[ovs-dev] [PATCH] lib/util: Input validation in str_to_uint

Zoltan Kiss zoltan.kiss at citrix.com
Tue Apr 22 17:27:18 UTC 2014


This function returns true when 's' is negative or greater than UINT_MAX. Also,
the representation of 'int' and 'unsigned int' is implementation dependent, so
converting [INT_MAX..UINT_MAX] values with str_to_int is fragile.
Instead, we should convert straight to 'long long' and do a boundary check
before returning the converted value.

Signed-off-by: Zoltan Kiss <zoltan.kiss at citrix.com>
---
diff --git a/lib/util.h b/lib/util.h
index aff17a5..9b677c5 100644
--- a/lib/util.h
+++ b/lib/util.h
@@ -294,7 +294,16 @@ bool str_to_llong(const char *, int base, long long *);
 static inline bool
 str_to_uint(const char *s, int base, unsigned int *u)
 {
-    return str_to_int(s, base, (int *) u);
+    long long ll;
+    bool ok = str_to_llong(s, base, &ll);
+    if (OVS_UNLIKELY(!ok || (ll < 0) || (ll > UINT_MAX))) {
+	*u = 0;
+	return false;
+    }
+    else {
+	*u = ll;
+	return true;
+    }
 }
 
 static inline bool



More information about the dev mailing list