forked from Imagelibrary/seL4
utils: safer str_to_long
Make str_to_long more defensive against malformed content, since this function runs on user (cmd line) input on x86. The input is from boot time, i.e. trusted, but the function should still be memory safe. This change does not fix overflow issues which may still lead to undefined behaviour. Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
This commit is contained in:
Gerwin Klein
15
src/util.c
15
src/util.c
@@ -106,18 +106,23 @@ long PURE str_to_long(const char *str)
|
||||
long val = 0;
|
||||
char c;
|
||||
|
||||
/*check for "0x" */
|
||||
/* NULL ptr and empty str */
|
||||
if (str == NULL || *str == 0) {
|
||||
return -1;
|
||||
}
|
||||
|
||||
/* check for "0x", *(str + 1) may be 0, but must be allocated since str is not empty */
|
||||
if (*str == '0' && (*(str + 1) == 'x' || *(str + 1) == 'X')) {
|
||||
base = 16;
|
||||
str += 2;
|
||||
/* '0x' on its own is malformed */
|
||||
if (*str == 0) {
|
||||
return -1;
|
||||
}
|
||||
} else {
|
||||
base = 10;
|
||||
}
|
||||
|
||||
if (!*str) {
|
||||
return -1;
|
||||
}
|
||||
|
||||
c = *str;
|
||||
while (c != '\0') {
|
||||
res = char_to_long(c);
|
||||
|
||||
Reference in New Issue
Block a user