From bb632de830c06af6f33091821d34e14b4c0c3eda Mon Sep 17 00:00:00 2001
From: Zdenek Styblik <zdenek.styblik@gmail.com>
Date: Mon, 6 Feb 2012 12:48:09 +0000
Subject: [PATCH] Fixes bug ID:3484936 - missing user input validation in
 'lib/ipmi_session.c'

It replaces strtol() calls with str2uint() ones and adds error messages if
invalid input is given.
---
 ipmitool/lib/ipmi_session.c | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

diff --git a/ipmitool/lib/ipmi_session.c b/ipmitool/lib/ipmi_session.c
index 4c2e5fd..ff84961 100644
--- a/ipmitool/lib/ipmi_session.c
+++ b/ipmitool/lib/ipmi_session.c
@@ -400,7 +400,12 @@ ipmi_session_main(struct ipmi_intf * intf, int argc, char ** argv)
 				if (argc >= 3)
 				{
 					session_request_type = IPMI_SESSION_REQUEST_BY_ID;
-					id_or_handle = strtol(argv[2], NULL, 16);
+					if (str2uint(argv[2], &id_or_handle) != 0) {
+						lprintf(LOG_ERR, "HEX number expected, but '%s' given.",
+								argv[2]);
+						printf_session_usage();
+						retval = -1;
+					}
 				}
 				else
 				{
@@ -414,7 +419,12 @@ ipmi_session_main(struct ipmi_intf * intf, int argc, char ** argv)
 				if (argc >= 3)
 				{
 					session_request_type = IPMI_SESSION_REQUEST_BY_HANDLE;
-					id_or_handle = strtol(argv[2], NULL, 16);
+					if (str2uint(argv[2], &id_or_handle) != 0) {
+						lprintf(LOG_ERR, "HEX number expected, bud '%s' given.",
+								argv[2]);
+						printf_session_usage();
+						retval = -1;
+					}
 				}
 				else
 				{