subject:"\[Ipmitool\-devel\] multiple uint8_t overflow in 'lib\/ipmi_main.c' via parameters"

Re: [Ipmitool-devel] multiple uint8_t overflow in 'lib/ipmi_main.c' via parameters

2011-10-26 Thread Zdenek Styblik

On Mon, Oct 24, 2011 at 8:25 PM, Zdenek Styblik wrote: [...] Ok, thanks to Andy's comments, here goes version 2. ~~~ 'lib/helper.c' ~~~ #include [...] /* Desc: Convert array of chars into uint8_t and check for overflows * @str: array of chars to parse from * @uchr_ptr: pointer to address wh

[Ipmitool-devel] multiple uint8_t overflow in 'lib/ipmi_main.c' via parameters

2011-10-24 Thread Zdenek Styblik

Hello, as of now, it is possible to cause uint8_t overflows via parameters to ipmitool. Example code to blame from 'lib/ipmi_main.c': ~~~ SNIP ~~~ case 't': target_addr = (uint8_t)strtol(optarg, NULL, 0); break; ~~~ SNIP ~~~ No check is being made whether only numerical input has