Skip to content

Commit

Permalink
Fix nasa#547, add null pointer checks
Browse files Browse the repository at this point in the history
  • Loading branch information
@zanzaben
zanzaben committed Mar 2, 2021
1 parent 454f035 commit f5938b7
Show file tree
Hide file tree
Showing 9 changed files with 232 additions and 57 deletions.
92 changes: 63 additions & 29 deletions fsw/cfe-core/src/es/cfe_es_api.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1590,6 +1590,11 @@ int32 CFE_ES_WriteToSysLog(const char *SpecStringPtr, ...)
int32 ReturnCode;
va_list ArgPtr;

if (SpecStringPtr == NULL)
{
return CFE_ES_BAD_ARGUMENT;
}

va_start(ArgPtr, SpecStringPtr);
CFE_ES_SysLog_vsnprintf(TmpString, sizeof(TmpString), SpecStringPtr, ArgPtr);
va_end(ArgPtr);
Expand Down Expand Up @@ -1621,6 +1626,11 @@ uint32 CFE_ES_CalculateCRC(const void *DataPtr, size_t DataLength, uint32 InputC
const uint8 *BufPtr;
uint8 ByteValue;

if (DataPtr == NULL || DataLength == 0)
{
return InputCRC;
}

static const uint16 CrcTable[256]=
{

Expand Down Expand Up @@ -1715,46 +1725,60 @@ int32 CFE_ES_RegisterCDS(CFE_ES_CDSHandle_t *CDSHandlePtr, size_t BlockSize, con
/* Check to make sure calling application is legit */
Status = CFE_ES_GetAppID(&ThisAppId);

if ( Status != CFE_SUCCESS ) /* Application ID was invalid */
{
CFE_ES_WriteToSysLog("CFE_CDS:Register-Bad AppId context\n");
}
else if (!CFE_ES_Global.CDSIsAvailable)
if ( Status != CFE_SUCCESS || CDSHandlePtr == NULL || Name == NULL) /* Application ID was invalid */
{
CFE_ES_WriteToSysLog("CFE_CDS:Register-CDS not available\n");
Status = CFE_ES_NOT_IMPLEMENTED;
CFE_ES_WriteToSysLog("CFE_ES_RegisterCDS:-Failed invalid arguments\n");
Status = CFE_ES_BAD_ARGUMENT;
}
else
{
/* Assume we can't make a CDS and return a bad handle for now */
*CDSHandlePtr = CFE_ES_CDS_BAD_HANDLE;

/* Make sure specified CDS name is not too long or too short */
NameLen = strlen(Name);
if ((NameLen > CFE_MISSION_ES_CDS_MAX_NAME_LENGTH) || (NameLen == 0))
{
Status = CFE_ES_CDS_INVALID_NAME;
/* Initialize output to safe value, in case this fails */
*CDSHandlePtr = CFE_ES_RESOURCEID_UNDEFINED;

/* Perform a buffer overrun safe copy of name for debug log message */
/* Check to make sure calling application is legit */
Status = CFE_ES_GetAppID(&ThisAppId);

strncpy(CDSName, Name, sizeof(CDSName) - 1);
CDSName[sizeof(CDSName) - 1] = '\0';
CFE_ES_WriteToSysLog("CFE_CDS:Register-CDS Name (%s) is too long\n", CDSName);
if ( Status != CFE_SUCCESS ) /* Application ID was invalid */
{
CFE_ES_WriteToSysLog("CFE_CDS:Register-Bad AppId context\n");
}
else if (!CFE_ES_Global.CDSIsAvailable)
{
CFE_ES_WriteToSysLog("CFE_CDS:Register-CDS not available\n");
Status = CFE_ES_NOT_IMPLEMENTED;
}
else
{
/* Modify specified name to be processor specific name */
/* of the form "AppName.Name" */
CFE_ES_FormCDSName(CDSName, Name, ThisAppId);
/* Assume we can't make a CDS and return a bad handle for now */
*CDSHandlePtr = CFE_ES_CDS_BAD_HANDLE;

/* Create CDS and designate it as NOT being a Critical Table */
Status = CFE_ES_RegisterCDSEx(CDSHandlePtr, BlockSize, CDSName, false);
/* Make sure specified CDS name is not too long or too short */
NameLen = strlen(Name);
if ((NameLen > CFE_MISSION_ES_CDS_MAX_NAME_LENGTH) || (NameLen == 0))
{
Status = CFE_ES_CDS_INVALID_NAME;

