add size checking for input payload data
verify input data size before accessing to prevent out of bound access.
Tested:
ipmitool with lanplus works same as without the change.
ipmitool -I lanplus -U xx -P xx -H ip -C 17 sol info
ipmitool -I lanplus -U xx -P xx -H ip -C 17 sensor list
ipmitool -I lanplus -U xx -P xx -H ip -C 17 sdr list
ipmitool -I lanplus -U xx -P xx -H ip -C 17 user list 1
Signed-off-by: Zhikui Ren <zhikui.ren@intel.com>
Change-Id: I5025aa2666c8873b7c63f8323a932c0480b59304
diff --git a/command/rakp12.cpp b/command/rakp12.cpp
index 9a31dfe..099c5dc 100644
--- a/command/rakp12.cpp
+++ b/command/rakp12.cpp
@@ -26,8 +26,15 @@
std::vector<uint8_t> RAKP12(const std::vector<uint8_t>& inPayload,
const message::Handler& handler)
{
- std::vector<uint8_t> outPayload(sizeof(RAKP2response));
auto request = reinterpret_cast<const RAKP1request*>(inPayload.data());
+ // verify inPayload minimum size
+ if (inPayload.size() < (sizeof(*request) - userNameMaxLen))
+ {
+ std::vector<uint8_t> errorPayload{IPMI_CC_REQ_DATA_LEN_INVALID};
+ return errorPayload;
+ }
+
+ std::vector<uint8_t> outPayload(sizeof(RAKP2response));
auto response = reinterpret_cast<RAKP2response*>(outPayload.data());
// Session ID zero is reserved for Session Setup