Re: [PATCH 1/2] misc: fix invalid character recongition in strto*l

Wed, 27 Apr 2016 17:54:07 -0700 

Would previously allow digits larger than the base and didn't check that
subtracting the difference from 0-9 to lowercase letters for characters
larger than 9 didn't result in a value lower than 9, which allowed the
parses: ` = 9, _ = 8, ^ = 7, ] = 6, \ = 5, and [ = 4
---
Need to move the out-of-base check to *after* the outside [0-9] handling or this breaks. 

 grub-core/kern/misc.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/grub-core/kern/misc.c b/grub-core/kern/misc.c
index 906d2c2..3653d4d 100644
--- a/grub-core/kern/misc.c
+++ b/grub-core/kern/misc.c
@@ -394,9 +394,11 @@ grub_strtoull (const char *str, char **end, int base) 
       if (digit > 9)
        {
          digit += '0' - 'a' + 10;
-         if (digit >= (unsigned long) base)
+         if (digit >= (unsigned long) base || digit <= 9)
            break;
        }
+      if (digit >= (unsigned long) base)
+       break;

       found = 1;

--
2.8.0.rc2


On 27 Apr 2016, at 14:54, Aaron Miller wrote:
Would previously allow digits larger than the base and didn't check that subtracting the difference from 0-9 to lowercase letters for characters 
larger than 9 didn't result in a value lower than 9, which allowed the
parses: ` = 9, _ = 8, ^ = 7, ] = 6, \ = 5, and [ = 4
---
Missed the >= vs < in the previously sent patch (I caught this, but then still mailed the broken patch) 

 grub-core/kern/misc.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/grub-core/kern/misc.c b/grub-core/kern/misc.c
index 906d2c2..1c0c913 100644
--- a/grub-core/kern/misc.c
+++ b/grub-core/kern/misc.c
@@ -391,10 +391,12 @@ grub_strtoull (const char *str, char **end, int base) 
       unsigned long digit;

       digit = grub_tolower (*str) - '0';
+      if (digit >= (unsigned long) base)
+       break;
       if (digit > 9)
        {
          digit += '0' - 'a' + 10;
-         if (digit >= (unsigned long) base)
+         if (digit >= (unsigned long) base || digit <= 9)
            break;
        }

--
2.8.0.rc2

_______________________________________________
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel


_______________________________________________
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel

Reply via email to