ipmi: promote min length check to earlier
Most of the commands (if not all) require some minimum length for the
request. Therefore, to save on duplicating the request minimum length
check in every command, it's now checked ahead of calling into the
command handler.
Change-Id: I3710a6bf39a631b06547327b90610a38cb674d23
Signed-off-by: Patrick Venture <venture@google.com>
diff --git a/ipmi.cpp b/ipmi.cpp
index 6201f0e..5752682 100644
--- a/ipmi.cpp
+++ b/ipmi.cpp
@@ -15,19 +15,37 @@
*/
#include <cstring>
+#include <unordered_map>
#include "flash-ipmi.hpp"
#include "ipmi.hpp"
+bool validateRequestLength(FlashSubCmds command, size_t requestLen)
+{
+ static const std::unordered_map<FlashSubCmds, size_t> minimumLengths = {
+ {FlashSubCmds::flashStartTransfer, sizeof(struct StartTx)},
+ {FlashSubCmds::flashDataBlock, sizeof(struct ChunkHdr) + 1},
+ };
+
+ auto results = minimumLengths.find(command);
+ if (results == minimumLengths.end())
+ {
+ /* Valid length by default if we don't care. */
+ return true;
+ }
+
+ /* If the request is shorter than the minimum, it's invalid. */
+ if (requestLen < results->second)
+ {
+ return false;
+ }
+
+ return true;
+}
+
ipmi_ret_t startTransfer(UpdateInterface* updater, const uint8_t* reqBuf,
uint8_t* replyBuf, size_t* dataLen)
{
- /* Validate the request buffer. */
- if (sizeof(struct StartTx) > (*dataLen))
- {
- return IPMI_CC_INVALID;
- }
-
auto request = reinterpret_cast<const struct StartTx*>(reqBuf);
if (!updater->start(request->length))
@@ -44,16 +62,11 @@
ipmi_ret_t dataBlock(UpdateInterface* updater, const uint8_t* reqBuf,
uint8_t* replyBuf, size_t* dataLen)
{
- size_t requestLength = (*dataLen);
- /* Require at least one byte. */
- if (requestLength < sizeof(struct ChunkHdr) + 1)
- {
- return IPMI_CC_INVALID;
- }
-
struct ChunkHdr hdr;
std::memcpy(&hdr, reqBuf, sizeof(hdr));
+ size_t requestLength = (*dataLen);
+
/* Grab the bytes from the packet. */
size_t bytesLength = requestLength - sizeof(struct ChunkHdr);
std::vector<uint8_t> bytes(bytesLength);
diff --git a/ipmi.hpp b/ipmi.hpp
index dcaf33e..0644ad8 100644
--- a/ipmi.hpp
+++ b/ipmi.hpp
@@ -5,6 +5,15 @@
#include "flash-ipmi.hpp"
/**
+ * Validate the minimum request length if there is one.
+ *
+ * @param[in] subcommand - the command
+ * @param[in] requestLength - the length of the request
+ * @return bool - true if valid.
+ */
+bool validateRequestLength(FlashSubCmds command, size_t requestLen);
+
+/**
* Prepare to receive a BMC image and then a signature.
*
* @param[in] updater - Pointer to Updater object.
diff --git a/main.cpp b/main.cpp
index 9b78f77..7a22923 100644
--- a/main.cpp
+++ b/main.cpp
@@ -44,7 +44,13 @@
return IPMI_CC_INVALID;
}
- uint8_t subCmd = reqBuf[0];
+ auto subCmd = static_cast<FlashSubCmds>(reqBuf[0]);
+
+ /* Validate the minimum request length for the command. */
+ if (!validateRequestLength(subCmd, *dataLen))
+ {
+ return IPMI_CC_INVALID;
+ }
/* TODO: This could be cleaner to just have a function pointer table, may
* transition in later patchset.
diff --git a/test/Makefile.am b/test/Makefile.am
index d9fd289..9df14db 100644
--- a/test/Makefile.am
+++ b/test/Makefile.am
@@ -11,7 +11,8 @@
# Run all 'check' test programs
check_PROGRAMS = \
ipmi_starttransfer_unittest \
- ipmi_flashdata_unittest
+ ipmi_flashdata_unittest \
+ ipmi_validate_unittest
TESTS = $(check_PROGRAMS)
@@ -20,3 +21,6 @@
ipmi_flashdata_unittest_SOURCES = ipmi_flashdata_unittest.cpp
ipmi_flashdata_unittest_LDADD = $(top_builddir)/ipmi.o
+
+ipmi_validate_unittest_SOURCES = ipmi_validate_unittest.cpp
+ipmi_validate_unittest_LDADD = $(top_builddir)/ipmi.o
diff --git a/test/ipmi_flashdata_unittest.cpp b/test/ipmi_flashdata_unittest.cpp
index dcb27f6..9121d97 100644
--- a/test/ipmi_flashdata_unittest.cpp
+++ b/test/ipmi_flashdata_unittest.cpp
@@ -14,46 +14,6 @@
// SoC.
