osaf/services/saf/amf/amfd/comptype.cc | 28 ++++++++++++++++++++++++++++
1 files changed, 28 insertions(+), 0 deletions(-)
Following commands causes amfd crash:
immcfg -a saAmfCtDefQuiescingCompleteTimeout=
safVersion=4.0.0,safCompType=OpenSafCompTypeAMFWDOG
immcfg -a saAmfCtDefInstantiationLevel=
safVersion=4.0.0,safCompType=OpenSafCompTypeAMFWDOG
immcfg -a saAmfCtDefDisableRestart=
safVersion=4.0.0,safCompType=OpenSafCompTypeAMFWDOG
Patch adds check to prevent CCB modification to null value.
diff --git a/osaf/services/saf/amf/amfd/comptype.cc
b/osaf/services/saf/amf/amfd/comptype.cc
--- a/osaf/services/saf/amf/amfd/comptype.cc
+++ b/osaf/services/saf/amf/amfd/comptype.cc
@@ -587,6 +587,13 @@ static SaAisErrorT ccb_completed_modify_
} else if (strcmp(mod->modAttr.attrName,
"osafAmfCtDefHcCmdArgv") == 0) {
; // Allow modification, no validation can be done
} else if (strcmp(mod->modAttr.attrName,
"saAmfCtDefQuiescingCompleteTimeout") == 0) {
+ if ((mod->modType == SA_IMM_ATTR_VALUES_DELETE) ||
+ (mod->modAttr.attrValues == nullptr)) {
+ report_ccb_validation_error(opdata,
+ "Value deletion for '%s' is not
supported", mod->modAttr.attrName);
+ rc = SA_AIS_ERR_BAD_OPERATION;
+ goto done;
+ }
SaTimeT value = *((SaTimeT
*)mod->modAttr.attrValues[0]);
if (value < 100 * SA_TIME_ONE_MILLISECOND) {
report_ccb_validation_error(opdata,
@@ -595,6 +602,13 @@ static SaAisErrorT ccb_completed_modify_
goto done;
}
} else if (!strcmp(mod->modAttr.attrName,
"saAmfCtDefInstantiationLevel")) {
+ if ((mod->modType == SA_IMM_ATTR_VALUES_DELETE) ||
+ (mod->modAttr.attrValues == nullptr)) {
+ report_ccb_validation_error(opdata,
+ "Value deletion for '%s' is not
supported", mod->modAttr.attrName);
+ rc = SA_AIS_ERR_BAD_OPERATION;
+ goto done;
+ }
uint32_t num_inst = *((SaUint32T
*)mod->modAttr.attrValues[0]);
if (num_inst == 0) {
report_ccb_validation_error(opdata,
"Modification of saAmfCtDefInstantiationLevel Fail,"
@@ -603,6 +617,13 @@ static SaAisErrorT ccb_completed_modify_
goto done;
}
} else if (strcmp(mod->modAttr.attrName,
"saAmfCtDefRecoveryOnError") == 0) {
+ if ((mod->modType == SA_IMM_ATTR_VALUES_DELETE) ||
+ (mod->modAttr.attrValues == nullptr)) {
+ report_ccb_validation_error(opdata,
+ "Value deletion for '%s' is not
supported", mod->modAttr.attrName);
+ rc = SA_AIS_ERR_BAD_OPERATION;
+ goto done;
+ }
uint32_t value = *((SaUint32T
*)mod->modAttr.attrValues[0]);
if ((value < SA_AMF_COMPONENT_RESTART) || (value >
SA_AMF_NODE_FAILFAST)) {
report_ccb_validation_error(opdata,
@@ -611,6 +632,13 @@ static SaAisErrorT ccb_completed_modify_
goto done;
}
} else if (strcmp(mod->modAttr.attrName,
"saAmfCtDefDisableRestart") == 0) {
+ if ((mod->modType == SA_IMM_ATTR_VALUES_DELETE) ||
+ (mod->modAttr.attrValues == nullptr)) {
+ report_ccb_validation_error(opdata,
+ "Value deletion for '%s' is not
supported", mod->modAttr.attrName);
+ rc = SA_AIS_ERR_BAD_OPERATION;
+ goto done;
+ }
uint32_t value = *((SaUint32T
*)mod->modAttr.attrValues[0]);
if (value > SA_TRUE) {
report_ccb_validation_error(opdata,
------------------------------------------------------------------------------
Go from Idea to Many App Stores Faster with Intel(R) XDK
Give your users amazing mobile app experiences with Intel(R) XDK.
Use one codebase in this all-in-one HTML5 development environment.
Design, debug & build mobile apps & 2D/3D high-impact games for multiple OSs.
http://pubads.g.doubleclick.net/gampad/clk?id=254741551&iu=/4140
_______________________________________________
Opensaf-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/opensaf-devel
