Skip to content

Commit ddd6ff5

Browse files
jeff-lien-sndkjeff-lien-sndk
committed
ocp: Fix telemetry string log json format parsing
The parsing of the ocp 2.5 telemetry string log fails with buffer overflow errors. The overflows are caused by arrays that aren't long enough to contain the data once converted to a string. This change will fix the overflow failures. Signed-off-by: jeff-lien-sndk <[email protected]> Reivewed-by: brandon-paupore-sndk <[email protected]>
1 parent 647d0a2 commit ddd6ff5

2 files changed

Lines changed: 39 additions & 32 deletions

File tree

plugins/ocp/ocp-nvme.h

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -11,7 +11,7 @@
1111
#if !defined(OCP_NVME) || defined(CMD_HEADER_MULTI_READ)
1212
#define OCP_NVME
1313

14-
#define OCP_PLUGIN_VERSION "2.12.0"
14+
#define OCP_PLUGIN_VERSION "2.15.2"
1515
#include "cmd.h"
1616

1717
PLUGIN(NAME("ocp", "OCP cloud SSD extensions", OCP_PLUGIN_VERSION),

plugins/ocp/ocp-print-json.c

Lines changed: 38 additions & 31 deletions
Original file line numberDiff line numberDiff line change
@@ -762,15 +762,22 @@ static void json_c4_log(struct ocp_device_capabilities_log_page *log_data)
762762
json_free_object(root);
763763
}
764764

765+
/* Array lengths need to be doubled + 2 to handle
766+
* conversion to null terminated strings */
767+
#define RESERVED_ARRAY_LEN 98 /* (2*48) + 2 */
768+
#define GUID_BUFFER_LEN 34 /* (2*GUID_LEN) + 2 */
769+
/* Add one additional space for the null terminating char */
770+
#define FIFO_ARRAY_LEN 17
771+
765772
static void json_c9_log(struct telemetry_str_log_format *log_data, __u8 *log_data_buf,
766773
int total_log_page_size)
767774
{
768775
struct json_object *root = json_create_object();
769-
char res_arr[48];
776+
char res_arr[RESERVED_ARRAY_LEN];
770777
char *res = res_arr;
771-
char guid_buf[GUID_LEN];
778+
char guid_buf[GUID_BUFFER_LEN];
772779
char *guid = guid_buf;
773-
char fifo_arr[16];
780+
char fifo_arr[FIFO_ARRAY_LEN];
774781
char *fifo = fifo_arr;
775782
char buf[128];
776783
//calculating the index value for array
@@ -786,31 +793,31 @@ static void json_c9_log(struct telemetry_str_log_format *log_data, __u8 *log_dat
786793
struct statistics_id_str_table_entry stat_id_str_table_arr[stat_id_index];
787794
struct event_id_str_table_entry event_id_str_table_arr[eve_id_index];
788795
struct vu_event_id_str_table_entry vu_event_id_str_table_arr[vu_eve_index];
789-
__u8 ascii_table_info_arr[ascii_table_index];
790-
char ascii_buf[ascii_table_index];
796+
__u8 ascii_table_info_arr[(2*ascii_table_index) + 2];
797+
char ascii_buf[(2*ascii_table_index) + 2];
791798
char *ascii = ascii_buf;
792799
int j;
793800

794801
json_object_add_value_int(root, "Log Page Version",
795802
le16_to_cpu(log_data->log_page_version));
796803

797-
memset((__u8 *)res, 0, 48);
804+
memset((__u8 *)res, 0, RESERVED_ARRAY_LEN);
798805
for (j = 0; j < 15; j++)
799-
res += sprintf(res, "%d", log_data->reserved1[j]);
800-
json_object_add_value_string(root, "Reserved", res_arr);
806+
res += sprintf(res, "%x", log_data->reserved1[j]);
807+
json_object_add_value_string(root, "Reserved 1", res_arr);
801808

802-
memset((void *)guid, 0, GUID_LEN);
809+
memset((void *)guid, 0, GUID_BUFFER_LEN);
803810
for (j = GUID_LEN - 1; j >= 0; j--)
804811
guid += sprintf(guid, "%02x", log_data->log_page_guid[j]);
805812
json_object_add_value_string(root, "Log page GUID", guid_buf);
806813

