deepblue/ipmitool
1
0
Fork 0
mirror of https://github.com/ipmitool/ipmitool.git synced 2025-05-10 18:47:22 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

ID: 3528308 - 'lib/ipmi_hpmfwupg.c' - possible int *flow

Browse Source 
Commit replaces strtol() calls with str2uchar() ones in order to mitigate
possible *flow via user input.
Also, limits are applied to 'Component ID' and 'Properties selector' now.

Reported-by: Dune Idaho
This commit is contained in:
Zdenek Styblik 2013-05-22 09:50:10 +00:00
parent c5324e879c
commit d82a29d813
1 changed files with 13 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
ipmitool/lib/ipmi_hpmfwupg.c
View File

@ -3826,8 +3826,19 @@ int ipmi_hpmfwupg_main(struct ipmi_intf * intf, int argc, char ** argv)
else if ( (argc == 3) && (strcmp(argv[0], "compprop") == 0) )
{
struct HpmfwupgGetComponentPropertiesCtx cmdCtx;
cmdCtx.req.componentId = strtol(argv[1], NULL, 0);
cmdCtx.req.selector = strtol(argv[2], NULL, 0);
if (str2uchar(argv[1], &(cmdCtx.req.componentId)) != 0
|| cmdCtx.req.componentId > 7) {
lprintf(LOG_ERR, "Given Component ID '%s' is invalid.", argv[1]);
lprintf(LOG_ERR, "Valid Compoment ID is: <0..7>");
return (-1);
}
if (str2uchar(argv[2], &(cmdCtx.req.selector)) != 0
|| cmdCtx.req.selector > 4) {
lprintf(LOG_ERR, "Given Properties selector '%s' is invalid.",
argv[2]);
lprintf(LOG_ERR, "Valid Properties selector is: <0..4>");
return (-1);
}
verbose++;
rc = HpmfwupgGetComponentProperties(intf, &cmdCtx);
}