Re: [devel] [PATCH 1 of 1] log: verify logBufSize to avoid node malfunctioned [#1789]

Thu, 12 May 2016 00:23:36 -0700 

Hi Vu

Ack
You are right. The code for verifying the @Ci token in the server only allows 
this token to be used with application streams.

Thanks
Lennart

> -----Original Message-----
> From: Vu Minh Nguyen [mailto:[email protected]]
> Sent: den 12 maj 2016 04:25
> To: Lennart Lund; [email protected]
> Cc: [email protected]
> Subject: RE: [PATCH 1 of 1] log: verify logBufSize to avoid node malfunctioned
> [#1789]
> 
> Hi Lennart,
> 
> I checked the code and AIS document, only application streams support @Ci
> token,
> well-known streams do not.
> 
> ~SAI-AIS-LOG-A.02.01 ~
> 1) 1.3.2 @ page 10:
>       "Section 3.1.5.2 clarifies that the @Ci<fs> token can only be
> used
> in a format
>       expression that is associated with an application log stream."
> 
> 2) 3.1.5.2 Format Expressions @ page 30
>       "The @Ci token can only be used in a format expression that is
> associated
>       with an application log stream, that is, it may not be used in a
> format expression
>       associated with the three persistent log streams, notification,
> alarm, and system."
> 
> Regards, Vu.
> 
> >-----Original Message-----
> >From: Lennart Lund [mailto:[email protected]]
> >Sent: Wednesday, May 11, 2016 10:19 PM
> >To: Vu Minh Nguyen; [email protected]
> >Cc: [email protected]
> >Subject: RE: [PATCH 1 of 1] log: verify logBufSize to avoid node
> malfunctioned
> >[#1789]
> >
> >Hi Vu,
> >
> >There is still a problem. It is Ok to check for \0 for alarm and
> notification
> >streams since only @Cb can be used with those streams but the system
> stream
> >can use @Ci.
> >What if the log buffer does not contain a \0 (incorrect if @Cb but..)?
> >
> >Thanks
> >Lennart
> >
> >> -----Original Message-----
> >> From: Vu Minh Nguyen [mailto:[email protected]]
> >> Sent: den 11 maj 2016 07:03
> >> To: [email protected]; Lennart Lund
> >> Cc: [email protected]
> >> Subject: [PATCH 1 of 1] log: verify logBufSize to avoid node
> malfunctioned
> >> [#1789]
> >>
> >>  osaf/libs/agents/saf/lga/lga_api.c   |  40
> >> ++++++++++++++++++++++++++++++++---
> >>  tests/logsv/tet_saLogStreamOpen_2.c  |   4 +++
> >>  tests/logsv/tet_saLogWriteLogAsync.c |  38
> >> ++++++++++++++++++++++++++++++++++
> >>  3 files changed, 78 insertions(+), 4 deletions(-)
> >>
> >>
> >> When accidentally passing an invalid value of logBufSize to
> >> saLogWriteLogAsync()
> >> such as a very large number which is caused by not using strlen() on
> logBuf,
> >> it will cause a lot of troubles.
> >>
> >> Add code to verify if logBufSize is calculated based on logBuf or not
> >> and also prevent too big data sent to server side.
> >>
> >> diff --git a/osaf/libs/agents/saf/lga/lga_api.c
> >> b/osaf/libs/agents/saf/lga/lga_api.c
> >> --- a/osaf/libs/agents/saf/lga/lga_api.c
> >> +++ b/osaf/libs/agents/saf/lga/lga_api.c
> >> @@ -56,6 +56,20 @@ static bool is_lgs_state(lgs_state_t sta
> >>    return rc;
> >>  }
> >>
> >> +static bool is_well_know_stream(const char* dn)
> >> +{
> >> +  if (strcmp(dn, SA_LOG_STREAM_ALARM) == 0) return true;
> >> +  if (strcmp(dn, SA_LOG_STREAM_NOTIFICATION) == 0) return
> >> true;
> >> +  if (strcmp(dn, SA_LOG_STREAM_SYSTEM) == 0) return true;
> >> +
> >> +  return false;
> >> +}
> >> +
> >> +static bool is_over_max_logrecord(SaUint32T size)
> >> +{
> >> +  return (size > SA_LOG_MAX_RECORD_SIZE);
> >> +}
> >> +
> >>  static void populate_open_params(lgsv_stream_open_req_t
> *open_param,
