| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 5 Jan 2021 17:54:52 +0530
From: Brahadambal Srinivasan <latha@...ux.vnet.ibm.com>
To: shuah@...nel.org, trenn@...e.com
Cc: linux-pm@...r.kernel.org, linux-kernel@...r.kernel.org,
latha@...ux.vnet.ibm.com
Subject: [PATCH] cpuidle_set accepts alpha numeric values for idle-set operation
For both the d and e options in cpuidle_set, an atoi() conversion is
done without checking if the input argument is all numeric. So, an
atoi conversion is done on any character provided as input and the
CPU idle_set operation continues with that integer value, which may
not be what is intended or entirely correct.
A similar check is present for cpufreq-set already.
This patch adds a check to see that the idle_set value is all numeric
before doing a string-to-int conversion.
Signed-off-by: Brahadambal Srinivasan <latha@...ux.vnet.ibm.com>
---
tools/power/cpupower/utils/cpuidle-set.c | 39 +++++++++++++++++++++---
1 file changed, 34 insertions(+), 5 deletions(-)
diff --git a/tools/power/cpupower/utils/cpuidle-set.c b/tools/power/cpupower/utils/cpuidle-set.c
index 46158928f9ad..b3dec48e7141 100644
--- a/tools/power/cpupower/utils/cpuidle-set.c
+++ b/tools/power/cpupower/utils/cpuidle-set.c
@@ -21,6 +21,19 @@ static struct option info_opts[] = {
{ },
};
+int is_number(char *arg)
+{
+ size_t len, i = 0;
+
+ len = strlen(arg);
+
+ for (i = 0; i < len; i++) {
+ if (!isdigit(arg[i]))
+ return 0;
+ }
+
+ return 1;
+}
int cmd_idle_set(int argc, char **argv)
{
@@ -47,7 +60,12 @@ int cmd_idle_set(int argc, char **argv)
break;
}
param = ret;
- idlestate = atoi(optarg);
+ if (is_number(optarg))
+ idlestate = atoi(optarg);
+ else {
+ printf(_("Bad idle_set value : %s. Integer expected\n"), optarg);
+ exit(EXIT_FAILURE);
+ }
break;
case 'e':
if (param) {
@@ -56,7 +74,12 @@ int cmd_idle_set(int argc, char **argv)
break;
}
param = ret;
- idlestate = atoi(optarg);
+ if (is_number(optarg))
+ idlestate = atoi(optarg);
+ else {
+ printf(_("Bad idle_set value : %s\n. Integer expected"), optarg);
+ exit(EXIT_FAILURE);
+ }
break;
case 'D':
if (param) {
@@ -65,9 +88,15 @@ int cmd_idle_set(int argc, char **argv)
break;
}
param = ret;
- latency = strtoull(optarg, &endptr, 10);
- if (*endptr != '\0') {
- printf(_("Bad latency value: %s\n"), optarg);
+ if (is_number(optarg)) {
+ latency = strtoull(optarg, &endptr, 10);
+ if (*endptr != '\0') {
+ printf(_("Bad latency value: %s. Integer expected\n"),
+ optarg);
+ exit(EXIT_FAILURE);
+ }
+ } else {
+ printf(_("Bad latency value: %s. Integer expected\n"), optarg);
exit(EXIT_FAILURE);
}
break;
--
2.24.3 (Apple Git-128)
Powered by blists - more mailing lists