Ack,
Thanks,
Praveen
On 12-Sep-16 8:11 AM, Vu Minh Nguyen wrote:
> osaf/libs/agents/saf/ntfa/ntfa_api.c | 18 +++++
> osaf/libs/common/ntfsv/include/ntfsv_msg.h | 1 -
> osaf/libs/common/ntfsv/ntfsv_mem.c | 10 ++-
> osaf/services/saf/ntfsv/ntfs/NtfLogger.cc | 2 +-
> tests/ntfsv/tet_ntf_common.c | 5 +-
> tests/ntfsv/tet_saNtfNotificationSend.c | 92
> ++++++++++++++++++++++++++++++
> 6 files changed, 122 insertions(+), 6 deletions(-)
>
>
> In AIS, it states "additionalText length must be consistent with
> lengthAdditionalText"
> But NTFA did not check this. So, when data is passing to LOGA, ntfsv got
> invalid param.
>
> This patch adds the check. Also fix few error in ntftest - used `sizeof` to
> calculate
> the string length instead of `strlen`.
>
> Besides, adding an early check to avoid allocating a too long
> `additionalText`.
>
> diff --git a/osaf/libs/agents/saf/ntfa/ntfa_api.c
> b/osaf/libs/agents/saf/ntfa/ntfa_api.c
> --- a/osaf/libs/agents/saf/ntfa/ntfa_api.c
> +++ b/osaf/libs/agents/saf/ntfa/ntfa_api.c
> @@ -550,6 +550,24 @@ static SaAisErrorT checkHeader(v_data *p
> return rc;
> }
>
> + // AIS: additionalText must be consistent with lengthAdditionalText
> + if (nh->additionalText == NULL && nh->lengthAdditionalText != 0) {
> + TRACE_1("Mismatch b/w additionalText and lengthAdditionalText");
> + return SA_AIS_ERR_INVALID_PARAM;
> + }
> +
> + if (nh->lengthAdditionalText > MAX_ADDITIONAL_TEXT_LENGTH) {
> + TRACE_1("lengthAdditionalText is too long");
> + return SA_AIS_ERR_INVALID_PARAM;
> + }
> +
> + SaUint16T len = nh->lengthAdditionalText;
> + SaStringT addT = nh->additionalText;
> + if ((addT != NULL) && (len != strlen(addT) + 1)) {
> + TRACE_1("Mismatch b/w additionalText and lengthAdditionalText");
> + return SA_AIS_ERR_INVALID_PARAM;
> + }
> +
> return SA_AIS_OK;
> }
>
> diff --git a/osaf/libs/common/ntfsv/include/ntfsv_msg.h
> b/osaf/libs/common/ntfsv/include/ntfsv_msg.h
> --- a/osaf/libs/common/ntfsv/include/ntfsv_msg.h
> +++ b/osaf/libs/common/ntfsv/include/ntfsv_msg.h
> @@ -34,7 +34,6 @@ extern "C" {
> /*MAX length of addtionaltext conforms to MAX value of logMaxLogrecsize
> as mentioned in LOGSV PR doc Section 3.5.2.1*/
> #define MAX_ADDITIONAL_TEXT_LENGTH 65535
> -#define MAX_DISCARDED_NOTIFICATIONS 1024
>
> /* Message type enums */
> typedef enum {
> diff --git a/osaf/libs/common/ntfsv/ntfsv_mem.c
> b/osaf/libs/common/ntfsv/ntfsv_mem.c
> --- a/osaf/libs/common/ntfsv/ntfsv_mem.c
> +++ b/osaf/libs/common/ntfsv/ntfsv_mem.c
> @@ -136,6 +136,14 @@ SaAisErrorT ntfsv_alloc_ntf_header(SaNtf
> TRACE("NULL pointer in *notificationHeader!");
> return SA_AIS_ERR_INVALID_PARAM;
> }
> +
> + // Early intervention
> + if (lengthAdditionalText > MAX_ADDITIONAL_TEXT_LENGTH) {
> + TRACE("lengthAdditionalText is too long");
> + TRACE_LEAVE();
> + return SA_AIS_ERR_INVALID_PARAM;
> + }
> +
> notificationHeader->numCorrelatedNotifications =
> numCorrelatedNotifications;
> notificationHeader->lengthAdditionalText = lengthAdditionalText;
> notificationHeader->numAdditionalInfo = numAdditionalInfo;
> @@ -222,7 +230,7 @@ SaAisErrorT ntfsv_alloc_ntf_header(SaNtf
>
> /* Additional text */
> if (lengthAdditionalText != 0) {
> - notificationHeader->additionalText =
> (SaStringT)malloc(lengthAdditionalText * sizeof(char));
> + notificationHeader->additionalText = (SaStringT)calloc(1,
> lengthAdditionalText * sizeof(char));
> if (notificationHeader->additionalText == NULL) {
