fix xalarm not reject alarm msg exceeds max length

fix-xalarm-not-reject-alarm-msg-exceeds-max-length.patch

@@ -0,0 +1,29 @@
+From 91110be161465814c44fea6f3e3280f8648df597 Mon Sep 17 00:00:00 2001
+From: caixiaomeng <caixiaomeng2@huawei.com>
+Date: Thu, 7 Nov 2024 11:44:26 +0800
+Subject: [PATCH] fix xalarm not reject alarm msg exceeds max length
+
+---
+ src/libso/xalarm/register_xalarm.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/src/libso/xalarm/register_xalarm.c b/src/libso/xalarm/register_xalarm.c
+index fe15dc8..1e05c6b 100644
+--- a/src/libso/xalarm/register_xalarm.c
++++ b/src/libso/xalarm/register_xalarm.c
+@@ -353,6 +353,11 @@ int xalarm_Report(unsigned short usAlarmId, unsigned char ucAlarmLevel,
+         return -1;
+     }
+ 
++    if (pucParas == NULL || (int)strlen(pucParas) > MAX_PARAS_LEN) {
++        fprintf(stderr, "%s: alarm info invalid\n", __func__);
++        return -1;
++    }
++
+     if (memset(&info, 0, sizeof(struct alarm_info)) == NULL) {
+         fprintf(stderr, "%s: memset info failed, ret: %d\n", __func__, ret);
+         return -1;
+-- 
+2.33.0
+
+

sysSentry.spec

@@ -4,7 +4,7 @@
 Summary: System Inspection Framework
 Name: sysSentry
 Version: 1.0.2
-Release: 21
+Release: 22
 License: Mulan PSL v2
 Group: System Environment/Daemons
 Source0: https://gitee.com/openeuler/sysSentry/releases/download/v%{version}/%{name}-%{version}.tar.gz
@@ -32,6 +32,7 @@ Patch19:   fix-uint8-bug-and-change-isolation-default-value.patch
 Patch20:   fix-write-file-return-code-bug.patch
 Patch21:   update-the-commit-of-the-log-level-and-format-of-sys.patch
 Patch22:   add-boundary-check-for-settings.patch
+Patch23:   fix-xalarm-not-reject-alarm-msg-exceeds-max-length.patch
 
 BuildRequires: cmake gcc-c++
 BuildRequires: python3 python3-setuptools
@@ -221,6 +222,12 @@ rm -rf %{buildroot}
 %attr(0550,root,root) %{python3_sitelib}/syssentry/bmc_alarm.py
 
 %changelog
+* Thu Nov 7 2024 caixiaomeng <caixiaomeng2@huawei.com> - 1.0.2-22
+- Type:bugfix
+- CVE:NA
+- SUG:NA
+- DESC: fix xalarm not reject alarm msg exceeds max length
+
 * Wed Nov 6 2024 luckky <guodashun1@huawei.com> - 1.0.2-21
 - Type:bugfix
 - CVE:NA