utility/crossystem_main.c - Issue 6675014: Add error checking for poorly-formed crossystem args

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: utility/crossystem_main.c

Issue 6675014: Add error checking for poorly-formed crossystem args (Closed) Base URL: ssh://git@gitrw.chromium.org:9222/vboot_reference.git@0.11.257.B

Patch Set: Created 9 years, 9 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: utility/crossystem_main.c

diff --git a/utility/crossystem_main.c b/utility/crossystem_main.c

index 53166e48e0774bd342d1ed6cf16190124ffb3a05..31634381cd66cf22e8f79709ec206e16f4b45ef6 100644

--- a/utility/crossystem_main.c

+++ b/utility/crossystem_main.c

@@ -99,6 +99,8 @@ void PrintHelp(const char *progname) {

* Returns the parameter, or NULL if no match. */

const Param* FindParam(const char* name) {

const Param* p;

+ if (!name)

+ return NULL;

for (p = sys_param_list; p->name; p++) {

if (!strcasecmp(p->name, name))

return p;

@@ -220,22 +222,34 @@ int main(int argc, char* argv[]) {

/* Otherwise, loop through params and get/set them */

for (i = 1; i < argc && retval == 0; i++) {

- int has_set = (NULL != strchr(argv[i], '='));

- int has_expect = (NULL != strchr(argv[i], '?'));

+ char* has_set = strchr(argv[i], '=');

+ char* has_expect = strchr(argv[i], '?');

char* name = strtok(argv[i], "=?");

char* value = strtok(NULL, "=?");

- const Param* p = FindParam(name);

- if (!p) {

- fprintf(stderr, "Invalid parameter name: %s\n", name);

+ const Param* p;

+ /* Make sure args are well-formed. '' or '=foo' or '?foo' not allowed. */

+ if (!name || has_set == argv[i] || has_expect == argv[i]) {

+ fprintf(stderr, "Poorly formed parameter\n");

PrintHelp(progname);

return 1;

}

+ if (!value)

+ value=""; /* Allow setting/checking an empty string ('foo=' or 'foo?') */

if (has_set && has_expect) {

fprintf(stderr, "Use either = or ? in a parameter, but not both.\n");

PrintHelp(progname);

petkov 2011/03/22 00:13:36 so this is not a warning but an error?

return 1;

}

+ /* Find the parameter */

+ p = FindParam(name);

+ if (!p) {

+ fprintf(stderr, "Invalid parameter name: %s\n", name);

+ PrintHelp(progname);

+ return 1;

+ }

if (i > 1)

printf(" "); /* Output params space-delimited */

if (has_set)

« no previous file with comments | « no previous file | no next file » | no next file with comments »