[PATCH 2/9] ui: Fix silent truncation of numeric keys in HMP sendkey

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PATCH 2/9] ui: Fix silent truncation of numeric keys in HMP sendkey

From:	Markus Armbruster
Subject:	[PATCH 2/9] ui: Fix silent truncation of numeric keys in HMP sendkey
Date:	Thu, 1 Dec 2022 07:13:04 +0100

Keys are int.  HMP sendkey assigns them from the value strtoul(),
silently truncating values greater than INT_MAX.  Fix to reject them.

While there, use qemu_strtoul() instead of strtoul() so checkpatch.pl
won't complain.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
---
 monitor/hmp-cmds.c | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/monitor/hmp-cmds.c b/monitor/hmp-cmds.c
index 01b789a79e..a7c9ae2520 100644
--- a/monitor/hmp-cmds.c
+++ b/monitor/hmp-cmds.c
@@ -1666,8 +1666,13 @@ void hmp_sendkey(Monitor *mon, const QDict *qdict)
         v = g_malloc0(sizeof(*v));
 
         if (strstart(keys, "0x", NULL)) {
-            char *endp;
-            int value = strtoul(keys, &endp, 0);
+            const char *endp;
+            unsigned long value;
+
+            if (qemu_strtoul(keys, &endp, 0, &value) < 0
+                || value >= INT_MAX) {
+                goto err_out;
+            }
             assert(endp <= keys + keyname_len);
             if (endp != keys + keyname_len) {
                 goto err_out;
-- 
2.37.3

[Prev in Thread]

Current Thread

[Next in Thread]

Re: [PATCH 3/9] ui: Drop disabled code for SPICE_CHANNEL_WEBDAV, (continued)
- [PATCH 4/9] ui: Clean up a few things checkpatch.pl would flag later on, Markus Armbruster, 2022/12/01
  - Re: [PATCH 4/9] ui: Clean up a few things checkpatch.pl would flag later on, Daniel P . Berrangé, 2022/12/01
- [PATCH 1/9] ui: Check numeric part of expire_password argument @time properly, Markus Armbruster, 2022/12/01
  - Re: [PATCH 1/9] ui: Check numeric part of expire_password argument @time properly, Daniel P . Berrangé, 2022/12/01
- [PATCH 2/9] ui: Fix silent truncation of numeric keys in HMP sendkey, Markus Armbruster <=
  - Re: [PATCH 2/9] ui: Fix silent truncation of numeric keys in HMP sendkey, Daniel P . Berrangé, 2022/12/01
- [PATCH 7/9] ui: Improve "change vnc" error reporting, Markus Armbruster, 2022/12/01
  - Re: [PATCH 7/9] ui: Improve "change vnc" error reporting, Daniel P . Berrangé, 2022/12/01
    - Re: [PATCH 7/9] ui: Improve "change vnc" error reporting, Markus Armbruster, 2022/12/01
- [PATCH 8/9] ui: Factor out hmp_change_vnc(), and move to ui/ui-hmp-cmds.c, Markus Armbruster, 2022/12/01
  - Re: [PATCH 8/9] ui: Factor out hmp_change_vnc(), and move to ui/ui-hmp-cmds.c, Daniel P . Berrangé, 2022/12/01
- [PATCH 6/9] ui: Move HMP commands from monitor to new ui/ui-hmp-cmds.c, Markus Armbruster, 2022/12/01
  - Re: [PATCH 6/9] ui: Move HMP commands from monitor to new ui/ui-hmp-cmds.c, Philippe Mathieu-Daudé, 2022/12/01
    - Re: [PATCH 6/9] ui: Move HMP commands from monitor to new ui/ui-hmp-cmds.c, Markus Armbruster, 2022/12/01
  - Re: [PATCH 6/9] ui: Move HMP commands from monitor to new ui/ui-hmp-cmds.c, Daniel P . Berrangé, 2022/12/01

Prev by Date: [PATCH 1/9] ui: Check numeric part of expire_password argument @time properly
Next by Date: [PATCH 7/9] ui: Improve "change vnc" error reporting
Previous by thread: Re: [PATCH 1/9] ui: Check numeric part of expire_password argument @time properly
Next by thread: Re: [PATCH 2/9] ui: Fix silent truncation of numeric keys in HMP sendkey
Index(es):
- Date
- Thread