bej_decoder: Check decoded string length
We need to check the bejString value lengths to prevent heap
buffer overflow
Tested:
Unit tested
Change-Id: Ie6a014fbffeb31f111bfbae331db197b3fb2f2ca
Signed-off-by: Kasun Athukorala <kasunath@google.com>
diff --git a/test/bej_decoder_test.cpp b/test/bej_decoder_test.cpp
index 19cdb92..7869dfb 100644
--- a/test/bej_decoder_test.cpp
+++ b/test/bej_decoder_test.cpp
@@ -202,6 +202,36 @@
bejErrorInvalidSize);
}
+TEST(BejDecoderSecurityTest, StringTooLong)
+{
+ auto inputsOrErr = loadInputs(dummySimpleTestFiles);
+ ASSERT_TRUE(inputsOrErr);
+
+ BejDictionaries dictionaries = {
+ .schemaDictionary = inputsOrErr->schemaDictionary,
+ .annotationDictionary = inputsOrErr->annotationDictionary,
+ .errorDictionary = inputsOrErr->errorDictionary,
+ };
+
+ auto root = std::make_unique<RedfishPropertyParent>();
+ bejTreeInitSet(root.get(), "DummySimple");
+
+ // Create a string with a length greater than MAX_BEJ_STRING_LEN (65536).
+ std::string longString(65537, 'A');
+
+ auto stringProp = std::make_unique<RedfishPropertyLeafString>();
+ bejTreeAddString(root.get(), stringProp.get(), "Id", longString.c_str());
+
+ libbej::BejEncoderJson encoder;
+ encoder.encode(&dictionaries, bejMajorSchemaClass, root.get());
+ std::vector<uint8_t> outputBuffer = encoder.getOutput();
+
+ // The decoder should return an error because the string is too long.
+ BejDecoderJson decoder;
+ EXPECT_THAT(decoder.decode(dictionaries, std::span(outputBuffer)),
+ bejErrorInvalidSize);
+}
+
/**
* TODO: Add more test cases.
* - Test Enums inside array elemets