Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

solving out of boundaries vulnerability in fpmlink.cpp #3456

Open
wants to merge 5 commits into
base: master
Choose a base branch
from
Open

solving out of boundaries vulnerability in fpmlink.cpp #3456

wants to merge 5 commits into from

Conversation

marwanelmessiry
Copy link

What I did
i added try and catch in line 211

Why I did it
to solve vulnerability as it is adding m_messageBuffer to m_pos without ensuring it is more than the m_bufSize - m_pos

How I verified it
by using checkmarx as it was marked high severity risk at the beginning and then it is solved after the edits

@mssonicbld
Copy link
Collaborator

/azp run

@azure-pipelines Azure Pipelines
Copy link

Azure Pipelines successfully started running 1 pipeline(s).

@prsunny prsunny requested a review from dgsudharsan January 8, 2025 17:58
prsunny
prsunny reviewed Jan 8, 2025
View reviewed changes
fpmsyncd/fpmlink.cpp Outdated
@@ -208,7 +208,14 @@ uint64_t FpmLink::readData()
size_t start = 0, left;
ssize_t read;

read = ::read(m_connection_socket, m_messageBuffer + m_pos, m_bufSize - m_pos);
try
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

please fix alignment

@mssonicbld
Copy link
Collaborator

/azp run

@azure-pipelines Azure Pipelines
Copy link

Azure Pipelines successfully started running 1 pipeline(s).

@mssonicbld
Copy link
Collaborator

/azp run

@azure-pipelines Azure Pipelines
Copy link

Azure Pipelines successfully started running 1 pipeline(s).

@mssonicbld
Copy link
Collaborator

/azp run

@azure-pipelines Azure Pipelines
Copy link

Azure Pipelines successfully started running 1 pipeline(s).

dgsudharsan
dgsudharsan requested changes Feb 6, 2025
View reviewed changes
fpmsyncd/fpmlink.cpp
@@ -208,7 +208,14 @@ uint64_t FpmLink::readData()
size_t start = 0, left;
ssize_t read;

try
{
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you please correct the indentation?

mclagsyncd/mclaglink.cpp
@@ -1877,8 +1877,14 @@ uint64_t MclagLink::readData()
size_t start = 0, left = 0;
ssize_t read = 0;
char * msg = NULL;

try{
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please try to have braces in newline.

@mssonicbld
Copy link
Collaborator

/azp run

@azure-pipelines Azure Pipelines
Copy link

Azure Pipelines successfully started running 1 pipeline(s).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@prsunny prsunny prsunny left review comments

@dgsudharsan dgsudharsan dgsudharsan requested changes

Requested changes must be addressed to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@marwanelmessiry @mssonicbld @dgsudharsan @prsunny