deepblue/ipmitool
1
0
Fork 0
mirror of https://github.com/ipmitool/ipmitool.git synced 2025-05-10 18:47:22 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Fixes bug ID:3484936 - missing user input validation in 'lib/ipmi_session.c'

Browse Source 
It replaces strtol() calls with str2uint() ones and adds error messages if
invalid input is given.
This commit is contained in:
Zdenek Styblik 2012-02-06 12:48:09 +00:00
parent 78d7ae8d88
commit bb632de830
1 changed files with 12 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
ipmitool/lib/ipmi_session.c
View File

@ -400,7 +400,12 @@ ipmi_session_main(struct ipmi_intf * intf, int argc, char ** argv)
if (argc >= 3) if (argc >= 3)
{ {
session_request_type = IPMI_SESSION_REQUEST_BY_ID; session_request_type = IPMI_SESSION_REQUEST_BY_ID;
id_or_handle = strtol(argv[2], NULL, 16); if (str2uint(argv[2], &id_or_handle) != 0) {
lprintf(LOG_ERR, "HEX number expected, but '%s' given.",
argv[2]);
printf_session_usage();
retval = -1;
}
} }
else else
{ {
@ -414,7 +419,12 @@ ipmi_session_main(struct ipmi_intf * intf, int argc, char ** argv)
if (argc >= 3) if (argc >= 3)
{ {
session_request_type = IPMI_SESSION_REQUEST_BY_HANDLE; session_request_type = IPMI_SESSION_REQUEST_BY_HANDLE;
id_or_handle = strtol(argv[2], NULL, 16); if (str2uint(argv[2], &id_or_handle) != 0) {
lprintf(LOG_ERR, "HEX number expected, bud '%s' given.",
argv[2]);
printf_session_usage();
retval = -1;
}
} }
else else
{ {