Gitiles
Code Review Sign In
gerrit.openbmc.org / openbmc / pldm / 38eaa272bbce8cb869479ac73a51481b7ec4ca5d^! / . / libpldm
commit38eaa272bbce8cb869479ac73a51481b7ec4ca5d[log] [tgz]
authorGeorge Liu <liuxiwei@inspur.com>Thu Jan 21 19:30:15 2021 +0800
committerGeorge Liu <liuxiwei@inspur.com>Tue Feb 02 15:56:27 2021 +0800
treeb742b1f466388eddd9e30d03507bfd93a7979374
parent5eed8e5571a21bc5511ed73906f2d624a36ad7ed [diff]
Fix decode getStateSensorReadings resp command

Logically, first parse the response data and verify the validity of
the comp_sensor_count value, and then verify whether the length of
the response data is correct.

Tested: Used raw commond and test passed.

Signed-off-by: George Liu <liuxiwei@inspur.com>
Change-Id: I9369474e44891088efc46dcdc3194d88cc13f35f

diff --git a/libpldm/platform.c b/libpldm/platform.c
index bc45ae0..d935edd 100644
--- a/libpldm/platform.c
+++ b/libpldm/platform.c

@@ -649,12 +649,6 @@
 		return PLDM_SUCCESS;
 	}
 
-	if (payload_length >
-	    PLDM_GET_STATE_SENSOR_READINGS_MIN_RESP_BYTES +
-		sizeof(get_sensor_state_field) * *comp_sensor_count) {
-		return PLDM_ERROR_INVALID_LENGTH;
-	}
-
 	struct pldm_get_state_sensor_readings_resp *response =
 	    (struct pldm_get_state_sensor_readings_resp *)msg->payload;
 
@@ -662,9 +656,13 @@
 	    response->comp_sensor_count > 0x8) {
 		return PLDM_ERROR_INVALID_DATA;
 	}
-	if (response->comp_sensor_count > *comp_sensor_count) {
+
+	if (payload_length >
+	    PLDM_GET_STATE_SENSOR_READINGS_MIN_RESP_BYTES +
+		sizeof(get_sensor_state_field) * response->comp_sensor_count) {
 		return PLDM_ERROR_INVALID_LENGTH;
 	}
+
 	*comp_sensor_count = response->comp_sensor_count;
 
 	memcpy(field, response->field,

diff --git a/libpldm/tests/libpldm_platform_test.cpp b/libpldm/tests/libpldm_platform_test.cpp
index b30bc66..49b08f6 100644
--- a/libpldm/tests/libpldm_platform_test.cpp
+++ b/libpldm/tests/libpldm_platform_test.cpp

@@ -610,7 +610,7 @@
                      PLDM_SENSOR_LOWERCRITICAL, PLDM_SENSOR_WARNING};
 
     uint8_t retcompletion_code = 0;
-    uint8_t retcomp_sensorCnt = 2;
+    uint8_t retcomp_sensorCnt = 0;
     std::array<get_sensor_state_field, 2> retstateField{};
 
     auto response = reinterpret_cast<pldm_msg*>(responseMsg.data());
@@ -675,7 +675,7 @@
            (sizeof(get_sensor_state_field) * comp_sensorCnt));
 
     rc = decode_get_state_sensor_readings_resp(
-        response, responseMsg.size() - hdrSize, &retcompletion_code,
+        response, responseMsg.size() - hdrSize + 1, &retcompletion_code,
         &retcomp_sensorCnt, retstateField.data());
 
     EXPECT_EQ(rc, PLDM_ERROR_INVALID_LENGTH);