> TRACE("Out of memory in additionalText field");
> rc = SA_AIS_ERR_NO_MEMORY;
> diff --git a/osaf/services/saf/ntfsv/ntfs/NtfLogger.cc
> b/osaf/services/saf/ntfsv/ntfs/NtfLogger.cc
> --- a/osaf/services/saf/ntfsv/ntfs/NtfLogger.cc
> +++ b/osaf/services/saf/ntfsv/ntfs/NtfLogger.cc
> @@ -189,7 +189,7 @@ SaAisErrorT NtfLogger::logNotification(N
> /* Write to the log if we're the local node */
> SaAisErrorT errorCode = SA_AIS_OK;
> SaLogHeaderT logHeader;
> - char addTextBuf[MAX_ADDITIONAL_TEXT_LENGTH];
> + char addTextBuf[MAX_ADDITIONAL_TEXT_LENGTH] = {0};
> SaLogBufferT logBuffer;
> ntfsv_send_not_req_t* sendNotInfo;
> SaNtfNotificationHeaderT *ntfHeader;
> diff --git a/tests/ntfsv/tet_ntf_common.c b/tests/ntfsv/tet_ntf_common.c
> --- a/tests/ntfsv/tet_ntf_common.c
> +++ b/tests/ntfsv/tet_ntf_common.c
> @@ -797,7 +797,7 @@ void createObjectCreateDeleteNotificatio
> ntfHandle, /* handle to Notification Service instance */
> myObjCrDelNotification,
> 0,
> - (SaUint16T)(sizeof(DEFAULT_ADDITIONAL_TEXT) +1),
> + (SaUint16T)(strlen(DEFAULT_ADDITIONAL_TEXT) +1),
> 0,
> 2,
> SA_NTF_ALLOC_SYSTEM_LIMIT), SA_AIS_OK);
> @@ -840,7 +840,7 @@ void createObjectCreateDeleteNotificatio
> /* set additional text and additional info */
> (void) strncpy(head->additionalText,
> DEFAULT_ADDITIONAL_TEXT,
> - (SaUint16T)(sizeof(DEFAULT_ADDITIONAL_TEXT) +1));
> + (SaUint16T)(strlen(DEFAULT_ADDITIONAL_TEXT) +1));
>
> /* Set source indicator */
> *(myObjCrDelNotification->sourceIndicator) = SA_NTF_UNKNOWN_OPERATION;
> @@ -852,7 +852,6 @@ void createObjectCreateDeleteNotificatio
> myObjCrDelNotification->objectAttributes[1].attributeId = 1;
> myObjCrDelNotification->objectAttributes[1].attributeType =
> SA_NTF_VALUE_INT32;
> myObjCrDelNotification->objectAttributes[1].attributeValue.int32Val = 2;
> -
> }
>
>
> diff --git a/tests/ntfsv/tet_saNtfNotificationSend.c
> b/tests/ntfsv/tet_saNtfNotificationSend.c
> --- a/tests/ntfsv/tet_saNtfNotificationSend.c
> +++ b/tests/ntfsv/tet_saNtfNotificationSend.c
> @@ -714,6 +714,96 @@ void saNtfNotificationSend_12(void)
> test_validate(rc, SA_AIS_ERR_INVALID_PARAM);
> }
>
> +void send_mismatch_addtext(void) {
> + SaNtfObjectCreateDeleteNotificationT myNotification;
> +
> + saNotificationAllocationParamsT myNotificationAllocationParams;
> + saNotificationFilterAllocationParamsT
> myNotificationFilterAllocationParams;
> + saNotificationParamsT myNotificationParams;
> +
> + fillInDefaultValues(&myNotificationAllocationParams,
> + &myNotificationFilterAllocationParams,
> &myNotificationParams);
> +
> + safassert(saNtfInitialize(&ntfHandle, NULL, &ntfVersion), SA_AIS_OK);
> + safassert(saNtfObjectCreateDeleteNotificationAllocate(
> + ntfHandle, /* handle to Notification
> Service instance */
> + &myNotification,
> + /* number of correlated notifications */
> +
> myNotificationAllocationParams.numCorrelatedNotifications,
> + /* length of additional text */
> +
> myNotificationAllocationParams.lengthAdditionalText + 1,
> + /* number of additional info items*/
> +
> myNotificationAllocationParams.numAdditionalInfo,
> + /* number of state changes */
> +
> myNotificationAllocationParams.numObjectAttributes,
> + /* use default allocation size */
> +
> myNotificationAllocationParams.variableDataSize), SA_AIS_OK);
> +
> + /* Event type */
> + *(myNotification.notificationHeader.eventType) = SA_NTF_OBJECT_CREATION;
> +
> + /* event time to be set automatically to current
> + time by saNtfNotificationSend */
