Gitiles
Code Review Sign In
gerrit.openbmc.org / openbmc / libcper / 13f099ff1b755b738a9c8541c6646c7acbcb5d00^! / .
commit13f099ff1b755b738a9c8541c6646c7acbcb5d00[log] [tgz]
authorEd Tanous <etanous@nvidia.com>Wed Nov 20 11:10:30 2024 -0800
committerEd Tanous <ed@tanous.net>Wed Nov 20 20:54:20 2024 -0800
tree8704a8ffaa5ee7fc9ea3fc4b348ff309ed6f0e8b
parentc2558c64cff58f49495f70680ab7a2b79ec4e7c3 [diff]
Fix timestamp buffer length overrun

Addresses the buffer overrun introduced by format changes.

Change-Id: I8341818747b43883a3d3b243e9a1fbc5bcc927cf
Signed-off-by: Andrew Adriance <aadriance@nvidia.com>
Signed-off-by: Ed Tanous <etanous@nvidia.com>

diff --git a/cper-parse.c b/cper-parse.c
index 0eaebe4..9bfdb40 100644
--- a/cper-parse.c
+++ b/cper-parse.c

@@ -133,7 +133,8 @@
 	//If a timestamp exists according to validation bits, then add it.
 	if (header->ValidationBits & 0x2) {
 		char timestamp_string[TIMESTAMP_LENGTH];
-		timestamp_to_string(timestamp_string, &header->TimeStamp);
+		timestamp_to_string(timestamp_string, TIMESTAMP_LENGTH,
+				    &header->TimeStamp);
 
 		json_object_object_add(
 			header_ir, "timestamp",

diff --git a/cper-utils.c b/cper-utils.c
index 7008020..1e259e8 100644
--- a/cper-utils.c
+++ b/cper-utils.c

@@ -240,15 +240,22 @@
 
 //Converts a single EFI timestamp to string, at the given output.
 //Output must be at least TIMESTAMP_LENGTH bytes long.
-void timestamp_to_string(char *out, EFI_ERROR_TIME_STAMP *timestamp)
+void timestamp_to_string(char *out, int out_len,
+			 EFI_ERROR_TIME_STAMP *timestamp)
 {
-	sprintf(out, "%02hhu%02hhu-%02hhu-%02hhuT%02hhu:%02hhu:%02hhu+00:00",
+	int written = snprintf(
+		out, out_len,
+		"%02hhu%02hhu-%02hhu-%02hhuT%02hhu:%02hhu:%02hhu+00:00",
 		bcd_to_int(timestamp->Century) %
 			100,			   //Cannot go to three digits.
 		bcd_to_int(timestamp->Year) % 100, //Cannot go to three digits.
 		bcd_to_int(timestamp->Month), bcd_to_int(timestamp->Day),
 		bcd_to_int(timestamp->Hours), bcd_to_int(timestamp->Minutes),
 		bcd_to_int(timestamp->Seconds));
+
+	if (written < 0 || written >= out_len) {
+		printf("Timestamp buffer of insufficient size\n");
+	}
 }
 
 //Converts a single timestamp string to an EFI timestamp.

diff --git a/include/libcper/cper-utils.h b/include/libcper/cper-utils.h
index 603a4d7..cd0b6c9 100644
--- a/include/libcper/cper-utils.h
+++ b/include/libcper/cper-utils.h

@@ -2,7 +2,7 @@
 #define CPER_UTILS_H
 
 #define GUID_STRING_LENGTH 48
-#define TIMESTAMP_LENGTH   24
+#define TIMESTAMP_LENGTH   26
 
 #ifdef __cplusplus
 extern "C" {
@@ -38,7 +38,8 @@
 json_object *uint64_array_to_ir_array(UINT64 *array, int len);
 json_object *revision_to_ir(UINT16 revision);
 const char *severity_to_string(UINT32 severity);
-void timestamp_to_string(char *out, EFI_ERROR_TIME_STAMP *timestamp);
+void timestamp_to_string(char *out, int out_len,
+			 EFI_ERROR_TIME_STAMP *timestamp);
 void string_to_timestamp(EFI_ERROR_TIME_STAMP *out, const char *timestamp);
 void guid_to_string(char *out, EFI_GUID *guid);
 void string_to_guid(EFI_GUID *out, const char *guid);