/* If size is unacceptable, log it */
if (Status == CFE_ES_CDS_INVALID_SIZE)
{
CFE_ES_WriteToSysLog("CFE_CDS:Register-CDS %s has invalid size (%lu)\n", Name, (unsigned long)BlockSize);
}
/* Perform a buffer overrun safe copy of name for debug log message */

strncpy(CDSName, Name, sizeof(CDSName) - 1);
CDSName[sizeof(CDSName) - 1] = '\0';
CFE_ES_WriteToSysLog("CFE_CDS:Register-CDS Name (%s) is too long\n", CDSName);
}
else
{
/* Modify specified name to be processor specific name */
/* of the form "AppName.Name" */
CFE_ES_FormCDSName(CDSName, Name, ThisAppId);

/* Create CDS and designate it as NOT being a Critical Table */
Status = CFE_ES_RegisterCDSEx(CDSHandlePtr, BlockSize, CDSName, false);

/* If size is unacceptable, log it */
if (Status == CFE_ES_CDS_INVALID_SIZE)
{
CFE_ES_WriteToSysLog("CFE_CDS:Register-CDS %s has invalid size (%lu)\n", Name, (unsigned long)BlockSize);
}
}
}
}

Expand Down Expand Up @@ -1863,6 +1887,11 @@ CFE_Status_t CFE_ES_GetCDSBlockName(char *BlockName, CFE_ES_CDSHandle_t BlockId,
*/
int32 CFE_ES_CopyToCDS(CFE_ES_CDSHandle_t Handle, void *DataToCopy)
{
if (DataToCopy == NULL)
{
return CFE_ES_BAD_ARGUMENT;
}

return CFE_ES_CDSBlockWrite(Handle, DataToCopy);
} /* End of CFE_ES_CopyToCDS() */

Expand All @@ -1874,6 +1903,11 @@ int32 CFE_ES_CopyToCDS(CFE_ES_CDSHandle_t Handle, void *DataToCopy)
*/
int32 CFE_ES_RestoreFromCDS(void *RestoreToMemory, CFE_ES_CDSHandle_t Handle)
{
if (RestoreToMemory == NULL)
{
return CFE_ES_BAD_ARGUMENT;
}

return CFE_ES_CDSBlockRead(RestoreToMemory, Handle);
} /* End of CFE_ES_RestoreFromCDS() */

Expand Down
20 changes: 20 additions & 0 deletions fsw/cfe-core/src/es/cfe_es_mempool.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -411,6 +411,11 @@ int32 CFE_ES_GetPoolBuf(CFE_ES_MemPoolBuf_t *BufPtr,
CFE_ES_MemPoolRecord_t *PoolRecPtr;
size_t DataOffset;

if (BufPtr == NULL)
{
return CFE_ES_BAD_ARGUMENT;
}

PoolRecPtr = CFE_ES_LocateMemPoolRecordByID(Handle);

/* basic sanity check */
Expand Down Expand Up @@ -473,6 +478,11 @@ int32 CFE_ES_GetPoolBufInfo(CFE_ES_MemHandle_t Handle,
size_t DataOffset;
size_t DataSize;

if (BufPtr == NULL)
{
return CFE_ES_BAD_ARGUMENT;
}

PoolRecPtr = CFE_ES_LocateMemPoolRecordByID(Handle);

/* basic sanity check */
Expand Down Expand Up @@ -527,6 +537,11 @@ int32 CFE_ES_PutPoolBuf(CFE_ES_MemHandle_t Handle,
size_t DataOffset;
int32 Status;

if (BufPtr == NULL)
{
return CFE_ES_BAD_ARGUMENT;
}

PoolRecPtr = CFE_ES_LocateMemPoolRecordByID(Handle);

/* basic sanity check */
Expand Down Expand Up @@ -605,6 +620,11 @@ int32 CFE_ES_GetMemPoolStats(CFE_ES_MemPoolStats_t *BufPtr,
uint16 NumBuckets;
uint16 Idx;

if (BufPtr == NULL)
{
return CFE_ES_BAD_ARGUMENT;
}

PoolRecPtr = CFE_ES_LocateMemPoolRecordByID(Handle);