> >>                             const SaNameT
> >> *logStreamName,
> >>
> >> lga_client_hdl_rec_t *hdl_rec,
> >> @@ -67,9 +81,7 @@ static void populate_open_params(lgsv_st
> >>    open_param->lstr_name = *logStreamName;
> >>
> >>    if (logFileCreateAttributes == NULL ||
> >> -      strcmp((const char *)logStreamName->value,
> >> SA_LOG_STREAM_NOTIFICATION) == 0 ||
> >> -      strcmp((const char *)logStreamName->value,
> >> SA_LOG_STREAM_ALARM) == 0 ||
> >> -      strcmp((const char *)logStreamName->value,
> >> SA_LOG_STREAM_SYSTEM) == 0) {
> >> +      is_well_know_stream((const char*)logStreamName-
> >> >value)) {
> >>            open_param->logFileFmt = NULL;
> >>            open_param->logFileFmtLength = 0;
> >>            open_param->maxLogFileSize = 0;
> >> @@ -684,7 +696,7 @@ static SaAisErrorT validate_open_params(
> >>                    /* Verify that the
> >> fixedLogRecordSize is in valid range */
> >>                    if ((logFileCreateAttributes-
> >> >maxLogRecordSize != 0) &&
> >>
> >>    ((logFileCreateAttributes->maxLogRecordSize <
> >> SA_LOG_MIN_RECORD_SIZE) ||
> >> -
> >>    (logFileCreateAttributes->maxLogRecordSize >
> >> SA_LOG_MAX_RECORD_SIZE))) {
> >> +
> >> (is_over_max_logrecord(logFileCreateAttributes->maxLogRecordSize) ==
> >> true))) {
> >>
> >>    TRACE("maxLogRecordSize is invalid");
> >>                            return
> >> SA_AIS_ERR_INVALID_PARAM;
> >>                    }
> >> @@ -1151,6 +1163,26 @@ SaAisErrorT saLogWriteLogAsync(SaLogStre
> >>            goto done;
> >>    }
> >>
> >> +  if (logRecord->logBuffer != NULL && logRecord->logBuffer-
> >> >logBuf != NULL) {
> >> +          SaSizeT size = logRecord->logBuffer->logBufSize;
> >> +          if (is_well_know_stream((const
> >> char*)lstr_hdl_rec->log_stream_name.value) == true) {
> >> +                  bool sizeOver = size > strlen((char
> >> *)logRecord->logBuffer->logBuf) + 1;
> >> +                  /* Prevent log client accidently
> >> assign too big number to logBufSize. */
> >> +                  if (sizeOver == true) {
> >> +                          TRACE("logBufSize
> >> > strlen(logBuf) + 1");
> >> +                          ais_rc =
> >> SA_AIS_ERR_INVALID_PARAM;
> >> +                          goto
> >> done_give_hdl_stream;
> >> +                  }
> >> +          }
> >> +
> >> +          /* Prevent sending too big data to server side */
> >> +          if (is_over_max_logrecord(size) == true) {
> >> +                  TRACE("logBuf data is too big
> >> (max: %d)", SA_LOG_MAX_RECORD_SIZE);
> >> +                  ais_rc =
> >> SA_AIS_ERR_INVALID_PARAM;
> >> +                  goto done_give_hdl_stream;
> >> +          }
> >> +  }
> >> +
> >>    /* SA_AIS_ERR_INVALID_PARAM, bullet 1 in SAI-AIS-LOG-
> >> A.02.01
> >>       Section 3.6.3, Return Values */
> >>    if (lstr_hdl_rec->log_header_type != logRecord->logHdrType)
> >> {
> >> diff --git a/tests/logsv/tet_saLogStreamOpen_2.c
> >> b/tests/logsv/tet_saLogStreamOpen_2.c
> >> --- a/tests/logsv/tet_saLogStreamOpen_2.c
> >> +++ b/tests/logsv/tet_saLogStreamOpen_2.c
> >> @@ -724,6 +724,8 @@ extern void saLogWriteLogAsync_14(void);
> >>  extern void saLogWriteLogAsync_15(void);
> >>  extern void saLogWriteLogAsync_16(void);
> >>  extern void saLogWriteLogAsync_17(void);
> >> +extern void saLogWriteLogAsync_18(void);
> >> +extern void saLogWriteLogAsync_19(void);
> >>  extern void saLogWriteLogCallbackT_01(void);
> >>  extern void saLogWriteLogCallbackT_02(void);
> >>  extern void saLogWriteLogCallbackT_03(void);
