Zdenek, I would recommend two tweaks: - add "*uchr_ptr = 0;" after the NULL pointer/return 1 check, in case the caller does not check the return value, at least the output byte will be sane/default. - remove "|| arg_long < 0" before return 2, since arg_long is unsigned and this could generate a compile warning
Andy -----Original Message----- From: Zdenek Styblik [mailto:zdenek.styb...@gmail.com] Sent: Wednesday, October 26, 2011 3:09 PM To: ipmitool-devel Subject: Re: [Ipmitool-devel] multiple uint8_t overflow in 'lib/ipmi_main.c'via parameters On Mon, Oct 24, 2011 at 8:25 PM, Zdenek Styblik <zdenek.styb...@gmail.com> wrote: [...] Ok, thanks to Andy's comments, here goes version 2. ~~~ 'lib/helper.c' ~~~ #include <limits.h> [...] /* Desc: Convert array of chars into uint8_t and check for overflows * @str: array of chars to parse from * @uchr_ptr: pointer to address where uint8_t will be stored */ int str2uchar(char *str, uint8_t *uchr_ptr) { uint32_t arg_long = 0; char *end_ptr = 0; if (!str || !uchr_ptr || sizeof(str) <= 0) { /* Some of parameters to the function are missing or are invalid */ return 1; } errno = 0; arg_long = strtoul(str, &end_ptr, 0); if (*end_ptr != '\0' || errno != 0 || arg_long < 0) { /* Invalid input given by user/overflow occurred */ return 2; } if (arg_long > UCHAR_MAX || arg_long == LONG_MIN || arg_long == LONG_MAX) { /* Given argument is too big to fit uint8_t */ return 3; } *uchr_ptr = (uint8_t) arg_long; return 0; } ~~~ 'lib/helper.c' ~~~ Zdenek ------------------------------------------------------------------------------ The demand for IT networking professionals continues to grow, and the demand for specialized networking skills is growing even more rapidly. Take a complimentary Learning@Cisco Self-Assessment and learn about Cisco certifications, training, and career opportunities. http://p.sf.net/sfu/cisco-dev2dev _______________________________________________ Ipmitool-devel mailing list Ipmitool-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/ipmitool-devel ------------------------------------------------------------------------------ The demand for IT networking professionals continues to grow, and the demand for specialized networking skills is growing even more rapidly. Take a complimentary Learning@Cisco Self-Assessment and learn about Cisco certifications, training, and career opportunities. http://p.sf.net/sfu/cisco-dev2dev _______________________________________________ Ipmitool-devel mailing list Ipmitool-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/ipmitool-devel
