Skip to content

Commit 85e9638

Browse files
jeff-lien-sndkigaw
jeff-lien-sndk
authored and
igaw
committed
ocp: Fix telemetry string log json format parsing
The parsing of the ocp 2.5 telemetry string log fails with buffer overflow errors. The overflows are caused by arrays that aren't long enough to contain the data once converted to a string. This change will fix the overflow failures. Reviewed-by: brandon-paupore-sndk <[email protected]> Signed-off-by: jeff-lien-sndk <[email protected]>
1 parent 2e112db commit 85e9638

File tree

2 files changed

+40
-32
lines changed

2 files changed

+40
-32
lines changed

plugins/ocp/ocp-nvme.h

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -11,7 +11,7 @@
1111
#if !defined(OCP_NVME) || defined(CMD_HEADER_MULTI_READ)
1212
#define OCP_NVME
1313

14-
#define OCP_PLUGIN_VERSION "2.15.1"
14+
#define OCP_PLUGIN_VERSION "2.15.2"
1515
#include "cmd.h"
1616

1717
PLUGIN(NAME("ocp", "OCP cloud SSD extensions", OCP_PLUGIN_VERSION),

plugins/ocp/ocp-print-json.c

Lines changed: 39 additions & 31 deletions
Original file line numberDiff line numberDiff line change
@@ -762,15 +762,23 @@ static void json_c4_log(struct ocp_device_capabilities_log_page *log_data)
762762
json_free_object(root);
763763
}
764764

765+
/* Array lengths need to be doubled + 2 to handle
766+
* conversion to null terminated strings
767+
*/
768+
#define RESERVED_ARRAY_LEN 98 /* (2*48) + 2 */
769+
#define GUID_BUFFER_LEN 34 /* (2*GUID_LEN) + 2 */
770+
/* Add one additional space for the null terminating char */
771+
#define FIFO_ARRAY_LEN 17
772+
765773
static void json_c9_log(struct telemetry_str_log_format *log_data, __u8 *log_data_buf,
766774
int total_log_page_size)
767775
{
768776
struct json_object *root = json_create_object();
769-
char res_arr[48];
777+
char res_arr[RESERVED_ARRAY_LEN];
770778
char *res = res_arr;
771-
char guid_buf[GUID_LEN];
779+
char guid_buf[GUID_BUFFER_LEN];
772780
char *guid = guid_buf;
773-
char fifo_arr[16];
781+
char fifo_arr[FIFO_ARRAY_LEN];
774782
char *fifo = fifo_arr;
775783
char buf[128];
776784
//calculating the index value for array
@@ -786,31 +794,31 @@ static void json_c9_log(struct telemetry_str_log_format *log_data, __u8 *log_dat
786794
struct statistics_id_str_table_entry stat_id_str_table_arr[stat_id_index];
787795
struct event_id_str_table_entry event_id_str_table_arr[eve_id_index];
788796
struct vu_event_id_str_table_entry vu_event_id_str_table_arr[vu_eve_index];
789-
__u8 ascii_table_info_arr[ascii_table_index];
790-
char ascii_buf[ascii_table_index];
797+
__u8 ascii_table_info_arr[(2*ascii_table_index) + 2];
798+
char ascii_buf[(2*ascii_table_index) + 2];
791799
char *ascii = ascii_buf;
792800
int j;
793801

794802
json_object_add_value_int(root, "Log Page Version",
795803
le16_to_cpu(log_data->log_page_version));
796804

797-
memset((__u8 *)res, 0, 48);
805+
memset((__u8 *)res, 0, RESERVED_ARRAY_LEN);
798806
for (j = 0; j < 15; j++)
799-
res += sprintf(res, "%d", log_data->reserved1[j]);
800-
json_object_add_value_string(root, "Reserved", res_arr);
807+
res += sprintf(res, "%x", log_data->reserved1[j]);
808+
json_object_add_value_string(root, "Reserved 1", res_arr);
801809

