Skip to content

Commit

Permalink
Fix #546, add argument validation
Browse files Browse the repository at this point in the history
  • Loading branch information
zanzaben committed Feb 16, 2021
1 parent cf25a50 commit d2b26a3
Show file tree
Hide file tree
Showing 3 changed files with 33 additions and 28 deletions.
47 changes: 20 additions & 27 deletions fsw/cfe-core/src/es/cfe_es_api.c
Original file line number Diff line number Diff line change
Expand Up @@ -867,7 +867,7 @@ int32 CFE_ES_GetAppName(char *AppName, CFE_ES_AppId_t AppId, size_t BufferLength
int32 Result;
CFE_ES_AppRecord_t *AppRecPtr;

if (BufferLength == 0 || AppName == NULL)
if (BufferLength == 0 || AppName == NULL || BufferLength > OS_MAX_API_NAME)
{
return CFE_ES_BAD_ARGUMENT;
}
Expand Down Expand Up @@ -1731,21 +1731,14 @@ int32 CFE_ES_RegisterCDS(CFE_ES_CDSHandle_t *CDSHandlePtr, size_t BlockSize, con
char AppName[OS_MAX_API_NAME] = {"UNKNOWN"};
char CDSName[CFE_MISSION_ES_CDS_MAX_FULL_NAME_LEN] = {""};

/* Initialize output to safe value, in case this fails */
*CDSHandlePtr = CFE_ES_CDS_BAD_HANDLE;

/* Check to make sure calling application is legit */
Status = CFE_ES_GetAppID(&ThisAppId);

if ( Status != CFE_SUCCESS || CDSHandlePtr == NULL || Name == NULL) /* Application ID was invalid */
{
CFE_ES_WriteToSysLog("CFE_ES_RegisterCDS:-Failed invalid arguments\n");
Status = CFE_ES_BAD_ARGUMENT;
if (CDSHandlePtr == NULL || Name == NULL){
CFE_ES_WriteToSysLog("CFE_ES_RegisterCDS:-Failed invalid arguments\n");
Status = CFE_ES_BAD_ARGUMENT;
}
else
{
/* Initialize output to safe value, in case this fails */
*CDSHandlePtr = CFE_ES_RESOURCEID_UNDEFINED;
*CDSHandlePtr = CFE_ES_CDS_BAD_HANDLE;

/* Check to make sure calling application is legit */
Status = CFE_ES_GetAppID(&ThisAppId);
Expand All @@ -1768,28 +1761,28 @@ int32 CFE_ES_RegisterCDS(CFE_ES_CDSHandle_t *CDSHandlePtr, size_t BlockSize, con
NameLen = strlen(Name);
if ((NameLen > CFE_MISSION_ES_CDS_MAX_NAME_LENGTH) || (NameLen == 0))
{
Status = CFE_ES_CDS_INVALID_NAME;
Status = CFE_ES_CDS_INVALID_NAME;

/* Perform a buffer overrun safe copy of name for debug log message */
/* Perform a buffer overrun safe copy of name for debug log message */

strncpy(CDSName, Name, sizeof(CDSName) - 1);
CDSName[sizeof(CDSName) - 1] = '\0';
CFE_ES_WriteToSysLog("CFE_CDS:Register-CDS Name (%s) is too long\n", CDSName);
strncpy(CDSName, Name, sizeof(CDSName) - 1);
CDSName[sizeof(CDSName) - 1] = '\0';
CFE_ES_WriteToSysLog("CFE_CDS:Register-CDS Name (%s) is too long\n", CDSName);
}
else
{
/* Modify specified name to be processor specific name */
/* of the form "AppName.Name" */
CFE_ES_FormCDSName(CDSName, Name, ThisAppId);
/* Modify specified name to be processor specific name */
/* of the form "AppName.Name" */
CFE_ES_FormCDSName(CDSName, Name, ThisAppId);

/* Create CDS and designate it as NOT being a Critical Table */
Status = CFE_ES_RegisterCDSEx(CDSHandlePtr, BlockSize, CDSName, false);
/* Create CDS and designate it as NOT being a Critical Table */
Status = CFE_ES_RegisterCDSEx(CDSHandlePtr, BlockSize, CDSName, false);

/* If size is unacceptable, log it */
if (Status == CFE_ES_CDS_INVALID_SIZE)
{
CFE_ES_WriteToSysLog("CFE_CDS:Register-CDS %s has invalid size (%lu)\n", Name, (unsigned long)BlockSize);
}
/* If size is unacceptable, log it */
if (Status == CFE_ES_CDS_INVALID_SIZE)
{
CFE_ES_WriteToSysLog("CFE_CDS:Register-CDS %s has invalid size (%lu)\n", Name, (unsigned long)BlockSize);
}
}
}
}
Expand Down
6 changes: 6 additions & 0 deletions fsw/cfe-core/src/sb/cfe_sb_api.c
Original file line number Diff line number Diff line change
Expand Up @@ -2081,6 +2081,12 @@ CFE_SB_Buffer_t *CFE_SB_ZeroCopyGetPtr(size_t MsgSize,
CFE_SB_ZeroCopyD_t *zcd = NULL;
CFE_SB_BufferD_t *bd = NULL;

if(MsgSize > CFE_MISSION_SB_MAX_SB_MSG_SIZE)
{
CFE_ES_WriteToSysLog(" CFE_SB:ZeroCopyGetPtr-Failed, MsgSize is too large\n");
return NULL;
}

CFE_SB_LockSharedData(__func__,__LINE__);

/* Allocate a new zero copy descriptor from the SB memory pool.*/
Expand Down
8 changes: 7 additions & 1 deletion fsw/cfe-core/src/sb/cfe_sb_util.c
Original file line number Diff line number Diff line change
Expand Up @@ -160,7 +160,13 @@ void CFE_SB_SetUserDataLength(CFE_MSG_Message_t *MsgPtr, size_t DataLength)
HdrSize = CFE_SB_MsgHdrSize(MsgPtr);
TotalMsgSize = HdrSize + DataLength;

CFE_MSG_SetSize(MsgPtr, TotalMsgSize);
if(TotalMsgSize <= CFE_MISSION_SB_MAX_SB_MSG_SIZE){
CFE_MSG_SetSize(MsgPtr, TotalMsgSize);
}
else
{
CFE_ES_WriteToSysLog("CFE_SB:SetUserDataLength-Failed TotalMsgSize too large\n");
}
}
}/* end CFE_SB_SetUserDataLength */

Expand Down

0 comments on commit d2b26a3

Please sign in to comment.