deepblue/ipmitool
1
0
Fork 0
mirror of https://github.com/ipmitool/ipmitool.git synced 2025-05-10 18:47:22 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Fix user input validation in Channel and User sub-commands

Browse Source 
Commit fixes validation of user input in Channel and User sub-commands.
This commit is contained in:
Zdenek Styblik 2014-12-22 18:21:51 +01:00
parent 0562c809af
commit 140add9d77
4 changed files with 36 additions and 50 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
include/ipmitool/helper.h
View File

@ -86,7 +86,7 @@ int str2uchar(const char * str, uint8_t * uchr_ptr);
int is_fru_id(const char *argv_ptr, uint8_t *fru_id_ptr); int is_fru_id(const char *argv_ptr, uint8_t *fru_id_ptr);
int is_ipmi_channel_num(const char *argv_ptr, uint8_t *channel_ptr); int is_ipmi_channel_num(const char *argv_ptr, uint8_t *channel_ptr);
int is_ipmi_user_id(const char *argv_ptr, uint8_t *ipmi_uid_ptr); int is_ipmi_user_id(const char *argv_ptr, uint8_t *ipmi_uid_ptr);
int is_ipmi_user_priv_limit(uint8_t priv_limit); int is_ipmi_user_priv_limit(const char *argv_ptr, uint8_t *ipmi_priv_limit_ptr);
uint16_t str2val(const char * str, const struct valstr * vs); uint16_t str2val(const char * str, const struct valstr * vs);
void print_valstr(const struct valstr * vs, const char * title, int loglevel); void print_valstr(const struct valstr * vs, const char * title, int loglevel);

20
lib/helper.c
View File

@ -769,13 +769,25 @@ is_ipmi_user_id(const char *argv_ptr, uint8_t *ipmi_uid_ptr)
* returns (-1) when Priv Limit is invalid * returns (-1) when Priv Limit is invalid
*/ */
int int
is_ipmi_user_priv_limit(uint8_t priv_limit) is_ipmi_user_priv_limit(const char *argv_ptr, uint8_t *ipmi_priv_limit_ptr)
{ {
if (0x00 < priv_limit && priv_limit < 0x06 || priv_limit == 0x0f) { if (!argv_ptr || !ipmi_priv_limit_ptr) {
return 0; lprintf(LOG_ERR,
} else { "is_ipmi_user_priv_limit(): invalid argument(s).");
return (-1); return (-1);
} }
if ((str2uchar(argv_ptr, ipmi_priv_limit_ptr) != 0)
|| ((*ipmi_priv_limit_ptr < 0x01
|| *ipmi_priv_limit_ptr > 0x05)
&& *ipmi_priv_limit_ptr != 0x0F)) {
lprintf(LOG_ERR,
"Given Privilege Limit '%s' is invalid.",
argv_ptr);
lprintf(LOG_ERR,
"Privilege Limit is limited to <0x1..0x5> and <0xF>.");
return (-1);
}
return 0;
} }
uint16_t uint16_t