802-
memset((void *)guid, 0, GUID_LEN);
810+
memset((void *)guid, 0, GUID_BUFFER_LEN);
803811
for (j = GUID_LEN - 1; j >= 0; j--)
804812
guid += sprintf(guid, "%02x", log_data->log_page_guid[j]);
805813
json_object_add_value_string(root, "Log page GUID", guid_buf);
806814

807815
json_object_add_value_int(root, "Telemetry String Log Size", le64_to_cpu(log_data->sls));
808816

809817
res = res_arr;
810-
memset((__u8 *)res, 0, 48);
818+
memset((__u8 *)res, 0, RESERVED_ARRAY_LEN);
811819
for (j = 0; j < 24; j++)
812-
res += sprintf(res, "%d", log_data->reserved2[j]);
813-
json_object_add_value_string(root, "Reserved", res_arr);
820+
res += sprintf(res, "%x", log_data->reserved2[j]);
821+
json_object_add_value_string(root, "Reserved 2", res_arr);
814822

815823
json_object_add_value_int(root, "Statistics Identifier String Table Start",
816824
le64_to_cpu(log_data->sits));
@@ -825,106 +833,106 @@ static void json_c9_log(struct telemetry_str_log_format *log_data, __u8 *log_dat
825833
json_object_add_value_int(root, "ASCII Table Size",
826834
le64_to_cpu(log_data->asctsz));
827835

828-
memset((void *)fifo, 0, 16);
836+
memset((void *)fifo, 0, FIFO_ARRAY_LEN);
829837
for (j = 0; j < 16; j++)
830838
fifo += sprintf(fifo, "%c", log_data->fifo1[j]);
831839
json_object_add_value_string(root, "FIFO 1 ASCII String", fifo_arr);
832840

833841
fifo = fifo_arr;
834-
memset((void *)fifo, 0, 16);
842+
memset((void *)fifo, 0, FIFO_ARRAY_LEN);
835843
for (j = 0; j < 16; j++)
836844
fifo += sprintf(fifo, "%c", log_data->fifo2[j]);
837845
json_object_add_value_string(root, "FIFO 2 ASCII String", fifo_arr);
838846

839847
fifo = fifo_arr;
840-
memset((void *)fifo, 0, 16);
848+
memset((void *)fifo, 0, FIFO_ARRAY_LEN);
841849
for (j = 0; j < 16; j++)
842850
fifo += sprintf(fifo, "%c", log_data->fifo3[j]);
843851
json_object_add_value_string(root, "FIFO 3 ASCII String", fifo_arr);
844852

845853
fifo = fifo_arr;
846-
memset((void *)fifo, 0, 16);
854+
memset((void *)fifo, 0, FIFO_ARRAY_LEN);
847855
for (j = 0; j < 16; j++)
848856
fifo += sprintf(fifo, "%c", log_data->fifo4[j]);
849857
json_object_add_value_string(root, "FIFO 4 ASCII String", fifo_arr);
850858

851859
fifo = fifo_arr;
852-
memset((void *)fifo, 0, 16);
860+
memset((void *)fifo, 0, FIFO_ARRAY_LEN);
853861
for (j = 0; j < 16; j++)
854862
fifo += sprintf(fifo, "%c", log_data->fifo5[j]);
855863
json_object_add_value_string(root, "FIFO 5 ASCII String", fifo_arr);
856864

857865
fifo = fifo_arr;
858-
memset((void *)fifo, 0, 16);
866+
memset((void *)fifo, 0, FIFO_ARRAY_LEN);
859867
for (j = 0; j < 16; j++)
860868
fifo += sprintf(fifo, "%c", log_data->fifo6[j]);
861869
json_object_add_value_string(root, "FIFO 6 ASCII String", fifo_arr);
862870

863871
fifo = fifo_arr;
864-
memset((void *)fifo, 0, 16);
872+
memset((void *)fifo, 0, FIFO_ARRAY_LEN);
865873
for (j = 0; j < 16; j++)
866874
fifo += sprintf(fifo, "%c", log_data->fifo7[j]);
867875
json_object_add_value_string(root, "FIFO 7 ASCII String", fifo_arr);
868876

