This commit addresses an issue where the strtol function, which returns a 'long', was assigned to an 'unsigned long' variable. As a result, the error handling routine check 't == LONG_MIN' was ineffectual, leading to an inability to correctly check for underflow. Now the code uses the existing parsing logic 'parse_int' and verifies that the parsed 'ustate' value falls within the correct range.
Note: the mismanagement of parse errors was not causing any issues because 'ebg_env_setglobalstate' validates its input arguments separately. Signed-off-by: Michael Adler <[email protected]> --- tools/bg_setenv.c | 15 ++++----------- 1 file changed, 4 insertions(+), 11 deletions(-) diff --git a/tools/bg_setenv.c b/tools/bg_setenv.c index d685412..ab2e2ad 100644 --- a/tools/bg_setenv.c +++ b/tools/bg_setenv.c @@ -115,7 +115,6 @@ newaction_nomem: static void journal_process_action(BGENV *env, struct env_action *action) { ebgenv_t e; - char *tmp; switch (action->task) { case ENV_TASK_SET: @@ -123,22 +122,16 @@ static void journal_process_action(BGENV *env, struct env_action *action) action->key, (long long unsigned int)action->type, (char *)action->data); if (strcmp(action->key, "ustate") == 0) { - uint16_t ustate; - unsigned long t; + int ustate; char *arg; int ret; e.bgenv = env; arg = (char *)action->data; - errno = 0; - t = strtol(arg, &tmp, 10); - if ((errno == ERANGE && (t == LONG_MAX || - t == LONG_MIN)) || - (errno != 0 && t == 0) || tmp == arg) { - fprintf(stderr, "Invalid value for ustate: %s", - (char *)action->data); + ustate = parse_int(arg); + if (ustate < 0 || ustate > UINT16_MAX) { + fprintf(stderr, "Invalid ustate value: %s", arg); return; } - ustate = (uint16_t)t;; if ((ret = ebg_env_setglobalstate(&e, ustate)) != 0) { fprintf(stderr, "Error setting global state: %s.", -- 2.41.0 -- You received this message because you are subscribed to the Google Groups "EFI Boot Guard" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/efibootguard-dev/20230726084024.40124-2-michael.adler%40siemens.com.
