deepblue/ipmitool
1
0
Fork 0
mirror of https://github.com/ipmitool/ipmitool.git synced 2025-05-10 18:47:22 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

ID: 3528371 - 'lib/ipmi_sensor.c' - possible int *flow

Browse Source 
Commit replaces strtod() calls with str2double() ones in order to mitigate
possible *flow via user input.

Reported-by: Dune Idaho
This commit is contained in:
Zdenek Styblik 2013-05-22 09:45:30 +00:00
parent a8f6341728
commit c5324e879c
1 changed files with 36 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

43
ipmitool/lib/ipmi_sensor.c
View File

@ -567,9 +567,21 @@ ipmi_sensor_set_threshold(struct ipmi_intf *intf, int argc, char **argv)
return -1;
}
allUpper = 1;
setting1 = (double) strtod(argv[2], NULL);
setting2 = (double) strtod(argv[3], NULL);
setting3 = (double) strtod(argv[4], NULL);
if (str2double(argv[2], &setting1) != 0) {
lprintf(LOG_ERR, "Given unc '%s' is invalid.",
argv[2]);
return (-1);
}
if (str2double(argv[3], &setting2) != 0) {
lprintf(LOG_ERR, "Given ucr '%s' is invalid.",
argv[3]);
return (-1);
}
if (str2double(argv[4], &setting3) != 0) {
lprintf(LOG_ERR, "Given unr '%s' is invalid.",
argv[4]);
return (-1);
}
} else if (strncmp(thresh, "lower", 5) == 0) {
if (argc < 5) {
lprintf(LOG_ERR,
@ -577,11 +589,22 @@ ipmi_sensor_set_threshold(struct ipmi_intf *intf, int argc, char **argv)
return -1;
}
allLower = 1;
setting1 = (double) strtod(argv[2], NULL);
setting2 = (double) strtod(argv[3], NULL);
setting3 = (double) strtod(argv[4], NULL);
if (str2double(argv[2], &setting1) != 0) {
lprintf(LOG_ERR, "Given lnc '%s' is invalid.",
argv[2]);
return (-1);
}
if (str2double(argv[3], &setting2) != 0) {
lprintf(LOG_ERR, "Given lcr '%s' is invalid.",
argv[3]);
return (-1);
}
if (str2double(argv[4], &setting3) != 0) {
lprintf(LOG_ERR, "Given lnr '%s' is invalid.",
argv[4]);
return (-1);
}
} else {
setting1 = (double) atof(argv[2]);
if (strncmp(thresh, "unr", 3) == 0)
settingMask = UPPER_NON_RECOV_SPECIFIED;
else if (strncmp(thresh, "ucr", 3) == 0)
@ -600,6 +623,12 @@ ipmi_sensor_set_threshold(struct ipmi_intf *intf, int argc, char **argv)
thresh, id);
return -1;
}
if (str2double(argv[2], &setting1) != 0) {
lprintf(LOG_ERR,
"Given %s threshold value '%s' is invalid.",
thresh, argv[2]);
return (-1);
}
}
printf("Locating sensor record '%s'...\n", id);