/* basic sanity check */
Expand Down
12 changes: 12 additions & 0 deletions fsw/cfe-core/src/evs/cfe_evs.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -154,6 +154,10 @@ int32 CFE_EVS_SendEvent (uint16 EventID, uint16 EventType, const char *Spec, ...
va_list Ptr;
EVS_AppData_t *AppDataPtr;

if(Spec == NULL){
return CFE_EVS_INVALID_PARAMETER;
}

/* Query and verify the caller's AppID */
Status = EVS_GetCurrentContext(&AppDataPtr, &AppID);
if (Status == CFE_SUCCESS)
Expand Down Expand Up @@ -190,6 +194,10 @@ int32 CFE_EVS_SendEventWithAppID (uint16 EventID, uint16 EventType, CFE_ES_AppId
va_list Ptr;
EVS_AppData_t *AppDataPtr;

if(Spec == NULL){
return CFE_EVS_INVALID_PARAMETER;
}

AppDataPtr = EVS_GetAppDataByID (AppID);
if (AppDataPtr == NULL)
{
Expand Down Expand Up @@ -225,6 +233,10 @@ int32 CFE_EVS_SendTimedEvent (CFE_TIME_SysTime_t Time, uint16 EventID, uint16 Ev
va_list Ptr;
EVS_AppData_t *AppDataPtr;

if(Spec == NULL){
return CFE_EVS_INVALID_PARAMETER;
}

/* Query and verify the caller's AppID */
Status = EVS_GetCurrentContext(&AppDataPtr, &AppID);
if (Status == CFE_SUCCESS)
Expand Down
23 changes: 20 additions & 3 deletions fsw/cfe-core/src/fs/cfe_fs_api.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -50,6 +50,11 @@ int32 CFE_FS_ReadHeader(CFE_FS_Header_t *Hdr, osal_id_t FileDes)
{
int32 Result;
int32 EndianCheck = 0x01020304;

if (Hdr == NULL)
{
return CFE_FS_BAD_ARGUMENT;
}

/*
** Ensure that we are at the start of the file...
Expand Down Expand Up @@ -81,9 +86,16 @@ int32 CFE_FS_ReadHeader(CFE_FS_Header_t *Hdr, osal_id_t FileDes)
*/
void CFE_FS_InitHeader(CFE_FS_Header_t *Hdr, const char *Description, uint32 SubType)
{
memset(Hdr, 0, sizeof(CFE_FS_Header_t));
strncpy((char *)Hdr->Description, Description, sizeof(Hdr->Description) - 1);
Hdr->SubType = SubType;
if(Hdr == NULL || Description == NULL)
{
CFE_ES_WriteToSysLog("CFE_FS:InitHeader-Failed invalid arguments\n");
}
else
{
memset(Hdr, 0, sizeof(CFE_FS_Header_t));
strncpy((char *)Hdr->Description, Description, sizeof(Hdr->Description) - 1);
Hdr->SubType = SubType;
}
}

/*
Expand All @@ -96,6 +108,11 @@ int32 CFE_FS_WriteHeader(osal_id_t FileDes, CFE_FS_Header_t *Hdr)
int32 EndianCheck = 0x01020304;
CFE_ES_AppId_t AppID;

if (Hdr == NULL)
{
return CFE_FS_BAD_ARGUMENT;
}

/*
** Ensure that we are at the start of the file...
*/
Expand Down
20 changes: 19 additions & 1 deletion fsw/cfe-core/src/inc/cfe_error.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1285,7 +1285,16 @@ typedef int32 CFE_Status_t;
** Error code indicating that the TBL file could not be
** opened by the OS.
*/
#define CFE_TBL_ERR_ACCESS ((CFE_Status_t)0xcc00002c)
#define CFE_TBL_ERR_ACCESS ((CFE_Status_t)0xcc00002c)

/**
* @brief Bad Argument
*
* A parameter given by a caller to a Table API did not pass
* validation checks.
*
*/
#define CFE_TBL_BAD_ARGUMENT ((CFE_Status_t)0xcc00002d)

/**
* @brief Not Implemented
Expand Down Expand Up @@ -1360,6 +1369,15 @@ typedef int32 CFE_Status_t;
*
*/
#define CFE_TIME_CALLBACK_NOT_REGISTERED ((CFE_Status_t)0xce000004)

/**
* @brief Bad Argument
*
* A parameter given by a caller to a TIME Services API did not pass
* validation checks.
*
*/
#define CFE_TIME_BAD_ARGUMENT ((CFE_Status_t)0xce000005)
/**@}*/

/* Compatibility for error names which have been updated */
Expand Down
1 change: 1 addition & 0 deletions fsw/cfe-core/src/sb/cfe_sb_api.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2131,6 +2131,7 @@ CFE_SB_Buffer_t *CFE_SB_ZeroCopyGetPtr(size_t MsgSize,

if (BufferHandle == NULL)
{
CFE_ES_WriteToSysLog(" CFE_SB:ZeroCopyGetPtr-BufferHandle is NULL\n");
return NULL;
}

Expand Down
Loading

0 comments on commit f5938b7

Please sign in to comment.