Patchwork wpa_supplicant: parse int values in different bases and reject invalid

login
register
mail settings
Submitter Johannes Berg
Date March 1, 2013, 5:12 p.m.
Message ID <1362157964-31396-1-git-send-email-johannes@sipsolutions.net>
Download mbox | patch
Permalink /patch/224415/
State Accepted
Commit eae3a584f5fde638e593e673cc4fda84d32689d0
Headers show

Comments

Johannes Berg - March 1, 2013, 5:12 p.m.
From: Johannes Berg <johannes.berg@intel.com>

Instead of using atoi(), use strtol() which allows checking if
the configuration values are valid integers and can understand
more than just decimal (also hexadecimal and octal). This not
only allows specifying some fields in hex (which can be useful)
but also rejecting invalid configurations, e.g.
	disassoc_low_ack=27 * 2
which was previously read as just 27.

Signed-hostap: Johannes Berg <johannes.berg@intel.com>
---
 wpa_supplicant/config.c | 24 ++++++++++++++++++++----
 1 file changed, 20 insertions(+), 4 deletions(-)
Jouni Malinen - March 10, 2013, 3:56 p.m.
On Fri, Mar 01, 2013 at 06:12:44PM +0100, Johannes Berg wrote:
> Instead of using atoi(), use strtol() which allows checking if
> the configuration values are valid integers and can understand
> more than just decimal (also hexadecimal and octal). This not
> only allows specifying some fields in hex (which can be useful)
> but also rejecting invalid configurations, e.g.
> 	disassoc_low_ack=27 * 2
> which was previously read as just 27.

Thanks, applied.

Patch

diff --git a/wpa_supplicant/config.c b/wpa_supplicant/config.c
index 5da2d56..cb2937a 100644
--- a/wpa_supplicant/config.c
+++ b/wpa_supplicant/config.c
@@ -178,10 +178,17 @@  static int wpa_config_parse_int(const struct parse_data *data,
 				struct wpa_ssid *ssid,
 				int line, const char *value)
 {
-	int *dst;
+	int val, *dst;
+	char *end;
 
 	dst = (int *) (((u8 *) ssid) + (long) data->param1);
-	*dst = atoi(value);
+	val = strtol(value, &end, 0);
+	if (*end) {
+		wpa_printf(MSG_ERROR, "Line %d: invalid number \"%s\"",
+			   line, value);
+		return -1;
+	}
+	*dst = val;
 	wpa_printf(MSG_MSGDUMP, "%s=%d (0x%x)", data->name, *dst, *dst);
 
 	if (data->param3 && *dst < (long) data->param3) {
@@ -2628,9 +2635,18 @@  static int wpa_global_config_parse_int(const struct global_parse_data *data,
 				       struct wpa_config *config, int line,
 				       const char *pos)
 {
-	int *dst;
+	int val, *dst;
+	char *end;
+
 	dst = (int *) (((u8 *) config) + (long) data->param1);
-	*dst = atoi(pos);
+	val = strtol(pos, &end, 0);
+	if (*end) {
+		wpa_printf(MSG_ERROR, "Line %d: invalid number \"%s\"",
+			   line, pos);
+		return -1;
+	}
+	*dst = val;
+
 	wpa_printf(MSG_DEBUG, "%s=%d", data->name, *dst);
 
 	if (data->param2 && *dst < (long) data->param2) {