#define MAX_IPMI_BUFFER 64
-TEST(IpmiFlashData, InvalidRequestLengthReturnsFailure)
-{
- // This request isn't large enough to be well-formed.
-
- StrictMock<UpdaterMock> updater;
-
- size_t dataLen;
- uint8_t request[MAX_IPMI_BUFFER] = {0};
- uint8_t reply[MAX_IPMI_BUFFER] = {0};
-
- struct ChunkHdr tx;
- tx.cmd = FlashSubCmds::flashDataBlock;
- tx.offset = 0x00;
- std::memcpy(request, &tx, sizeof(tx));
-
- dataLen = sizeof(tx) - 1; // It's too small to be a valid packet.
-
- EXPECT_EQ(IPMI_CC_INVALID, dataBlock(&updater, request, reply, &dataLen));
-}
-
-TEST(IpmiFlashData, NoDataReturnsFailure)
-{
- // If the request has no data, it's invalid, returns failure.
-
- StrictMock<UpdaterMock> updater;
-
- size_t dataLen;
- uint8_t request[MAX_IPMI_BUFFER] = {0};
- uint8_t reply[MAX_IPMI_BUFFER] = {0};
-
- struct ChunkHdr tx;
- tx.cmd = FlashSubCmds::flashDataBlock;
- tx.offset = 0x00;
- std::memcpy(request, &tx, sizeof(tx));
-
- dataLen = sizeof(tx); // It's only the header, so no data.
-
- EXPECT_EQ(IPMI_CC_INVALID, dataBlock(&updater, request, reply, &dataLen));
-}
-
TEST(IpmiFlashData, DataReceivedIsPassedOnOk)
{
// If valid data was passed in, it'll pass it onto the update handler.
diff --git a/test/ipmi_starttransfer_unittest.cpp b/test/ipmi_starttransfer_unittest.cpp
index 448287b..4bd9e35 100644
--- a/test/ipmi_starttransfer_unittest.cpp
+++ b/test/ipmi_starttransfer_unittest.cpp
@@ -15,27 +15,6 @@
#define MAX_IPMI_BUFFER 64
#define THIRTYTWO_MIB 33554432
-TEST(IpmiStartTransferTest, InvalidRequestLengthReturnsFailure)
-{
- // Verify that the request is sanity checked w.r.t length.
-
- StrictMock<UpdaterMock> updater;
-
- size_t dataLen;
- uint8_t request[MAX_IPMI_BUFFER] = {0};
- uint8_t reply[MAX_IPMI_BUFFER] = {0};
-
- struct StartTx tx;
- tx.cmd = FlashSubCmds::flashStartTransfer;
- tx.length = THIRTYTWO_MIB;
- std::memcpy(request, &tx, sizeof(tx));
-
- dataLen = sizeof(tx) - 1; // It's too small to be a valid packet.
-
- EXPECT_EQ(IPMI_CC_INVALID,
- startTransfer(&updater, request, reply, &dataLen));
-}
-
TEST(IpmiStartTransferTest, ValidRequestBoringCase)
{
// Verify that if the request is valid it calls into the flash updater.
diff --git a/test/ipmi_validate_unittest.cpp b/test/ipmi_validate_unittest.cpp
new file mode 100644
index 0000000..ee600a0
--- /dev/null
+++ b/test/ipmi_validate_unittest.cpp
@@ -0,0 +1,39 @@
+#include "ipmi.hpp"
+
+#include <gtest/gtest.h>
+
+// ipmid.hpp isn't installed where we can grab it and this value is per BMC
+// SoC.
+#define MAX_IPMI_BUFFER 64
+
+TEST(IpmiValidateTest, BoringValidateCheckReturnsTrue)
+{
+ // Verify the validate check can return true when it's happy.
+ auto cmd = FlashSubCmds::flashStartTransfer;
+ size_t dataLen = sizeof(struct StartTx);
+ EXPECT_TRUE(validateRequestLength(cmd, dataLen));
+}
+
+TEST(IpmiValidateTest, InvalidLengthStartTransferReturnsFalse)
+{
+ // Verify that the request is sanity checked w.r.t length.
+ auto cmd = FlashSubCmds::flashStartTransfer;
+ size_t dataLen = sizeof(struct StartTx) - 1;
+ EXPECT_FALSE(validateRequestLength(cmd, dataLen));
+}
+
+TEST(IpmiValidateTest, InvalidLengthDataBlockReturnsFalse)
+{
+ // This request isn't large enough to be well-formed.
+ auto cmd = FlashSubCmds::flashDataBlock;
+ size_t dataLen = sizeof(struct ChunkHdr) - 1;
+ EXPECT_FALSE(validateRequestLength(cmd, dataLen));
+}
+
+TEST(IpmiValidateTest, DataBlockNoDataReturnsFalse)
+{
+ // If the request has no data, it's invalid, returns failure.
+ auto cmd = FlashSubCmds::flashDataBlock;
+ size_t dataLen = sizeof(struct ChunkHdr);
+ EXPECT_FALSE(validateRequestLength(cmd, dataLen));
+}