From: Zdenek S. <st...@us...> - 2012-02-06 12:48:13
|
Update of /cvsroot/ipmitool/ipmitool/lib In directory vz-cvs-4.sog:/tmp/cvs-serv17962/lib Modified Files: ipmi_session.c Log Message: Fixes bug ID:3484936 - missing user input validation in 'lib/ipmi_session.c' It replaces strtol() calls with str2uint() ones and adds error messages if invalid input is given. Index: ipmi_session.c =================================================================== RCS file: /cvsroot/ipmitool/ipmitool/lib/ipmi_session.c,v retrieving revision 1.14 retrieving revision 1.15 diff -C2 -d -r1.14 -r1.15 *** ipmi_session.c 19 Mar 2006 17:59:39 -0000 1.14 --- ipmi_session.c 6 Feb 2012 12:48:09 -0000 1.15 *************** *** 401,405 **** { session_request_type = IPMI_SESSION_REQUEST_BY_ID; ! id_or_handle = strtol(argv[2], NULL, 16); } else --- 401,410 ---- { session_request_type = IPMI_SESSION_REQUEST_BY_ID; ! if (str2uint(argv[2], &id_or_handle) != 0) { ! lprintf(LOG_ERR, "HEX number expected, but '%s' given.", ! argv[2]); ! printf_session_usage(); ! retval = -1; ! } } else *************** *** 415,419 **** { session_request_type = IPMI_SESSION_REQUEST_BY_HANDLE; ! id_or_handle = strtol(argv[2], NULL, 16); } else --- 420,429 ---- { session_request_type = IPMI_SESSION_REQUEST_BY_HANDLE; ! if (str2uint(argv[2], &id_or_handle) != 0) { ! lprintf(LOG_ERR, "HEX number expected, bud '%s' given.", ! argv[2]); ! printf_session_usage(); ! retval = -1; ! } } else |