Gitiles
Code Review Sign In
gerrit.openbmc.org / openbmc / bmcweb / 600af5f1ee6f3a589d5c1a7be31579ca705eef71^! / . / redfish-core / lib
commit600af5f1ee6f3a589d5c1a7be31579ca705eef71[log] [tgz]
authorAppaRao Puli <apparao.puli@linux.intel.com>Wed Oct 06 21:51:16 2021 +0000
committerEd Tanous <edtanous@google.com>Thu Jun 01 12:42:45 2023 -0700
tree0c1bd7bf285a4d9cd78e58890efdb95254183f67
parent75ec825c9aa030568fc97b47dd34fee5c9405d73 [diff]
Input parameter validation for Event Subscription

User input must be validated to avoid the out-of-memory issue. This
commit adds the size check on input parameters such as Context,
Destination and Header field  while create or update the
EventDestination.

Added a generic error message "PropertySizeExceeded" in message registry
which is used as response when size limit is exceeded.

Tested
  - Validated using POST on Event Subscription.
  - When Context, Destination and Headers were too long,
    received a error message denoting the same.

Change-Id: Ibab847ce0c99f445a76e6d3aee8074428bb7d30f
Signed-off-by: AppaRao Puli <apparao.puli@intel.com>
Signed-off-by: Ayushi Smriti <smriti.ayushi@intel.com>
Signed-off-by: P Dheeraj Srujan Kumar <p.dheeraj.srujan.kumar@intel.com>
Signed-off-by: Ed Tanous <edtanous@google.com>

diff --git a/redfish-core/lib/event_service.hpp b/redfish-core/lib/event_service.hpp
index 5f57ff7..5a66c97 100644
--- a/redfish-core/lib/event_service.hpp
+++ b/redfish-core/lib/event_service.hpp

@@ -252,6 +252,15 @@
             return;
         }
 
+        // https://stackoverflow.com/questions/417142/what-is-the-maximum-length-of-a-url-in-different-browsers
+        static constexpr const uint16_t maxDestinationSize = 2000;
+        if (destUrl.size() > maxDestinationSize)
+        {
+            messages::stringValueTooLong(asyncResp->res, "Destination",
+                                         maxDestinationSize);
+            return;
+        }
+
         if (regPrefixes && msgIds)
         {
             if (!regPrefixes->empty() && !msgIds->empty())
@@ -329,13 +338,35 @@
 
         if (context)
         {
+            // This value is selected aribitrarily.
+            constexpr const size_t maxContextSize = 256;
+            if (context->size() > maxContextSize)
+            {
+                messages::stringValueTooLong(asyncResp->res, "Context",
+                                             maxContextSize);
+                return;
+            }
             subValue->customText = *context;
         }
 
         if (headers)
         {
+            size_t cumulativeLen = 0;
+
             for (const nlohmann::json& headerChunk : *headers)
             {
+                std::string hdr{headerChunk.dump(
+                    -1, ' ', true, nlohmann::json::error_handler_t::replace)};
+                cumulativeLen += hdr.length();
+
+                // This value is selected to mirror http_connection.hpp
+                constexpr const uint16_t maxHeaderSizeED = 8096;
+                if (cumulativeLen > maxHeaderSizeED)
+                {
+                    messages::arraySizeTooLong(asyncResp->res, "HttpHeaders",
+                                               maxHeaderSizeED);
+                    return;
+                }
                 for (const auto& item : headerChunk.items())
                 {
                     const std::string* value =