osaf/libs/agents/saf/ntfa/ntfa_api.c | 18 +++++ osaf/libs/common/ntfsv/include/ntfsv_msg.h | 1 - osaf/libs/common/ntfsv/ntfsv_mem.c | 10 ++- osaf/services/saf/ntfsv/ntfs/NtfLogger.cc | 2 +- tests/ntfsv/tet_ntf_common.c | 5 +- tests/ntfsv/tet_saNtfNotificationSend.c | 92 ++++++++++++++++++++++++++++++ 6 files changed, 122 insertions(+), 6 deletions(-)
In AIS, it states "additionalText length must be consistent with lengthAdditionalText" But NTFA did not check this. So, when data is passing to LOGA, ntfsv got invalid param. This patch adds the check. Also fix few error in ntftest - used `sizeof` to calculate the string length instead of `strlen`. Besides, adding an early check to avoid allocating a too long `additionalText`. diff --git a/osaf/libs/agents/saf/ntfa/ntfa_api.c b/osaf/libs/agents/saf/ntfa/ntfa_api.c --- a/osaf/libs/agents/saf/ntfa/ntfa_api.c +++ b/osaf/libs/agents/saf/ntfa/ntfa_api.c @@ -550,6 +550,24 @@ static SaAisErrorT checkHeader(v_data *p return rc; } + // AIS: additionalText must be consistent with lengthAdditionalText + if (nh->additionalText == NULL && nh->lengthAdditionalText != 0) { + TRACE_1("Mismatch b/w additionalText and lengthAdditionalText"); + return SA_AIS_ERR_INVALID_PARAM; + } + + if (nh->lengthAdditionalText > MAX_ADDITIONAL_TEXT_LENGTH) { + TRACE_1("lengthAdditionalText is too long"); + return SA_AIS_ERR_INVALID_PARAM; + } + + SaUint16T len = nh->lengthAdditionalText; + SaStringT addT = nh->additionalText; + if ((addT != NULL) && (len != strlen(addT) + 1)) { + TRACE_1("Mismatch b/w additionalText and lengthAdditionalText"); + return SA_AIS_ERR_INVALID_PARAM; + } + return SA_AIS_OK; } diff --git a/osaf/libs/common/ntfsv/include/ntfsv_msg.h b/osaf/libs/common/ntfsv/include/ntfsv_msg.h --- a/osaf/libs/common/ntfsv/include/ntfsv_msg.h +++ b/osaf/libs/common/ntfsv/include/ntfsv_msg.h @@ -34,7 +34,6 @@ extern "C" { /*MAX length of addtionaltext conforms to MAX value of logMaxLogrecsize as mentioned in LOGSV PR doc Section 3.5.2.1*/ #define MAX_ADDITIONAL_TEXT_LENGTH 65535 -#define MAX_DISCARDED_NOTIFICATIONS 1024 /* Message type enums */ typedef enum { diff --git a/osaf/libs/common/ntfsv/ntfsv_mem.c b/osaf/libs/common/ntfsv/ntfsv_mem.c --- a/osaf/libs/common/ntfsv/ntfsv_mem.c +++ b/osaf/libs/common/ntfsv/ntfsv_mem.c @@ -136,6 +136,14 @@ SaAisErrorT ntfsv_alloc_ntf_header(SaNtf TRACE("NULL pointer in *notificationHeader!"); return SA_AIS_ERR_INVALID_PARAM; } + + // Early intervention + if (lengthAdditionalText > MAX_ADDITIONAL_TEXT_LENGTH) { + TRACE("lengthAdditionalText is too long"); + TRACE_LEAVE(); + return SA_AIS_ERR_INVALID_PARAM; + } + notificationHeader->numCorrelatedNotifications = numCorrelatedNotifications; notificationHeader->lengthAdditionalText = lengthAdditionalText; notificationHeader->numAdditionalInfo = numAdditionalInfo; @@ -222,7 +230,7 @@ SaAisErrorT ntfsv_alloc_ntf_header(SaNtf /* Additional text */ if (lengthAdditionalText != 0) { - notificationHeader->additionalText = (SaStringT)malloc(lengthAdditionalText * sizeof(char)); + notificationHeader->additionalText = (SaStringT)calloc(1, lengthAdditionalText * sizeof(char)); if (notificationHeader->additionalText == NULL) { TRACE("Out of memory in additionalText field"); rc = SA_AIS_ERR_NO_MEMORY; diff --git a/osaf/services/saf/ntfsv/ntfs/NtfLogger.cc b/osaf/services/saf/ntfsv/ntfs/NtfLogger.cc --- a/osaf/services/saf/ntfsv/ntfs/NtfLogger.cc +++ b/osaf/services/saf/ntfsv/ntfs/NtfLogger.cc @@ -189,7 +189,7 @@ SaAisErrorT NtfLogger::logNotification(N /* Write to the log if we're the local node */ SaAisErrorT errorCode = SA_AIS_OK; SaLogHeaderT logHeader; - char addTextBuf[MAX_ADDITIONAL_TEXT_LENGTH]; + char addTextBuf[MAX_ADDITIONAL_TEXT_LENGTH] = {0}; SaLogBufferT logBuffer; ntfsv_send_not_req_t* sendNotInfo; SaNtfNotificationHeaderT *ntfHeader; diff --git a/tests/ntfsv/tet_ntf_common.c b/tests/ntfsv/tet_ntf_common.c --- a/tests/ntfsv/tet_ntf_common.c +++ b/tests/ntfsv/tet_ntf_common.c @@ -797,7 +797,7 @@ void createObjectCreateDeleteNotificatio ntfHandle, /* handle to Notification Service instance */ myObjCrDelNotification, 0, - (SaUint16T)(sizeof(DEFAULT_ADDITIONAL_TEXT) +1), + (SaUint16T)(strlen(DEFAULT_ADDITIONAL_TEXT) +1), 0, 2, SA_NTF_ALLOC_SYSTEM_LIMIT), SA_AIS_OK); @@ -840,7 +840,7 @@ void createObjectCreateDeleteNotificatio /* set additional text and additional info */ (void) strncpy(head->additionalText, DEFAULT_ADDITIONAL_TEXT, - (SaUint16T)(sizeof(DEFAULT_ADDITIONAL_TEXT) +1)); + (SaUint16T)(strlen(DEFAULT_ADDITIONAL_TEXT) +1)); /* Set source indicator */ *(myObjCrDelNotification->sourceIndicator) = SA_NTF_UNKNOWN_OPERATION; @@ -852,7 +852,6 @@ void createObjectCreateDeleteNotificatio myObjCrDelNotification->objectAttributes[1].attributeId = 1; myObjCrDelNotification->objectAttributes[1].attributeType = SA_NTF_VALUE_INT32; myObjCrDelNotification->objectAttributes[1].attributeValue.int32Val = 2; - } diff --git a/tests/ntfsv/tet_saNtfNotificationSend.c b/tests/ntfsv/tet_saNtfNotificationSend.c --- a/tests/ntfsv/tet_saNtfNotificationSend.c +++ b/tests/ntfsv/tet_saNtfNotificationSend.c @@ -714,6 +714,96 @@ void saNtfNotificationSend_12(void) test_validate(rc, SA_AIS_ERR_INVALID_PARAM); } +void send_mismatch_addtext(void) { + SaNtfObjectCreateDeleteNotificationT myNotification; + + saNotificationAllocationParamsT myNotificationAllocationParams; + saNotificationFilterAllocationParamsT myNotificationFilterAllocationParams; + saNotificationParamsT myNotificationParams; + + fillInDefaultValues(&myNotificationAllocationParams, + &myNotificationFilterAllocationParams, &myNotificationParams); + + safassert(saNtfInitialize(&ntfHandle, NULL, &ntfVersion), SA_AIS_OK); + safassert(saNtfObjectCreateDeleteNotificationAllocate( + ntfHandle, /* handle to Notification Service instance */ + &myNotification, + /* number of correlated notifications */ + myNotificationAllocationParams.numCorrelatedNotifications, + /* length of additional text */ + myNotificationAllocationParams.lengthAdditionalText + 1, + /* number of additional info items*/ + myNotificationAllocationParams.numAdditionalInfo, + /* number of state changes */ + myNotificationAllocationParams.numObjectAttributes, + /* use default allocation size */ + myNotificationAllocationParams.variableDataSize), SA_AIS_OK); + + /* Event type */ + *(myNotification.notificationHeader.eventType) = SA_NTF_OBJECT_CREATION; + + /* event time to be set automatically to current + time by saNtfNotificationSend */ + *(myNotification.notificationHeader.eventTime) + = myNotificationParams.eventTime; + + /* Set Notification Object */ + myNotification.notificationHeader.notificationObject->length + = myNotificationParams.notificationObject.length; + (void) memcpy(myNotification.notificationHeader.notificationObject->value, + myNotificationParams.notificationObject.value, + myNotificationParams.notificationObject.length); + + /* Set Notifying Object */ + myNotification.notificationHeader.notifyingObject->length + = myNotificationParams.notifyingObject.length; + (void) memcpy(myNotification.notificationHeader.notifyingObject->value, + myNotificationParams.notifyingObject.value, + myNotificationParams.notifyingObject.length); + + /* set Notification Class Identifier */ + /* vendor id 33333 is not an existing SNMP enterprise number. + Just an example */ + myNotification.notificationHeader.notificationClassId->vendorId + = myNotificationParams.notificationClassId.vendorId; + + /* sub id of this notification class within "name space" of vendor ID */ + myNotification.notificationHeader.notificationClassId->majorId + = myNotificationParams.notificationClassId.majorId; + myNotification.notificationHeader.notificationClassId->minorId + = myNotificationParams.notificationClassId.minorId; + + // Mismatch b/w `lengthAdditionalText` vs `additionalText` + (void) strncpy(myNotification.notificationHeader.additionalText, + myNotificationParams.additionalText, + myNotificationAllocationParams.lengthAdditionalText); + + /* Set source indicator */ + *myNotification.sourceIndicator + = myNotificationParams.objectCreateDeleteSourceIndicator; + + /* Set objectAttibutes */ + myNotification.objectAttributes[0].attributeId + = myNotificationParams.objectAttributes[0].attributeId; + myNotification.objectAttributes[0].attributeType + = myNotificationParams.objectAttributes[0].attributeType; + myNotification.objectAttributes[0].attributeValue.int32Val + = myNotificationParams.objectAttributes[0].attributeValue.int32Val; + + myNotificationParams.eventType + = myNotificationParams.objectCreateDeleteEventType; + fill_header_part(&myNotification.notificationHeader, + (saNotificationParamsT *) &myNotificationParams, + myNotificationAllocationParams.lengthAdditionalText); + + rc = saNtfNotificationSend(myNotification.notificationHandle); + + free(myNotificationParams.additionalText); + safassert(saNtfNotificationFree(myNotification.notificationHandle), SA_AIS_OK); + safassert(saNtfFinalize(ntfHandle), SA_AIS_OK); + test_validate(rc, SA_AIS_ERR_INVALID_PARAM); +} + __attribute__ ((constructor)) static void saNtfNotificationSend_constructor( void) { test_suite_add(8, "Producer API 3 send"); @@ -740,5 +830,7 @@ void saNtfNotificationSend_12(void) "securityAlarmDetector.valueType failed SA_AIS_ERR_INVALID_PARAM"); test_case_add(8, saNtfNotificationSend_12, "saNtfNotificationSend ObjectCreateDeleteNotification SaNameT length == 256"); + test_case_add(8, send_mismatch_addtext, + "saNtfNotificationSend with mismatched in additionalText and lengthAdditionalText"); } ------------------------------------------------------------------------------ _______________________________________________ Opensaf-devel mailing list Opensaf-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/opensaf-devel