807814
json_object_add_value_int(root, "Telemetry String Log Size", le64_to_cpu(log_data->sls));
808815

809816
res = res_arr;
810-
memset((__u8 *)res, 0, 48);
817+
memset((__u8 *)res, 0, RESERVED_ARRAY_LEN);
811818
for (j = 0; j < 24; j++)
812-
res += sprintf(res, "%d", log_data->reserved2[j]);
813-
json_object_add_value_string(root, "Reserved", res_arr);
819+
res += sprintf(res, "%x", log_data->reserved2[j]);
820+
json_object_add_value_string(root, "Reserved 2", res_arr);
814821

815822
json_object_add_value_int(root, "Statistics Identifier String Table Start",
816823
le64_to_cpu(log_data->sits));
@@ -825,106 +832,106 @@ static void json_c9_log(struct telemetry_str_log_format *log_data, __u8 *log_dat
825832
json_object_add_value_int(root, "ASCII Table Size",
826833
le64_to_cpu(log_data->asctsz));
827834

828-
memset((void *)fifo, 0, 16);
835+
memset((void *)fifo, 0, FIFO_ARRAY_LEN);
829836
for (j = 0; j < 16; j++)
830837
fifo += sprintf(fifo, "%c", log_data->fifo1[j]);
831838
json_object_add_value_string(root, "FIFO 1 ASCII String", fifo_arr);
832839

833840
fifo = fifo_arr;
834-
memset((void *)fifo, 0, 16);
841+
memset((void *)fifo, 0, FIFO_ARRAY_LEN);
835842
for (j = 0; j < 16; j++)
836843
fifo += sprintf(fifo, "%c", log_data->fifo2[j]);
837844
json_object_add_value_string(root, "FIFO 2 ASCII String", fifo_arr);
838845

839846
fifo = fifo_arr;
840-
memset((void *)fifo, 0, 16);
847+
memset((void *)fifo, 0, FIFO_ARRAY_LEN);
841848
for (j = 0; j < 16; j++)
842849
fifo += sprintf(fifo, "%c", log_data->fifo3[j]);
843850
json_object_add_value_string(root, "FIFO 3 ASCII String", fifo_arr);
844851

845852
fifo = fifo_arr;
846-
memset((void *)fifo, 0, 16);
853+
memset((void *)fifo, 0, FIFO_ARRAY_LEN);
847854
for (j = 0; j < 16; j++)
848855
fifo += sprintf(fifo, "%c", log_data->fifo4[j]);
849856
json_object_add_value_string(root, "FIFO 4 ASCII String", fifo_arr);
850857

851858
fifo = fifo_arr;
852-
memset((void *)fifo, 0, 16);
859+
memset((void *)fifo, 0, FIFO_ARRAY_LEN);
853860
for (j = 0; j < 16; j++)
854861
fifo += sprintf(fifo, "%c", log_data->fifo5[j]);
855862
json_object_add_value_string(root, "FIFO 5 ASCII String", fifo_arr);
856863

857864
fifo = fifo_arr;
858-
memset((void *)fifo, 0, 16);
865+
memset((void *)fifo, 0, FIFO_ARRAY_LEN);
859866
for (j = 0; j < 16; j++)
860867
fifo += sprintf(fifo, "%c", log_data->fifo6[j]);
861868
json_object_add_value_string(root, "FIFO 6 ASCII String", fifo_arr);
862869

863870
fifo = fifo_arr;
864-
memset((void *)fifo, 0, 16);
871+
memset((void *)fifo, 0, FIFO_ARRAY_LEN);
865872
for (j = 0; j < 16; j++)
866873
fifo += sprintf(fifo, "%c", log_data->fifo7[j]);
867874
json_object_add_value_string(root, "FIFO 7 ASCII String", fifo_arr);
868875

