add size checking for input payload data verify input data size before accessing to prevent out of bound access. Tested: ipmitool with lanplus works same as without the change. ipmitool -I lanplus -U xx -P xx -H ip -C 17 sol info ipmitool -I lanplus -U xx -P xx -H ip -C 17 sensor list ipmitool -I lanplus -U xx -P xx -H ip -C 17 sdr list ipmitool -I lanplus -U xx -P xx -H ip -C 17 user list 1 Signed-off-by: Zhikui Ren <zhikui.ren@intel.com> Change-Id: I5025aa2666c8873b7c63f8323a932c0480b59304

commit: 2b1edef0b1e395591dcf751d7ccf45a85bb58d4c [log] [tgz]
author: Zhikui Ren <zhikui.ren@intel.com> Fri Jul 24 14:32:13 2020 -0700
committer: Zhikui Ren <zhikui.ren@intel.com> Thu Aug 13 12:04:27 2020 -0700
tree: c8ca75199dd2643778071c4807ad8aa78db173be
parent: f6e7230d9cd45772a4237c024e6c3abf9b4cf7eb [diff] [blame]
diff --git a/crypt_algo.cpp b/crypt_algo.cpp
index bf46c4e..c51465f 100644
--- a/crypt_algo.cpp
+++ b/crypt_algo.cpp

@@ -23,6 +23,14 @@
                                const size_t sessHeaderLen,
                                const size_t payloadLen) const
 {
+    // verify packet size minimal: sessHeaderLen + payloadLen
+    // and payloadLen is more than AESCBC128ConfHeader
+    if (packet.size() < (sessHeaderLen + payloadLen) ||
+        payloadLen < AESCBC128ConfHeader)
+    {
+        throw std::runtime_error("Invalid data length");
+    }
+
     auto plainPayload =
         decryptData(packet.data() + sessHeaderLen,
                     packet.data() + sessHeaderLen + AESCBC128ConfHeader,
commit	2b1edef0b1e395591dcf751d7ccf45a85bb58d4c	[log] [tgz]
author	Zhikui Ren <zhikui.ren@intel.com>	Fri Jul 24 14:32:13 2020 -0700
committer	Zhikui Ren <zhikui.ren@intel.com>	Thu Aug 13 12:04:27 2020 -0700
tree	c8ca75199dd2643778071c4807ad8aa78db173be
parent	f6e7230d9cd45772a4237c024e6c3abf9b4cf7eb [diff] [blame]