lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <20210105122452.8687-1-latha@linux.vnet.ibm.com>
Date:   Tue,  5 Jan 2021 17:54:52 +0530
From:   Brahadambal Srinivasan <latha@...ux.vnet.ibm.com>
To:     shuah@...nel.org, trenn@...e.com
Cc:     linux-pm@...r.kernel.org, linux-kernel@...r.kernel.org,
        latha@...ux.vnet.ibm.com
Subject: [PATCH] cpuidle_set accepts alpha numeric values for idle-set operation

For both the d and e options in cpuidle_set, an atoi() conversion is
done without checking if the input argument is all numeric. So, an
atoi conversion is done on any character provided as input and the
CPU idle_set operation continues with that integer value, which may
not be what is intended or entirely correct.

A similar check is present for cpufreq-set already.

This patch adds a check to see that the idle_set value is all numeric
before doing a string-to-int conversion.

Signed-off-by: Brahadambal Srinivasan <latha@...ux.vnet.ibm.com>
---
 tools/power/cpupower/utils/cpuidle-set.c | 39 +++++++++++++++++++++---
 1 file changed, 34 insertions(+), 5 deletions(-)

diff --git a/tools/power/cpupower/utils/cpuidle-set.c b/tools/power/cpupower/utils/cpuidle-set.c
index 46158928f9ad..b3dec48e7141 100644
--- a/tools/power/cpupower/utils/cpuidle-set.c
+++ b/tools/power/cpupower/utils/cpuidle-set.c
@@ -21,6 +21,19 @@ static struct option info_opts[] = {
      { },
 };
 
+int is_number(char *arg)
+{
+	size_t len, i = 0;
+
+	len = strlen(arg);
+
+	for (i = 0; i < len; i++) {
+		if (!isdigit(arg[i]))
+			return 0;
+	}
+
+	return 1;
+}
 
 int cmd_idle_set(int argc, char **argv)
 {
@@ -47,7 +60,12 @@ int cmd_idle_set(int argc, char **argv)
 				break;
 			}
 			param = ret;
-			idlestate = atoi(optarg);
+			if (is_number(optarg))
+				idlestate = atoi(optarg);
+			else {
+				printf(_("Bad idle_set value : %s. Integer expected\n"), optarg);
+				exit(EXIT_FAILURE);
+			}
 			break;
 		case 'e':
 			if (param) {
@@ -56,7 +74,12 @@ int cmd_idle_set(int argc, char **argv)
 				break;
 			}
 			param = ret;
-			idlestate = atoi(optarg);
+			if (is_number(optarg))
+				idlestate = atoi(optarg);
+			else {
+				printf(_("Bad idle_set value : %s\n. Integer expected"), optarg);
+				exit(EXIT_FAILURE);
+			}
 			break;
 		case 'D':
 			if (param) {
@@ -65,9 +88,15 @@ int cmd_idle_set(int argc, char **argv)
 				break;
 			}
 			param = ret;
-			latency = strtoull(optarg, &endptr, 10);
-			if (*endptr != '\0') {
-				printf(_("Bad latency value: %s\n"), optarg);
+			if (is_number(optarg)) {
+				latency = strtoull(optarg, &endptr, 10);
+				if (*endptr != '\0') {
+					printf(_("Bad latency value: %s. Integer expected\n"),
+						optarg);
+					exit(EXIT_FAILURE);
+				}
+			} else {
+				printf(_("Bad latency value: %s. Integer expected\n"), optarg);
 				exit(EXIT_FAILURE);
 			}
 			break;
-- 
2.24.3 (Apple Git-128)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