commit 5819666c23ee1d01a54fc5fb2c068bb1da1f29c7
author Jayaprakash Mutyala <mutyalax.jayaprakash@intel.com> Wed Oct 06 22:33:34 2021 +0000
committer Vernon Mauery <vernon.mauery@linux.intel.com> Tue Oct 26 17:54:29 2021 +0000
tree 890290beb225d9c76835c1d2ef5601e52ef43852
parent 1883aea3a3711388cc35753a2e6cf48fa38291f0

session_cmds: Validate reserved field content

In "Set Session Privilege Level Command" byte-1’s [7-4] bits and
"CALLBACK" privilege level also reserved. So return
"InvalidFieldRequest" when reserved content is non-zero.

Tested:
Verified using IPMI Command: Set Session Privilege Level Command
Command:  ipmitool -I lanplus -H <BMC-IP> -U <usename> -P <pwd> -C 17
          raw 0x06 0x3B 0x14
Response: Unable to send RAW command (channel=0x0 netfn=0x6 lun=0x0
          cmd=0x3b rsp=0xcc): Invalid data field in request
Command:  ipmitool -I lanplus -H <BMC-IP> -U <usename> -P <pwd> -C 17
          raw 0x06 0x3B 0x4
Response: 04
Command:  ipmitool -I lanplus -H <BMC-IP> -U <usename> -P <pwd> -C 17
          raw 0x06 0x3B 0x01 //Set Session Privilege Level for CALLBACK
Response: Unable to send RAW command (channel=0x0 netfn=0x6 lun=0x0
          cmd=0x3b rsp=0xcc): Invalid data field in request
Command:  ipmitool -I lanplus -H <BMC-IP> -U <usename> -P <pwd> -C 17
          raw 0x06 0x3B 0x05 //Set Session Privilege Level for OEM
Response: Unable to send RAW command (channel=0x0 netfn=0x6 lun=0x0
          cmd=0x3b rsp=0x81): Unknown (0x81)
Command:  ipmitool -I lanplus -H <BMC-IP> -U <usename> -P <pwd> -C 17
          raw 0x06 0x3B 0x06
Response: Unable to send RAW command (channel=0x0 netfn=0x6 lun=0x0
          cmd=0x3b rsp=0xcc): Invalid data field in request

Signed-off-by: Jayaprakash Mutyala <mutyalax.jayaprakash@intel.com>
Change-Id: Id76b137112486bb4c617cfa7c861403ce6f6c060

command/session_cmds.cpp

diff --git a/command/session_cmds.cpp b/command/session_cmds.cpp
index 8d3f663..9330fc2 100644
--- a/command/session_cmds.cpp
+++ b/command/session_cmds.cpp
@@ -27,6 +27,11 @@
         std::vector<uint8_t> errorPayload{IPMI_CC_REQ_DATA_LEN_INVALID};
         return errorPayload;
     }
+    if (request->reserved != 0)
+    {
+        std::vector<uint8_t> errorPayload{IPMI_CC_INVALID_FIELD_REQUEST};
+        return errorPayload;
+    }
 
     std::vector<uint8_t> outPayload(sizeof(SetSessionPrivLevelResp));
     auto response =
@@ -41,6 +46,14 @@
         response->newPrivLevel = session->currentPrivilege();
         return outPayload;
     }
+    if (reqPrivilegeLevel ==
+            static_cast<uint8_t>(session::Privilege::CALLBACK) ||
+        reqPrivilegeLevel > static_cast<uint8_t>(session::Privilege::OEM))
+    {
+        response->completionCode = IPMI_CC_INVALID_FIELD_REQUEST;
+        return outPayload;
+    }
+
     if (reqPrivilegeLevel > (static_cast<uint8_t>(session->reqMaxPrivLevel) &
                              session::reqMaxPrivMask))
     {