Fix core dump issue during fru edit
Core-dumps are getting generated while editing the multi-record
area offset in the common header area of FRU.
Current code does not check whether it has crossed the cached fru
memory area size while trying to get End-of-list and data-length.
Added a check for fru-size before accessing these fields.
Tested:
ipmitool raw 0x0A 0x12 0 0 0 0x1 0x0 0xXX 0xXX 0xXX 0xXX 0x0 0xXX
Change-Id: Ie6aca8712b994cf8b10095626d9bfebbff44fbc7
Signed-off-by: Jitendra Tripathy <jitendra.kumarx.tripathy@intel.com>
diff --git a/src/fruutils.cpp b/src/fruutils.cpp
index 625ca91..30f6985 100644
--- a/src/fruutils.cpp
+++ b/src/fruutils.cpp
@@ -56,6 +56,16 @@
// Walk the MultiRecord headers until the last record
while (!endOfList)
{
+ // Multi-Record Area Header size is of 5 bytes that keeps
+ // information about the current record information. It also
+ // contains offset information needed to find any additional
+ // following records. So, All 5 bytes of Record Header should
+ // not contain garbage values. Also, below check ensures that
+ // the header is within the FRU size limits.
+ if (lastRecordStart + 4 >= fru.size())
+ {
+ break;
+ }
// The MSB in the second byte of the MultiRecord header signals
// "End of list"
endOfList = fru[lastRecordStart + 1] & 0x80;