svn commit: r334645 - head/usr.sbin/cxgbetool

Navdeep Parhar np at FreeBSD.org
Mon Jun 4 23:17:19 UTC 2018 

Author: np
Date: Mon Jun  4 23:17:18 2018
New Revision: 334645
URL: https://svnweb.freebsd.org/changeset/base/334645

Log:
  cxgbetool: Disallow negative values for numeric parameters.
  
  Sponsored by:	Chelsio Communications

Modified:
  head/usr.sbin/cxgbetool/cxgbetool.c

Modified: head/usr.sbin/cxgbetool/cxgbetool.c
==============================================================================
--- head/usr.sbin/cxgbetool/cxgbetool.c	Mon Jun  4 22:39:22 2018	(r334644)
+++ head/usr.sbin/cxgbetool/cxgbetool.c	Mon Jun  4 23:17:18 2018	(r334645)
@@ -606,31 +606,33 @@ static int
 parse_val_mask(const char *param, const char *args[], uint32_t *val,
     uint32_t *mask, int hashfilter)
 {
+	long l;
 	char *p;
 
 	if (strcmp(param, args[0]) != 0)
 		return (EINVAL);
 
-	*val = strtoul(args[1], &p, 0);
-	if (p > args[1]) {
-		if (p[0] == 0) {
-			*mask = ~0;
-			return (0);
-		}
+	p = str_to_number(args[1], &l, NULL);
+	if (l >= 0 && l <= UINT32_MAX) {
+		*val = (uint32_t)l;
+		if (p > args[1]) {
+			if (p[0] == 0) {
+				*mask = ~0;
+				return (0);
+			}
 
-		if (p[0] == ':' && p[1] != 0) {
-			if (hashfilter) {
-				warnx("param %s: mask not allowed for "
-				    "hashfilter or nat params", param);
-				return (EINVAL);
+			if (p[0] == ':' && p[1] != 0) {
+				if (hashfilter) {
+					warnx("param %s: mask not allowed for "
+					    "hashfilter or nat params", param);
+					return (EINVAL);
+				}
+				p = str_to_number(p + 1, &l, NULL);
+				if (l >= 0 && l <= UINT32_MAX && p[0] == 0) {
+					*mask = (uint32_t)l;
+					return (0);
+				}
 			}
-			*mask = strtoul(p+1, &p, 0);
-			if (p[0] == 0)
-				return (0);
-		} else {
-			warnx("param %s: mask not allowed for hashfilter",
-			    param);
-			return (EINVAL);
 		}
 	}
 
@@ -767,16 +769,19 @@ static int
 parse_val(const char *param, const char *args[], uint32_t *val)
 {
 	char *p;
+	long l;
 
 	if (strcmp(param, args[0]) != 0)
 		return (EINVAL);
 
-	*val = strtoul(args[1], &p, 0);
-	if (p > args[1] && p[0] == 0)
-		return (0);
+	p = str_to_number(args[1], &l, NULL);
+	if (*p || l < 0 || l > UINT32_MAX) {
+		warnx("parameter \"%s\" has bad \"value\" %s", args[0], args[1]);
+		return (EINVAL);
+	}
 
-	warnx("parameter \"%s\" has bad \"value\" %s", args[0], args[1]);
-	return (EINVAL);
+	*val = (uint32_t)l;
+	return (0);
 }
 
 static void

More information about the svn-src-all mailing list