diff mbox series

[v2] core: make cmdline parsing more robust

Message ID 20170831103601.13500-1-christian.storm@siemens.com
State Accepted
Delegated to: Stefano Babic
Headers show
Series [v2] core: make cmdline parsing more robust | expand

Commit Message

Christian Storm Aug. 31, 2017, 10:36 a.m. UTC
(1) disallow options' values starting with '-' except for
    downloader, webserver, and suricatta doing their own
    cmdline parsing. Otherwise, e.g., this command
    $ swupdate -l -c -i <file>
    installs <file> instead of checking it due to -l's
    option value missing.
(2) abort on superfluous non-option cmdline arguments
    as SWUpdate doesn't use them, probably an usage error.
(3) check some sensible combinations with suricatta mode

Signed-off-by: Christian Storm <christian.storm@siemens.com>
---
 core/swupdate.c | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

Comments

Stefano Babic Sept. 4, 2017, 8:28 a.m. UTC | #1
On 31/08/2017 12:36, Christian Storm wrote:
> (1) disallow options' values starting with '-' except for
>     downloader, webserver, and suricatta doing their own
>     cmdline parsing. Otherwise, e.g., this command
>     $ swupdate -l -c -i <file>
>     installs <file> instead of checking it due to -l's
>     option value missing.
> (2) abort on superfluous non-option cmdline arguments
>     as SWUpdate doesn't use them, probably an usage error.
> (3) check some sensible combinations with suricatta mode
> 
> Signed-off-by: Christian Storm <christian.storm@siemens.com>
> ---
>  core/swupdate.c | 20 ++++++++++++++++++++
>  1 file changed, 20 insertions(+)
> 
> diff --git a/core/swupdate.c b/core/swupdate.c
> index b01aadd..1f0ba0d 100644
> --- a/core/swupdate.c
> +++ b/core/swupdate.c
> @@ -599,6 +599,13 @@ int main(int argc, char **argv)
>  	/* Process options with getopt */
>  	while ((c = getopt_long(argc, argv, main_options,
>  				long_options, NULL)) != EOF) {
> +		if (optarg && *optarg == '-' && (c != 'd' && c != 'u' && c != 'w')) {
> +			/* An option's value starting with '-' is not allowed except
> +			 * for downloader, webserver, and suricatta doing their own
> +			 * argv parsing.
> +			 */
> +			c = '?';
> +		}
>  		switch (c) {
>  		case 'v':
>  			loglevel = TRACELEVEL;
> @@ -680,6 +687,12 @@ int main(int argc, char **argv)
>  		}
>  	}
>  
> +	if (optind < argc) {
> +		/* SWUpdate has no non-option arguments, fail on them */
> +		usage(argv[0]);
> +		exit(1);
> +	}
> +
>  	/*
>  	 * Parameters are parsed: now performs plausibility
>  	 * tests before starting processes and threads
> @@ -698,6 +711,13 @@ int main(int argc, char **argv)
>  		exit(1);
>  	}
>  
> +#ifdef CONFIG_SURICATTA
> +	if (opt_u && (opt_c || opt_i)) {
> +		fprintf(stderr, "invalid mode combination with suricatta.\n");
> +		exit(1);
> +	}
> +#endif
> +
>  	swupdate_crypto_init();
>  
>  	if (strlen(swcfg.globals.publickeyfname)) {
> 

Applied to -master, thanks !

Best regards,
Stefano Babic
diff mbox series

Patch

diff --git a/core/swupdate.c b/core/swupdate.c
index b01aadd..1f0ba0d 100644
--- a/core/swupdate.c
+++ b/core/swupdate.c
@@ -599,6 +599,13 @@  int main(int argc, char **argv)
 	/* Process options with getopt */
 	while ((c = getopt_long(argc, argv, main_options,
 				long_options, NULL)) != EOF) {
+		if (optarg && *optarg == '-' && (c != 'd' && c != 'u' && c != 'w')) {
+			/* An option's value starting with '-' is not allowed except
+			 * for downloader, webserver, and suricatta doing their own
+			 * argv parsing.
+			 */
+			c = '?';
+		}
 		switch (c) {
 		case 'v':
 			loglevel = TRACELEVEL;
@@ -680,6 +687,12 @@  int main(int argc, char **argv)
 		}
 	}
 
+	if (optind < argc) {
+		/* SWUpdate has no non-option arguments, fail on them */
+		usage(argv[0]);
+		exit(1);
+	}
+
 	/*
 	 * Parameters are parsed: now performs plausibility
 	 * tests before starting processes and threads
@@ -698,6 +711,13 @@  int main(int argc, char **argv)
 		exit(1);
 	}
 
+#ifdef CONFIG_SURICATTA
+	if (opt_u && (opt_c || opt_i)) {
+		fprintf(stderr, "invalid mode combination with suricatta.\n");
+		exit(1);
+	}
+#endif
+
 	swupdate_crypto_init();
 
 	if (strlen(swcfg.globals.publickeyfname)) {