47
lib/ipmi_channel.c
View File

@ -452,13 +452,8 @@ ipmi_set_user_access(struct ipmi_intf * intf, int argc, char ** argv)
printf_channel_usage(); printf_channel_usage();
return 0; return 0;
} }
if (is_ipmi_channel_num(argv[0], &channel) != 0
if (str2uchar(argv[0], &channel) != 0) { || is_ipmi_user_id(argv[1], &userid) != 0) {
lprintf(LOG_ERR, "Numeric value expected, but '%s' given.", argv[0]);
return (-1);
}
if (str2uchar(argv[1], &userid) != 0) {
lprintf(LOG_ERR, "Numeric value expected, but '%s' given.", argv[1]);
return (-1); return (-1);
} }
@ -815,7 +810,6 @@ ipmi_channel_main(struct ipmi_intf *intf, int argc, char **argv)
int retval = 0; int retval = 0;
uint8_t channel; uint8_t channel;
uint8_t priv = 0; uint8_t priv = 0;
if (argc < 1) { if (argc < 1) {
lprintf(LOG_ERR, "Not enough parameters given."); lprintf(LOG_ERR, "Not enough parameters given.");
printf_channel_usage(); printf_channel_usage();
@ -828,69 +822,56 @@ ipmi_channel_main(struct ipmi_intf *intf, int argc, char **argv)
printf_channel_usage(); printf_channel_usage();
return (-1); return (-1);
} }
/* TODO - validate channel and priv */ if (is_ipmi_channel_num(argv[1], &channel) != 0
if (str2uchar(argv[1], &channel) != 0) { || is_ipmi_user_priv_limit(argv[2], &priv) != 0) {
lprintf(LOG_ERR, "Numeric value expected, but '%s' given.", argv[1]);
return (-1);
}
if (str2uchar(argv[2], &priv) != 0) {
lprintf(LOG_ERR, "Numeric value expected, but '%s' given.", argv[2]);
return (-1); return (-1);
} }
retval = ipmi_get_channel_auth_cap(intf, channel, priv); retval = ipmi_get_channel_auth_cap(intf, channel, priv);
} else if (strncmp(argv[0], "getaccess", 10) == 0) { } else if (strncmp(argv[0], "getaccess", 10) == 0) {
uint8_t ch = 0; uint8_t user_id = 0;
uint8_t id = 0;
if ((argc < 2) || (argc > 3)) { if ((argc < 2) || (argc > 3)) {
printf_channel_usage(); printf_channel_usage();
return (-1); return (-1);
} }
/* TODO - validate channel and uid */ if (is_ipmi_channel_num(argv[1], &channel) != 0) {
if (str2uchar(argv[1], &ch) != 0) {
lprintf(LOG_ERR, "Numeric value expected, but '%s' given.", argv[1]);
return (-1); return (-1);
} }
if (argc == 3) { if (argc == 3) {
if (str2uchar(argv[2], &id) != 0) { if (is_ipmi_user_id(argv[2], &user_id) != 0) {
lprintf(LOG_ERR, "Numeric value expected, but '%s' given.", argv[2]);
return (-1); return (-1);
} }
} }
retval = ipmi_get_user_access(intf, ch, id); retval = ipmi_get_user_access(intf, channel, user_id);
} else if (strncmp(argv[0], "setaccess", 9) == 0) { } else if (strncmp(argv[0], "setaccess", 9) == 0) {
retval = ipmi_set_user_access(intf, argc-1, &(argv[1])); retval = ipmi_set_user_access(intf, argc-1, &(argv[1]));
} else if (strncmp(argv[0], "info", 4) == 0) { } else if (strncmp(argv[0], "info", 4) == 0) {
uint8_t ch = 0xe; channel = 0xE;
if (argc > 2) { if (argc > 2) {
printf_channel_usage(); printf_channel_usage();
return (-1); return (-1);
} }
if (argc == 2) { if (argc == 2) {
/* TODO - validate channel */ if (is_ipmi_channel_num(argv[1], &channel) != 0) {
if (str2uchar(argv[1], &ch) != 0) {
lprintf(LOG_ERR, "Numeric value expected, but '%s' given.", argv[1]);
return (-1); return (-1);
} }
} }
retval = ipmi_get_channel_info(intf, ch); retval = ipmi_get_channel_info(intf, channel);
} else if (strncmp(argv[0], "getciphers", 10) == 0) { } else if (strncmp(argv[0], "getciphers", 10) == 0) {
/* channel getciphers <ipmi|sol> [channel] */ /* channel getciphers <ipmi|sol> [channel] */
uint8_t ch = 0xe; channel = 0xE;
if ((argc < 2) || (argc > 3) || if ((argc < 2) || (argc > 3) ||
(strncmp(argv[1], "ipmi", 4) && strncmp(argv[1], "sol", 3))) { (strncmp(argv[1], "ipmi", 4) && strncmp(argv[1], "sol", 3))) {
printf_channel_usage(); printf_channel_usage();
return (-1); return (-1);
} }
if (argc == 3) { if (argc == 3) {
/* TODO - validate channel */ if (is_ipmi_channel_num(argv[1], &channel) != 0) {
if (str2uchar(argv[2], &ch) != 0) {
lprintf(LOG_ERR, "Numeric value expected, but '%s' given.", argv[2]);
return (-1); return (-1);
} }
} }
retval = ipmi_get_channel_cipher_suites(intf, retval = ipmi_get_channel_cipher_suites(intf,
argv[1], /* ipmi | sol */ argv[1], /* ipmi | sol */
ch); channel);
} else { } else {
printf("Invalid CHANNEL command: %s\n", argv[0]); printf("Invalid CHANNEL command: %s\n", argv[0]);
printf_channel_usage(); printf_channel_usage();

17
lib/ipmi_user.c
View File

@ -559,8 +559,7 @@ ipmi_user_summary(struct ipmi_intf *intf, int argc, char **argv)
if (argc == 1) { if (argc == 1) {
channel = 0x0E; /* Ask about the current channel */ channel = 0x0E; /* Ask about the current channel */
} else if (argc == 2) { } else if (argc == 2) {
if (str2uchar(argv[1], &channel) != 0) { if (is_ipmi_channel_num(argv[1], &channel) != 0) {
lprintf(LOG_ERR, "Invalid channel: %s", argv[1]);
return (-1); return (-1);
} }
} else { } else {
@ -578,8 +577,7 @@ ipmi_user_list(struct ipmi_intf *intf, int argc, char **argv)
if (argc == 1) { if (argc == 1) {
channel = 0x0E; /* Ask about the current channel */ channel = 0x0E; /* Ask about the current channel */
} else if (argc == 2) { } else if (argc == 2) {
if (str2uchar(argv[1], &channel) != 0) { if (is_ipmi_channel_num(argv[1], &channel) != 0) {
lprintf(LOG_ERR, "Invalid channel: %s", argv[1]);
return (-1); return (-1);
} }
} else { } else {
@ -640,18 +638,13 @@ ipmi_user_priv(struct ipmi_intf *intf, int argc, char **argv)
return (-1); return (-1);
} }
if (argc == 4) { if (argc == 4) {
if (str2uchar(argv[3], &channel) != 0) { if (is_ipmi_channel_num(argv[3], &channel) != 0) {
lprintf(LOG_ERR, "Invalid channel: %s", argv[3]);
return (-1); return (-1);
} }
channel = (channel & 0x0f); channel = (channel & 0x0f);
} }
if ((str2uchar(argv[2], &priv_level) != 0) if (is_ipmi_user_priv_limit(argv[2], &priv_level) != 0
|| is_ipmi_user_priv_limit(priv_level) != 0) { && is_ipmi_user_id(argv[1], &user_id)) {
lprintf(LOG_ERR, "Invalid privilege level: %s", argv[2]);
return (-1);
}
if (is_ipmi_user_id(argv[1], &user_id)) {
return (-1); return (-1);
} }
priv_level = (priv_level & 0x0f); priv_level = (priv_level & 0x0f);