From: Chen Yu <yu.c.chen@intel.com>
To: "Rafael J. Wysocki" <rafael.j.wysocki@intel.com>,
Len Brown <lenb@kernel.org>,
Robert Moore <robert.moore@intel.com>
Cc: linux-acpi@vger.kernel.org, linux-kernel@vger.kernel.org,
Chen Yu <yu.c.chen@intel.com>,
Hariganesh Govindarajulu <hariganesh.govindarajulu@intel.com>
Subject: [PATCH v2] ACPI: tools: pfrut: Check if the input of level and type is in the right numeric range
Date: Wed, 8 Mar 2023 21:23:09 +0800 [thread overview]
Message-ID: <20230308132309.18827-1-yu.c.chen@intel.com> (raw)
The user provides arbitrary non-numeic value to level and type,
which could bring expected behavior. In this case the expected
behavior would be to throw an error.
pfrut -h
usage: pfrut [OPTIONS]
code injection:
-l, --load
-s, --stage
-a, --activate
-u, --update [stage and activate]
-q, --query
-d, --revid
update telemetry:
-G, --getloginfo
-T, --type(0:execution, 1:history)
-L, --level(0, 1, 2, 4)
-R, --read
-D, --revid log
pfrut -T A
pfrut -G
log_level:0
log_type:0
log_revid:2
max_data_size:65536
chunk1_size:0
chunk2_size:1530
rollover_cnt:0
reset_cnt:17
Fix this by restricting the input to be in the expected range.
Reported-by: Hariganesh Govindarajulu <hariganesh.govindarajulu@intel.com>
Suggested-by: "Rafael J. Wysocki" <rafael.j.wysocki@intel.com>
Signed-off-by: Chen Yu <yu.c.chen@intel.com>
---
v2: Replace atoi() with strtol() to filter the number. (Rafael)
---
tools/power/acpi/tools/pfrut/pfrut.c | 18 +++++++++++++++---
1 file changed, 15 insertions(+), 3 deletions(-)
diff --git a/tools/power/acpi/tools/pfrut/pfrut.c b/tools/power/acpi/tools/pfrut/pfrut.c
index 52aa0351533c..388c9e3ad040 100644
--- a/tools/power/acpi/tools/pfrut/pfrut.c
+++ b/tools/power/acpi/tools/pfrut/pfrut.c
@@ -97,7 +97,7 @@ static struct option long_options[] = {
static void parse_options(int argc, char **argv)
{
int option_index = 0;
- char *pathname;
+ char *pathname, *endptr;
int opt;
pathname = strdup(argv[0]);
@@ -125,11 +125,23 @@ static void parse_options(int argc, char **argv)
log_getinfo = 1;
break;
case 'T':
- log_type = atoi(optarg);
+ log_type = strtol(optarg, &endptr, 0);
+ if (*endptr || (log_type != 0 && log_type != 1)) {
+ printf("Number expected: type(0:execution, 1:history) - Quit.\n");
+ exit(1);
+ }
+
set_log_type = 1;
break;
case 'L':
- log_level = atoi(optarg);
+ log_level = strtol(optarg, &endptr, 0);
+ if (*endptr ||
+ (log_level != 0 && log_level != 1 &&
+ log_level != 2 && log_level != 4)) {
+ printf("Number expected: level(0, 1, 2, 4) - Quit.\n");
+ exit(1);
+ }
+
set_log_level = 1;
break;
case 'R':
--
2.25.1
next reply other threads:[~2023-03-08 5:27 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-03-08 13:23 Chen Yu [this message]
2023-03-14 19:39 ` [PATCH v2] ACPI: tools: pfrut: Check if the input of level and type is in the right numeric range Rafael J. Wysocki
-- strict thread matches above, loose matches on Subject: below --
2023-03-08 13:09 Chen Yu
2023-03-08 5:15 ` Chen Yu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230308132309.18827-1-yu.c.chen@intel.com \
--to=yu.c.chen@intel.com \
--cc=hariganesh.govindarajulu@intel.com \
--cc=lenb@kernel.org \
--cc=linux-acpi@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=rafael.j.wysocki@intel.com \
--cc=robert.moore@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.