diff options
| author | Bui Nguyen Quoc Thanh <49302843+thanhbnq@users.noreply.github.com> | 2021-05-12 10:08:29 +0700 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-05-12 10:08:29 +0700 |
| commit | f5344f8cf036e6dcb899522e8e679639dd23e1a4 (patch) | |
| tree | c193ae5c2b919f89415a815b78ab54a7661a2619 | |
| parent | b95044abb202838837b0566efc40ae26308a4bb4 (diff) | |
| parent | ad8a6ab070803f2b0e0fa177fd6638c10db2dde3 (diff) | |
| download | DLT-daemon-f5344f8cf036e6dcb899522e8e679639dd23e1a4.tar.gz | |
Merge pull request from GHSA-7cqp-2hqj-mh3f
daemon: check the conf inputs
| -rw-r--r-- | src/daemon/dlt-daemon.c | 40 | ||||
| -rw-r--r-- | src/daemon/dlt_daemon_common.c | 6 | ||||
| -rw-r--r-- | src/shared/dlt_common.c | 8 |
3 files changed, 47 insertions, 7 deletions
diff --git a/src/daemon/dlt-daemon.c b/src/daemon/dlt-daemon.c index d26de79..912cd2c 100644 --- a/src/daemon/dlt-daemon.c +++ b/src/daemon/dlt-daemon.c @@ -89,6 +89,10 @@ static int dlt_daemon_log_internal(DltDaemon *daemon, DltDaemonLocal *daemon_local, char *str, int verbose); +static int dlt_daemon_check_numeric_setting(char *token, + char *value, + unsigned long *data); + #ifdef DLT_SYSTEMD_WATCHDOG_ENABLE static uint32_t watchdog_trigger_interval; /* watchdog trigger interval in [s] */ #endif @@ -98,6 +102,9 @@ int g_exit = 0; int g_signo = 0; +/* used for value from conf file */ +static int value_length = 1024; + static char dlt_timer_conn_types[DLT_TIMER_UNKNOWN + 1] = { [DLT_TIMER_PACKET] = DLT_CONNECTION_ONE_S_TIMER, [DLT_TIMER_ECU] = DLT_CONNECTION_SIXTY_S_TIMER, @@ -318,7 +325,6 @@ int option_handling(DltDaemonLocal *daemon_local, int argc, char *argv[]) int option_file_parser(DltDaemonLocal *daemon_local) { FILE *pFile; - int value_length = 1024; char line[value_length - 1]; char token[value_length]; char value[value_length]; @@ -531,19 +537,27 @@ int option_file_parser(DltDaemonLocal *daemon_local) } else if (strcmp(token, "RingbufferMinSize") == 0) { - sscanf(value, "%lu", &(daemon_local->RingbufferMinSize)); + if (dlt_daemon_check_numeric_setting(token, + value, &(daemon_local->RingbufferMinSize)) < 0) + return -1; } else if (strcmp(token, "RingbufferMaxSize") == 0) { - sscanf(value, "%lu", &(daemon_local->RingbufferMaxSize)); + if (dlt_daemon_check_numeric_setting(token, + value, &(daemon_local->RingbufferMaxSize)) < 0) + return -1; } else if (strcmp(token, "RingbufferStepSize") == 0) { - sscanf(value, "%lu", &(daemon_local->RingbufferStepSize)); + if (dlt_daemon_check_numeric_setting(token, + value, &(daemon_local->RingbufferStepSize)) < 0) + return -1; } else if (strcmp(token, "DaemonFIFOSize") == 0) { - sscanf(value, "%lu", &(daemon_local->daemonFifoSize)); + if (dlt_daemon_check_numeric_setting(token, + value, &(daemon_local->daemonFifoSize)) < 0) + return -1; } else if (strcmp(token, "SharedMemorySize") == 0) { @@ -1909,6 +1923,22 @@ int dlt_daemon_log_internal(DltDaemon *daemon, DltDaemonLocal *daemon_local, cha return 0; } +int dlt_daemon_check_numeric_setting(char *token, + char *value, + unsigned long *data) +{ + char value_check[value_length]; + value_check[0] = 0; + sscanf(value, "%lu%s", data, value_check); + if (value_check[0] || !isdigit(value[0])) { + fprintf(stderr, "Invalid input [%s] detected in option %s\n", + value, + token); + return -1; + } + return 0; +} + int dlt_daemon_process_client_connect(DltDaemon *daemon, DltDaemonLocal *daemon_local, DltReceiver *receiver, diff --git a/src/daemon/dlt_daemon_common.c b/src/daemon/dlt_daemon_common.c index 5273433..e56b751 100644 --- a/src/daemon/dlt_daemon_common.c +++ b/src/daemon/dlt_daemon_common.c @@ -236,8 +236,10 @@ int dlt_daemon_init(DltDaemon *daemon, dlt_vlog(LOG_INFO, "Ringbuffer configuration: %lu/%lu/%lu\n", RingbufferMinSize, RingbufferMaxSize, RingbufferStepSize); - if (dlt_buffer_init_dynamic(&(daemon->client_ringbuffer), (uint32_t) RingbufferMinSize, (uint32_t) RingbufferMaxSize, - (uint32_t) RingbufferStepSize) == DLT_RETURN_ERROR) + if (dlt_buffer_init_dynamic(&(daemon->client_ringbuffer), + (uint32_t) RingbufferMinSize, + (uint32_t) RingbufferMaxSize, + (uint32_t) RingbufferStepSize) < DLT_RETURN_OK) return -1; daemon->storage_handle = NULL; diff --git a/src/shared/dlt_common.c b/src/shared/dlt_common.c index 9fe6c88..507c8ad 100644 --- a/src/shared/dlt_common.c +++ b/src/shared/dlt_common.c @@ -2350,6 +2350,14 @@ DltReturnValue dlt_buffer_init_dynamic(DltBuffer *buf, uint32_t min_size, uint32 head->write = 0; head->count = 0; buf->mem = (unsigned char *)(buf->shm + sizeof(DltBufferHead)); + + if (buf->min_size < (uint32_t)sizeof(DltBufferHead)) { + dlt_vlog(LOG_ERR, + "%s: min_size is too small [%u]\n", + __func__, buf->min_size); + return DLT_RETURN_WRONG_PARAMETER; + } + buf->size = (uint32_t) (buf->min_size - sizeof(DltBufferHead)); dlt_vlog(LOG_DEBUG, |