Menu
▾
▴
[Ipmitool-cvs] ipmitool/lib ipmi_session.c,1.14,1.15
|
From: Zdenek S. <st...@us...> - 2012-02-06 12:48:13
|
Update of /cvsroot/ipmitool/ipmitool/lib
In directory vz-cvs-4.sog:/tmp/cvs-serv17962/lib
Modified Files:
ipmi_session.c
Log Message:
Fixes bug ID:3484936 - missing user input validation in 'lib/ipmi_session.c'
It replaces strtol() calls with str2uint() ones and adds error messages if
invalid input is given.
Index: ipmi_session.c
===================================================================
RCS file: /cvsroot/ipmitool/ipmitool/lib/ipmi_session.c,v
retrieving revision 1.14
retrieving revision 1.15
diff -C2 -d -r1.14 -r1.15
*** ipmi_session.c 19 Mar 2006 17:59:39 -0000 1.14
--- ipmi_session.c 6 Feb 2012 12:48:09 -0000 1.15
***************
*** 401,405 ****
{
session_request_type = IPMI_SESSION_REQUEST_BY_ID;
! id_or_handle = strtol(argv[2], NULL, 16);
}
else
--- 401,410 ----
{
session_request_type = IPMI_SESSION_REQUEST_BY_ID;
! if (str2uint(argv[2], &id_or_handle) != 0) {
! lprintf(LOG_ERR, "HEX number expected, but '%s' given.",
! argv[2]);
! printf_session_usage();
! retval = -1;
! }
}
else
***************
*** 415,419 ****
{
session_request_type = IPMI_SESSION_REQUEST_BY_HANDLE;
! id_or_handle = strtol(argv[2], NULL, 16);
}
else
--- 420,429 ----
{
session_request_type = IPMI_SESSION_REQUEST_BY_HANDLE;
! if (str2uint(argv[2], &id_or_handle) != 0) {
! lprintf(LOG_ERR, "HEX number expected, bud '%s' given.",
! argv[2]);
! printf_session_usage();
! retval = -1;
! }
}
else
|