> >> @@ -774,6 +776,8 @@ extern void saLogStreamClose_01(void);
> >>      test_case_add(2, saLogWriteLogAsync_15, "saLogWriteAsyncLog() NTF
> >> notificationObject length == 256");
> >>      test_case_add(2, saLogWriteLogAsync_16, "saLogWriteAsyncLog() NTF
> >> notifyingObject length == 256");
> >>      test_case_add(2, saLogWriteLogAsync_17, "saLogWriteLogAsync()
> Generic
> >> logSvcUsrName length == 256");
> >> +    test_case_add(2, saLogWriteLogAsync_18, "saLogWriteLogAsync()
> >> logBufSize > strlen(logBuf) + 1");
> >> +    test_case_add(2, saLogWriteLogAsync_19, "saLogWriteLogAsync()
> >> logBufSize > SA_LOG_MAX_RECORD_SIZE");
> >>      test_case_add(2, saLogWriteLogCallbackT_01,
> "saLogWriteLogCallbackT()
> >> SA_DISPATCH_ONE");
> >>      test_case_add(2, saLogWriteLogCallbackT_02,
> "saLogWriteLogCallbackT()
> >> SA_DISPATCH_ALL");
> >>      test_case_add(2, saLogFilterSetCallbackT_01,
> "saLogFilterSetCallbackT
> >> OK");
> >> diff --git a/tests/logsv/tet_saLogWriteLogAsync.c
> >> b/tests/logsv/tet_saLogWriteLogAsync.c
> >> --- a/tests/logsv/tet_saLogWriteLogAsync.c
> >> +++ b/tests/logsv/tet_saLogWriteLogAsync.c
> >> @@ -514,3 +514,41 @@ void saLogWriteLogAsync_17(void)
> >>            test_validate(rc1,
> >> SA_AIS_ERR_INVALID_PARAM);
> >>    }
> >>  }
> >> +
> >> +/**
> >> + * saLogWriteAsyncLog() - logBufSize > strlen(logBuf) + 1
> >> + */
> >> +void saLogWriteLogAsync_18(void)
> >> +{
> >> +  SaInvocationT invocation = 0;
> >> +
> >> +  strcpy((char*)genLogRecord.logBuffer->logBuf,
> >> __FUNCTION__);
> >> +  genLogRecord.logBuffer->logBufSize = strlen(__FUNCTION__)
> >> + 2;
> >> +  safassert(saLogInitialize(&logHandle, &logCallbacks,
> >> &logVersion), SA_AIS_OK);
> >> +  safassert(saLogStreamOpen_2(logHandle,
> >> &systemStreamName, NULL, 0,
> >> +
> >> SA_TIME_ONE_SECOND, &logStreamHandle), SA_AIS_OK);
> >> +  rc = saLogWriteLogAsync(logStreamHandle, invocation, 0,
> >> &genLogRecord);
> >> +  safassert(saLogFinalize(logHandle), SA_AIS_OK);
> >> +  test_validate(rc, SA_AIS_ERR_INVALID_PARAM);
> >> +}
> >> +
> >> +/**
> >> + * saLogWriteAsyncLog() - big logBufSize > SA_LOG_MAX_RECORD_SIZE
> >> + */
> >> +void saLogWriteLogAsync_19(void)
> >> +{
> >> +  SaInvocationT invocation = 0;
> >> +  char logBuf[SA_LOG_MAX_RECORD_SIZE + 10];
> >> +
> >> +  memset(logBuf, 'A', sizeof(logBuf));
> >> +  logBuf[sizeof(logBuf) - 1] = '\0';
> >> +
> >> +  genLogRecord.logBuffer->logBuf = (SaUint8T *)&logBuf;
> >> +  genLogRecord.logBuffer->logBufSize =
> >> SA_LOG_MAX_RECORD_SIZE + 10;
> >> +  safassert(saLogInitialize(&logHandle, &logCallbacks,
> >> &logVersion), SA_AIS_OK);
> >> +  safassert(saLogStreamOpen_2(logHandle,
> >> &systemStreamName, NULL, 0,
> >> +
> >> SA_TIME_ONE_SECOND, &logStreamHandle), SA_AIS_OK);
> >> +  rc = saLogWriteLogAsync(logStreamHandle, invocation, 0,
> >> &genLogRecord);
> >> +  safassert(saLogFinalize(logHandle), SA_AIS_OK);
> >> +  test_validate(rc, SA_AIS_ERR_INVALID_PARAM);
> >> +}


------------------------------------------------------------------------------
Mobile security can be enabling, not merely restricting. Employees who
bring their own devices (BYOD) to work are irked by the imposition of MDM
restrictions. Mobile Device Manager Plus allows you to control only the
apps on BYO-devices by containerizing them, leaving personal data untouched!
https://ad.doubleclick.net/ddm/clk/304595813;131938128;j
_______________________________________________
Opensaf-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/opensaf-devel

Reply via email to