deepblue/ipmitool
1
0
Fork 0
mirror of https://github.com/ipmitool/ipmitool.git synced 2026-06-24 06:11:36 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

ID: 257 ipmitool exec segfaults if invalid input given

Browse Source 
Commit mitigates segfault in 'exec'/ipmishell when
invalid input is given. Code expects another _'_ or _"_ to come, but
if it doesn't, it ends up r/w unallocated memory.
This commit is contained in:
Zdenek Styblik
2013-07-16 04:12:09 +00:00
parent fb5d8559e6
commit 8a40297308
1 changed files with 8 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
ipmitool/src/ipmishell.c
View File

@@ -146,7 +146,7 @@ int ipmi_shell_main(struct ipmi_intf * intf, int argc, char ** argv)
while (*ptr != '\0') {
if (*ptr == '"') {
ptr++;
while (*ptr != '"') {
while (*ptr != '"' && *ptr != '\0') {
if (isspace((int)*ptr))
*ptr = '~';
ptr++;
@@ -154,7 +154,7 @@ int ipmi_shell_main(struct ipmi_intf * intf, int argc, char ** argv)
}
if (*ptr == '\'') {
ptr++;
while (*ptr != '\'') {
while (*ptr != '\'' && *ptr != '\0') {
if (isspace((int)*ptr))
*ptr = '~';
ptr++;
@@ -174,7 +174,7 @@ int ipmi_shell_main(struct ipmi_intf * intf, int argc, char ** argv)
ptr = *ap;
if (*ptr == '\'') {
memmove(ptr, ptr+1, strlen(ptr));
while (*ptr != '\'') {
while (*ptr != '\'' && *ptr != '\0') {
if (*ptr == '~')
*ptr = ' ';
ptr++;
@@ -183,7 +183,7 @@ int ipmi_shell_main(struct ipmi_intf * intf, int argc, char ** argv)
}
if (*ptr == '"') {
memmove(ptr, ptr+1, strlen(ptr));
while (*ptr != '"') {
while (*ptr != '"' && *ptr != '\0') {
if (*ptr == '~')
*ptr = ' ';
ptr++;
@@ -366,7 +366,7 @@ int ipmi_exec_main(struct ipmi_intf * intf, int argc, char ** argv)
while (*ptr != '\0') {
if (*ptr == '"') {
ptr++;
while (*ptr != '"') {
while (*ptr != '"' && *ptr != '\0') {
if (isspace((int)*ptr))
*ptr = '~';
ptr++;
@@ -374,7 +374,7 @@ int ipmi_exec_main(struct ipmi_intf * intf, int argc, char ** argv)
}
if (*ptr == '\'') {
ptr++;
while (*ptr != '\'') {
while (*ptr != '\'' && *ptr != '\0') {
if (isspace((int)*ptr))
*ptr = '~';
ptr++;
@@ -405,7 +405,7 @@ int ipmi_exec_main(struct ipmi_intf * intf, int argc, char ** argv)
tmp = __argv[__argc-1];
if (*tmp == '\'') {
memmove(tmp, tmp+1, strlen(tmp));
while (*tmp != '\'') {
while (*tmp != '\'' && *tmp != '\0') {
if (*tmp == '~')
*tmp = ' ';
tmp++;
@@ -414,7 +414,7 @@ int ipmi_exec_main(struct ipmi_intf * intf, int argc, char ** argv)
}
if (*tmp == '"') {
memmove(tmp, tmp+1, strlen(tmp));
while (*tmp != '"') {
while (*tmp != '"' && *tmp != '\0') {
if (*tmp == '~')
*tmp = ' ';
tmp++;