#24 ipmitool doesn't validate parameters completely

[Tony]

ipmitool -I open lan print_print_print_we_like_printing
The above command gives the same result as the below command
ipmitool -I open lan print

This is not the way programs are normally expected to operate

The reason is that all strings are compared with strncmp() so that any extra characters are ignored. Unfortunately there are some ipmi parameters that have one being the leading sub-string of the other (an example is "event_msg_intr" and "event_msg"). It's not obvious that the string comparisons need to be performed in a particular order so that the longest strings are checked first, this is a minefield for people maintaining the code, and can cause problems for the user. For example, if a user makes a typo while entering "event_msg_intr", it may be interpreted by ipmitool as "event_msg".

It should just use strcmp(), which will be less error prone and faster.

[Alexander Amelkin]

There are lots of places where strncmp() is used with n argument calculated via __maxlen macro that calls strlen(). This per se looks useless to me and defeats the possible purpose of using strncmp(). However in lib/ipmi-mc.c that macro is not used, hence your problem. I think that strncmp() and __maxlen() must be replaced in most places with just strcmp(). That will also get rid of warnings related to __maxlen() macro definition.

When I have time, I'll look into it.

[Alexander Amelkin]

Fixed on GitHub, see https://github.com/ipmitool/ipmitool/issues/104