869876
fifo = fifo_arr;
870-
memset((void *)fifo, 0, 16);
877+
memset((void *)fifo, 0, FIFO_ARRAY_LEN);
871878
for (j = 0; j < 16; j++)
872879
fifo += sprintf(fifo, "%c", log_data->fifo8[j]);
873880
json_object_add_value_string(root, "FIFO 8 ASCII String", fifo_arr);
874881

875882
fifo = fifo_arr;
876-
memset((void *)fifo, 0, 16);
883+
memset((void *)fifo, 0, FIFO_ARRAY_LEN);
877884
for (j = 0; j < 16; j++)
878885
fifo += sprintf(fifo, "%c", log_data->fifo9[j]);
879886
json_object_add_value_string(root, "FIFO 9 ASCII String", fifo_arr);
880887

881888
fifo = fifo_arr;
882-
memset((void *)fifo, 0, 16);
889+
memset((void *)fifo, 0, FIFO_ARRAY_LEN);
883890
for (j = 0; j < 16; j++)
884891
fifo += sprintf(fifo, "%c", log_data->fifo10[j]);
885892
json_object_add_value_string(root, "FIFO 10 ASCII String", fifo_arr);
886893

887894
fifo = fifo_arr;
888-
memset((void *)fifo, 0, 16);
895+
memset((void *)fifo, 0, FIFO_ARRAY_LEN);
889896
for (j = 0; j < 16; j++)
890897
fifo += sprintf(fifo, "%c", log_data->fifo11[j]);
891898
json_object_add_value_string(root, "FIFO 11 ASCII String", fifo_arr);
892899

893900
fifo = fifo_arr;
894-
memset((void *)fifo, 0, 16);
901+
memset((void *)fifo, 0, FIFO_ARRAY_LEN);
895902
for (j = 0; j < 16; j++)
896903
fifo += sprintf(fifo, "%c", log_data->fifo12[j]);
897904
json_object_add_value_string(root, "FIFO 12 ASCII String", fifo_arr);
898905

899906
fifo = fifo_arr;
900-
memset((void *)fifo, 0, 16);
907+
memset((void *)fifo, 0, FIFO_ARRAY_LEN);
901908
for (j = 0; j < 16; j++)
902909
fifo += sprintf(fifo, "%c", log_data->fifo13[j]);
903910
json_object_add_value_string(root, "FIFO 13 ASCII String", fifo_arr);
904911

905912
fifo = fifo_arr;
906-
memset((void *)fifo, 0, 16);
913+
memset((void *)fifo, 0, FIFO_ARRAY_LEN);
907914
for (j = 0; j < 16; j++)
908915
fifo += sprintf(fifo, "%c", log_data->fifo14[j]);
909916
json_object_add_value_string(root, "FIFO 14 ASCII String", fifo_arr);
910917

911918
fifo = fifo_arr;
912-
memset((void *)fifo, 0, 16);
919+
memset((void *)fifo, 0, FIFO_ARRAY_LEN);
913920
for (j = 0; j < 16; j++)
914921
fifo += sprintf(fifo, "%c", log_data->fifo15[j]);
915922
json_object_add_value_string(root, "FIFO 15 ASCII String", fifo_arr);
916923

917924
fifo = fifo_arr;
918-
memset((void *)fifo, 0, 16);
925+
memset((void *)fifo, 0, FIFO_ARRAY_LEN);
919926
for (j = 0; j < 16; j++)
920927
fifo += sprintf(fifo, "%c", log_data->fifo16[j]);
921928
json_object_add_value_string(root, "FIFO 16 ASCII String", fifo_arr);
922929

923930
res = res_arr;
924-
memset((__u8 *)res, 0, 48);
931+
memset((__u8 *)res, 0, RESERVED_ARRAY_LEN);
925932
for (j = 0; j < 48; j++)
926-
res += sprintf(res, "%d", log_data->reserved3[j]);
927-
json_object_add_value_string(root, "Reserved", res_arr);
933+
res += sprintf(res, "%x", log_data->reserved3[j]);
934+
json_object_add_value_string(root, "Reserved 3", res_arr);
928935

929936
if (log_data->sitsz != 0) {
930937

0 commit comments

Comments
 (0)