bmcweb: fix a possible buffer overflow issue This commit fixes a possible buffer overflow that could occur if dbus paths don't follow the dbus specification. Change-Id: Ib3c5d4743b1ac7f65a480a88613267ec0b4b7c2b Signed-off-by: Ed Tanous <ed.tanous@intel.com>

commit: 27826b5f6a4e886a5d4c1b3775b5d62d0438da95 [log] [tgz]
author: Ed Tanous <ed.tanous@intel.com> Mon Oct 29 11:40:58 2018 -0700
committer: Ed Tanous <ed.tanous@intel.com> Thu Nov 01 14:17:38 2018 +0000
tree: 6aadd6e28c630dcb4b918e6b00c3dcdcf670ff32
parent: cc9139ec3fe5e354d046d5e00f33a5e97426924e [diff]
diff --git a/redfish-core/lib/update_service.hpp b/redfish-core/lib/update_service.hpp
index e4d5798..74638bb 100644
--- a/redfish-core/lib/update_service.hpp
+++ b/redfish-core/lib/update_service.hpp

@@ -21,6 +21,7 @@
 
 namespace redfish
 {
+
 static std::unique_ptr<sdbusplus::bus::match::match> fwUpdateMatcher;
 
 class UpdateService : public Node
@@ -233,15 +234,13 @@
                         &connections = obj.second;
 
                     // if can't parse fw id then return
-                    std::size_t idPos = obj.first.rfind("/");
-                    if (idPos == std::string::npos ||
-                        idPos + 1 == obj.first.size())
+                    std::size_t idPos;
+                    if ((idPos = obj.first.rfind("/")) == std::string::npos)
                     {
                         messages::internalError(asyncResp->res);
                         BMCWEB_LOG_DEBUG << "Can't parse firmware ID!!";
                         return;
                     }
-
                     std::string swId = obj.first.substr(idPos + 1);
 
                     for (auto &conn : connections)
commit	27826b5f6a4e886a5d4c1b3775b5d62d0438da95	[log] [tgz]
author	Ed Tanous <ed.tanous@intel.com>	Mon Oct 29 11:40:58 2018 -0700
committer	Ed Tanous <ed.tanous@intel.com>	Thu Nov 01 14:17:38 2018 +0000
tree	6aadd6e28c630dcb4b918e6b00c3dcdcf670ff32
parent	cc9139ec3fe5e354d046d5e00f33a5e97426924e [diff]