869877
fifo = fifo_arr;
870-
memset((void *)fifo, 0, 16);
878+
memset((void *)fifo, 0, FIFO_ARRAY_LEN);
871879
for (j = 0; j < 16; j++)
872880
fifo += sprintf(fifo, "%c", log_data->fifo8[j]);
873881
json_object_add_value_string(root, "FIFO 8 ASCII String", fifo_arr);
874882

875883
fifo = fifo_arr;
876-
memset((void *)fifo, 0, 16);
884+
memset((void *)fifo, 0, FIFO_ARRAY_LEN);
877885
for (j = 0; j < 16; j++)
878886
fifo += sprintf(fifo, "%c", log_data->fifo9[j]);
879887
json_object_add_value_string(root, "FIFO 9 ASCII String", fifo_arr);
880888

881889
fifo = fifo_arr;
882-
memset((void *)fifo, 0, 16);
890+
memset((void *)fifo, 0, FIFO_ARRAY_LEN);
883891
for (j = 0; j < 16; j++)
884892
fifo += sprintf(fifo, "%c", log_data->fifo10[j]);
885893
json_object_add_value_string(root, "FIFO 10 ASCII String", fifo_arr);
886894

887895
fifo = fifo_arr;
888-
memset((void *)fifo, 0, 16);
896+
memset((void *)fifo, 0, FIFO_ARRAY_LEN);
889897
for (j = 0; j < 16; j++)
890898
fifo += sprintf(fifo, "%c", log_data->fifo11[j]);
891899
json_object_add_value_string(root, "FIFO 11 ASCII String", fifo_arr);
892900

893901
fifo = fifo_arr;
894-
memset((void *)fifo, 0, 16);
902+
memset((void *)fifo, 0, FIFO_ARRAY_LEN);
895903
for (j = 0; j < 16; j++)
896904
fifo += sprintf(fifo, "%c", log_data->fifo12[j]);
897905
json_object_add_value_string(root, "FIFO 12 ASCII String", fifo_arr);
898906

899907
fifo = fifo_arr;
900-
memset((void *)fifo, 0, 16);
908+
memset((void *)fifo, 0, FIFO_ARRAY_LEN);
901909
for (j = 0; j < 16; j++)
902910
fifo += sprintf(fifo, "%c", log_data->fifo13[j]);
903911
json_object_add_value_string(root, "FIFO 13 ASCII String", fifo_arr);
904912

905913
fifo = fifo_arr;
906-
memset((void *)fifo, 0, 16);
914+
memset((void *)fifo, 0, FIFO_ARRAY_LEN);
907915
for (j = 0; j < 16; j++)
908916
fifo += sprintf(fifo, "%c", log_data->fifo14[j]);
909917
json_object_add_value_string(root, "FIFO 14 ASCII String", fifo_arr);
910918

911919
fifo = fifo_arr;
912-
memset((void *)fifo, 0, 16);
920+
memset((void *)fifo, 0, FIFO_ARRAY_LEN);
913921
for (j = 0; j < 16; j++)
914922
fifo += sprintf(fifo, "%c", log_data->fifo15[j]);
915923
json_object_add_value_string(root, "FIFO 15 ASCII String", fifo_arr);
916924

917925
fifo = fifo_arr;
918-
memset((void *)fifo, 0, 16);
926+
memset((void *)fifo, 0, FIFO_ARRAY_LEN);
919927
for (j = 0; j < 16; j++)
920928
fifo += sprintf(fifo, "%c", log_data->fifo16[j]);
921929
json_object_add_value_string(root, "FIFO 16 ASCII String", fifo_arr);
922930

923931
res = res_arr;
924-
memset((__u8 *)res, 0, 48);
932+
memset((__u8 *)res, 0, RESERVED_ARRAY_LEN);
925933
for (j = 0; j < 48; j++)
926-
res += sprintf(res, "%d", log_data->reserved3[j]);
927-
json_object_add_value_string(root, "Reserved", res_arr);
934+
res += sprintf(res, "%x", log_data->reserved3[j]);
935+
json_object_add_value_string(root, "Reserved 3", res_arr);
928936

929937
if (log_data->sitsz != 0) {
930938

0 commit comments

Comments
 (0)