From be35514c91d1d4606169f4444d2fa2c7ab6d1fd2 Mon Sep 17 00:00:00 2001
From: Alex Campbell <alex.campbell@nasa.gov>
Date: Tue, 2 Feb 2021 09:50:45 -0500
Subject: [PATCH] Fix #546, add argument validation

---
 fsw/cfe-core/src/es/cfe_es_api.c  | 2 +-
 fsw/cfe-core/src/sb/cfe_sb_api.c  | 6 ++++++
 fsw/cfe-core/src/sb/cfe_sb_util.c | 8 +++++++-
 3 files changed, 14 insertions(+), 2 deletions(-)

diff --git a/fsw/cfe-core/src/es/cfe_es_api.c b/fsw/cfe-core/src/es/cfe_es_api.c
index 1c9e4baf3..6b1afe2f9 100644
--- a/fsw/cfe-core/src/es/cfe_es_api.c
+++ b/fsw/cfe-core/src/es/cfe_es_api.c
@@ -853,7 +853,7 @@ int32 CFE_ES_GetAppName(char *AppName, CFE_ES_ResourceID_t AppId, size_t BufferL
    int32 Result;
    CFE_ES_AppRecord_t *AppRecPtr;
 
-   if (BufferLength == 0 || AppName == NULL)
+   if (BufferLength == 0 || AppName == NULL || BufferLength > OS_MAX_API_NAME)
    {
        return CFE_ES_BAD_ARGUMENT;
    }
diff --git a/fsw/cfe-core/src/sb/cfe_sb_api.c b/fsw/cfe-core/src/sb/cfe_sb_api.c
index 1cf339ffb..9f651cba3 100644
--- a/fsw/cfe-core/src/sb/cfe_sb_api.c
+++ b/fsw/cfe-core/src/sb/cfe_sb_api.c
@@ -2080,6 +2080,12 @@ CFE_SB_Buffer_t *CFE_SB_ZeroCopyGetPtr(size_t MsgSize,
    CFE_SB_ZeroCopyD_t  *zcd = NULL;
    CFE_SB_BufferD_t    *bd = NULL;
 
+    if(MsgSize > CFE_MISSION_SB_MAX_SB_MSG_SIZE)
+    {
+        CFE_ES_WriteToSysLog(" CFE_SB:ZeroCopyGetPtr-Failed, MsgSize is too large\n");
+        return NULL;
+    }
+
     CFE_SB_LockSharedData(__func__,__LINE__);
 
     /* Allocate a new zero copy descriptor from the SB memory pool.*/
diff --git a/fsw/cfe-core/src/sb/cfe_sb_util.c b/fsw/cfe-core/src/sb/cfe_sb_util.c
index 119c067b7..e8501a49b 100644
--- a/fsw/cfe-core/src/sb/cfe_sb_util.c
+++ b/fsw/cfe-core/src/sb/cfe_sb_util.c
@@ -160,7 +160,13 @@ void CFE_SB_SetUserDataLength(CFE_MSG_Message_t *MsgPtr, size_t DataLength)
         HdrSize = CFE_SB_MsgHdrSize(MsgPtr);
         TotalMsgSize = HdrSize + DataLength;
     
-        CFE_MSG_SetSize(MsgPtr, TotalMsgSize);
+        if(TotalMsgSize <= CFE_MISSION_SB_MAX_SB_MSG_SIZE){
+            CFE_MSG_SetSize(MsgPtr, TotalMsgSize);
+        }
+        else
+        {
+            CFE_ES_WriteToSysLog("CFE_SB:SetUserDataLength-Failed TotalMsgSize too large\n");  
+        }   
     }
 }/* end CFE_SB_SetUserDataLength */