session_cmds: Validate reserved field content
In "Set Session Privilege Level Command" byte-1’s [7-4] bits and
"CALLBACK" privilege level also reserved. So return
"InvalidFieldRequest" when reserved content is non-zero.
Tested:
Verified using IPMI Command: Set Session Privilege Level Command
Command: ipmitool -I lanplus -H <BMC-IP> -U <usename> -P <pwd> -C 17
raw 0x06 0x3B 0x14
Response: Unable to send RAW command (channel=0x0 netfn=0x6 lun=0x0
cmd=0x3b rsp=0xcc): Invalid data field in request
Command: ipmitool -I lanplus -H <BMC-IP> -U <usename> -P <pwd> -C 17
raw 0x06 0x3B 0x4
Response: 04
Command: ipmitool -I lanplus -H <BMC-IP> -U <usename> -P <pwd> -C 17
raw 0x06 0x3B 0x01 //Set Session Privilege Level for CALLBACK
Response: Unable to send RAW command (channel=0x0 netfn=0x6 lun=0x0
cmd=0x3b rsp=0xcc): Invalid data field in request
Command: ipmitool -I lanplus -H <BMC-IP> -U <usename> -P <pwd> -C 17
raw 0x06 0x3B 0x05 //Set Session Privilege Level for OEM
Response: Unable to send RAW command (channel=0x0 netfn=0x6 lun=0x0
cmd=0x3b rsp=0x81): Unknown (0x81)
Command: ipmitool -I lanplus -H <BMC-IP> -U <usename> -P <pwd> -C 17
raw 0x06 0x3B 0x06
Response: Unable to send RAW command (channel=0x0 netfn=0x6 lun=0x0
cmd=0x3b rsp=0xcc): Invalid data field in request
Signed-off-by: Jayaprakash Mutyala <mutyalax.jayaprakash@intel.com>
Change-Id: Id76b137112486bb4c617cfa7c861403ce6f6c060
diff --git a/command/session_cmds.cpp b/command/session_cmds.cpp
index 8d3f663..9330fc2 100644
--- a/command/session_cmds.cpp
+++ b/command/session_cmds.cpp
@@ -27,6 +27,11 @@
std::vector<uint8_t> errorPayload{IPMI_CC_REQ_DATA_LEN_INVALID};
return errorPayload;
}
+ if (request->reserved != 0)
+ {
+ std::vector<uint8_t> errorPayload{IPMI_CC_INVALID_FIELD_REQUEST};
+ return errorPayload;
+ }
std::vector<uint8_t> outPayload(sizeof(SetSessionPrivLevelResp));
auto response =
@@ -41,6 +46,14 @@
response->newPrivLevel = session->currentPrivilege();
return outPayload;
}
+ if (reqPrivilegeLevel ==
+ static_cast<uint8_t>(session::Privilege::CALLBACK) ||
+ reqPrivilegeLevel > static_cast<uint8_t>(session::Privilege::OEM))
+ {
+ response->completionCode = IPMI_CC_INVALID_FIELD_REQUEST;
+ return outPayload;
+ }
+
if (reqPrivilegeLevel > (static_cast<uint8_t>(session->reqMaxPrivLevel) &
session::reqMaxPrivMask))
{