_AIS_ERR_INVALID_PARAM);
+}
------------------------------------------------------------------------------
Find and fix application performance issues faster with Applications Manager
Applications Manager provides deep performance insights into multiple tiers of
your business applications. It resolves application problems quickly and
reduces your MTTR. Get your free trial!
https://ad.doubleclick.net/ddm/clk/302982198;130105516;z
_______________________________________________
Opensaf-devel mailing list
Opensaf-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/opensaf-devel
