From ad8a6ab070803f2b0e0fa177fd6638c10db2dde3 Mon Sep 17 00:00:00 2001 From: Bui Nguyen Quoc Thanh Date: Mon, 10 May 2021 14:02:41 +0700 Subject: daemon: check the conf inputs The configuration of memory buffer size must be carefully parsed and validated to avoid segmentation fault Any misleading information in configuration file must be considered as major error and dlt-daemon should stop and raise error message to stderr This commit also corrects error handling of dlt_buffer_init_dynamic(). Signed-off-by: Bui Nguyen Quoc Thanh --- src/daemon/dlt-daemon.c | 40 +++++++++++++++++++++++++++++++++++----- src/daemon/dlt_daemon_common.c | 6 ++++-- src/shared/dlt_common.c | 8 ++++++++ 3 files changed, 47 insertions(+), 7 deletions(-) diff --git a/src/daemon/dlt-daemon.c b/src/daemon/dlt-daemon.c index d26de79..912cd2c 100644 --- a/src/daemon/dlt-daemon.c +++ b/src/daemon/dlt-daemon.c @@ -89,6 +89,10 @@ static int dlt_daemon_log_internal(DltDaemon *daemon, DltDaemonLocal *daemon_local, char *str, int verbose); +static int dlt_daemon_check_numeric_setting(char *token, + char *value, + unsigned long *data); + #ifdef DLT_SYSTEMD_WATCHDOG_ENABLE static uint32_t watchdog_trigger_interval; /* watchdog trigger interval in [s] */ #endif @@ -98,6 +102,9 @@ int g_exit = 0; int g_signo = 0; +/* used for value from conf file */ +static int value_length = 1024; + static char dlt_timer_conn_types[DLT_TIMER_UNKNOWN + 1] = { [DLT_TIMER_PACKET] = DLT_CONNECTION_ONE_S_TIMER, [DLT_TIMER_ECU] = DLT_CONNECTION_SIXTY_S_TIMER, @@ -318,7 +325,6 @@ int option_handling(DltDaemonLocal *daemon_local, int argc, char *argv[]) int option_file_parser(DltDaemonLocal *daemon_local) { FILE *pFile; - int value_length = 1024; char line[value_length - 1]; char token[value_length]; char value[value_length]; @@ -531,19 +537,27 @@ int option_file_parser(DltDaemonLocal *daemon_local) } else if (strcmp(token, "RingbufferMinSize") == 0) { - sscanf(value, "%lu", &(daemon_local->RingbufferMinSize)); + if (dlt_daemon_check_numeric_setting(token, + value, &(daemon_local->RingbufferMinSize)) < 0) + return -1; } else if (strcmp(token, "RingbufferMaxSize") == 0) { - sscanf(value, "%lu", &(daemon_local->RingbufferMaxSize)); + if (dlt_daemon_check_numeric_setting(token, + value, &(daemon_local->RingbufferMaxSize)) < 0) + return -1; } else if (strcmp(token, "RingbufferStepSize") == 0) { - sscanf(value, "%lu", &(daemon_local->RingbufferStepSize)); + if (dlt_daemon_check_numeric_setting(token, + value, &(daemon_local->RingbufferStepSize)) < 0) + return -1; } else if (strcmp(token, "DaemonFIFOSize") == 0) { - sscanf(value, "%lu", &(daemon_local->daemonFifoSize)); + if (dlt_daemon_check_numeric_setting(token, + value, &(daemon_local->daemonFifoSize)) < 0) + return -1; } else if (strcmp(token, "SharedMemorySize") == 0) { @@ -1909,6 +1923,22 @@ int dlt_daemon_log_internal(DltDaemon *daemon, DltDaemonLocal *daemon_local, cha return 0; } +int dlt_daemon_check_numeric_setting(char *token, + char *value, + unsigned long *data) +{ + char value_check[value_length]; + value_check[0] = 0; + sscanf(value, "%lu%s", data, value_check); + if (value_check[0] || !isdigit(value[0])) { + fprintf(stderr, "Invalid input [%s] detected in option %s\n", + value, + token); + return -1; + } + return 0; +} + int dlt_daemon_process_client_connect(DltDaemon *daemon, DltDaemonLocal *daemon_local, DltReceiver *receiver, diff --git a/src/daemon/dlt_daemon_common.c b/src/daemon/dlt_daemon_common.c index 5273433..e56b751 100644 --- a/src/daemon/dlt_daemon_common.c +++ b/src/daemon/dlt_daemon_common.c @@ -236,8 +236,10 @@ int dlt_daemon_init(DltDaemon *daemon, dlt_vlog(LOG_INFO, "Ringbuffer configuration: %lu/%lu/%lu\n", RingbufferMinSize, RingbufferMaxSize, RingbufferStepSize); - if (dlt_buffer_init_dynamic(&(daemon->client_ringbuffer), (uint32_t) RingbufferMinSize, (uint32_t) RingbufferMaxSize, - (uint32_t) RingbufferStepSize) == DLT_RETURN_ERROR) + if (dlt_buffer_init_dynamic(&(daemon->client_ringbuffer), + (uint32_t) RingbufferMinSize, + (uint32_t) RingbufferMaxSize, + (uint32_t) RingbufferStepSize) < DLT_RETURN_OK) return -1; daemon->storage_handle = NULL; diff --git a/src/shared/dlt_common.c b/src/shared/dlt_common.c index 9fe6c88..507c8ad 100644 --- a/src/shared/dlt_common.c +++ b/src/shared/dlt_common.c @@ -2350,6 +2350,14 @@ DltReturnValue dlt_buffer_init_dynamic(DltBuffer *buf, uint32_t min_size, uint32 head->write = 0; head->count = 0; buf->mem = (unsigned char *)(buf->shm + sizeof(DltBufferHead)); + + if (buf->min_size < (uint32_t)sizeof(DltBufferHead)) { + dlt_vlog(LOG_ERR, + "%s: min_size is too small [%u]\n", + __func__, buf->min_size); + return DLT_RETURN_WRONG_PARAMETER; + } + buf->size = (uint32_t) (buf->min_size - sizeof(DltBufferHead)); dlt_vlog(LOG_DEBUG, -- cgit v1.2.1