> + *(myNotification.notificationHeader.eventTime)
> + = myNotificationParams.eventTime;
> +
> + /* Set Notification Object */
> + myNotification.notificationHeader.notificationObject->length
> + = myNotificationParams.notificationObject.length;
> + (void)
> memcpy(myNotification.notificationHeader.notificationObject->value,
> + myNotificationParams.notificationObject.value,
> + myNotificationParams.notificationObject.length);
> +
> + /* Set Notifying Object */
> + myNotification.notificationHeader.notifyingObject->length
> + = myNotificationParams.notifyingObject.length;
> + (void) memcpy(myNotification.notificationHeader.notifyingObject->value,
> + myNotificationParams.notifyingObject.value,
> + myNotificationParams.notifyingObject.length);
> +
> + /* set Notification Class Identifier */
> + /* vendor id 33333 is not an existing SNMP enterprise number.
> + Just an example */
> + myNotification.notificationHeader.notificationClassId->vendorId
> + = myNotificationParams.notificationClassId.vendorId;
> +
> + /* sub id of this notification class within "name space" of vendor ID */
> + myNotification.notificationHeader.notificationClassId->majorId
> + = myNotificationParams.notificationClassId.majorId;
> + myNotification.notificationHeader.notificationClassId->minorId
> + = myNotificationParams.notificationClassId.minorId;
> +
> + // Mismatch b/w `lengthAdditionalText` vs `additionalText`
> + (void) strncpy(myNotification.notificationHeader.additionalText,
> + myNotificationParams.additionalText,
> + myNotificationAllocationParams.lengthAdditionalText);
> +
> + /* Set source indicator */
> + *myNotification.sourceIndicator
> + =
> myNotificationParams.objectCreateDeleteSourceIndicator;
> +
> + /* Set objectAttibutes */
> + myNotification.objectAttributes[0].attributeId
> + = myNotificationParams.objectAttributes[0].attributeId;
> + myNotification.objectAttributes[0].attributeType
> + =
> myNotificationParams.objectAttributes[0].attributeType;
> + myNotification.objectAttributes[0].attributeValue.int32Val
> + =
> myNotificationParams.objectAttributes[0].attributeValue.int32Val;
> +
> + myNotificationParams.eventType
> + = myNotificationParams.objectCreateDeleteEventType;
> + fill_header_part(&myNotification.notificationHeader,
> + (saNotificationParamsT *) &myNotificationParams,
> + myNotificationAllocationParams.lengthAdditionalText);
> +
> + rc = saNtfNotificationSend(myNotification.notificationHandle);
> +
> + free(myNotificationParams.additionalText);
> + safassert(saNtfNotificationFree(myNotification.notificationHandle),
> SA_AIS_OK);
> + safassert(saNtfFinalize(ntfHandle), SA_AIS_OK);
> + test_validate(rc, SA_AIS_ERR_INVALID_PARAM);
> +}
> +
> __attribute__ ((constructor)) static void saNtfNotificationSend_constructor(
> void) {
> test_suite_add(8, "Producer API 3 send");
> @@ -740,5 +830,7 @@ void saNtfNotificationSend_12(void)
> "securityAlarmDetector.valueType
> failed SA_AIS_ERR_INVALID_PARAM");
> test_case_add(8, saNtfNotificationSend_12,
> "saNtfNotificationSend
> ObjectCreateDeleteNotification SaNameT length == 256");
> + test_case_add(8, send_mismatch_addtext,
> + "saNtfNotificationSend with mismatched in additionalText
> and lengthAdditionalText");
> }
>
>
------------------------------------------------------------------------------
_______________________________________________
Opensaf-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/opensaf-devel
