Re: [PATCH v2] tools/btgatt-client : fix write-value byte parsing

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi,

On Wed, Feb 24, 2016 at 11:29 AM, Chevallier Maxime
<maxime.chevallier@xxxxxxxxxxx> wrote:
> write-value, write-long-value and write-prepare were parsing
> bytes using strtol with base '0' and restraining wtring size to
> be exactly 2, forbidding to write values over 99. The string length
> is no more checked, we instead check that the parsed value is in the
> correct range.
> ---
>  tools/btgatt-client.c | 41 +++++++++++++----------------------------
>  1 file changed, 13 insertions(+), 28 deletions(-)
>
> diff --git a/tools/btgatt-client.c b/tools/btgatt-client.c
> index 0f6a1bd..2153bec 100644
> --- a/tools/btgatt-client.c
> +++ b/tools/btgatt-client.c
> @@ -658,7 +658,7 @@ static void write_cb(bool success, uint8_t att_ecode, void *user_data)
>
>  static void cmd_write_value(struct client *cli, char *cmd_str)
>  {
> -       int opt, i;
> +       int opt, i, val;
>         char *argvbuf[516];
>         char **argv = argvbuf;
>         int argc = 1;
> @@ -726,19 +726,14 @@ static void cmd_write_value(struct client *cli, char *cmd_str)
>                 }
>
>                 for (i = 1; i < argc; i++) {
> -                       if (strlen(argv[i]) != 2) {
> -                               printf("Invalid value byte: %s\n",
> -                                                               argv[i]);
> -                               goto done;
> -                       }
> -
> -                       value[i-1] = strtol(argv[i], &endptr, 0);
> +                       val = strtol(argv[i], &endptr, 0);
>                         if (endptr == argv[i] || *endptr != '\0'
> -                                                       || errno == ERANGE) {
> +                               || errno == ERANGE || val < 0 || val > 255) {
>                                 printf("Invalid value byte: %s\n",
>                                                                 argv[i]);
>                                 goto done;
>                         }
> +                       value[i-1] = val;
>                 }
>         }
>
> @@ -793,7 +788,7 @@ static void write_long_cb(bool success, bool reliable_error, uint8_t att_ecode,
>
>  static void cmd_write_long_value(struct client *cli, char *cmd_str)
>  {
> -       int opt, i;
> +       int opt, i, val;
>         char *argvbuf[516];
>         char **argv = argvbuf;
>         int argc = 1;
> @@ -865,21 +860,15 @@ static void cmd_write_long_value(struct client *cli, char *cmd_str)
>                 }
>
>                 for (i = 2; i < argc; i++) {
> -                       if (strlen(argv[i]) != 2) {
> -                               printf("Invalid value byte: %s\n",
> -                                                               argv[i]);
> -                               free(value);
> -                               return;
> -                       }
> -
> -                       value[i-2] = strtol(argv[i], &endptr, 0);
> +                       val = strtol(argv[i], &endptr, 0);
>                         if (endptr == argv[i] || *endptr != '\0'
> -                                                       || errno == ERANGE) {
> +                               || errno == ERANGE || val < 0 || val > 255) {
>                                 printf("Invalid value byte: %s\n",
>                                                                 argv[i]);
>                                 free(value);
>                                 return;
>                         }
> +                       value[i-2] = val;
>                 }
>         }
>
> @@ -909,7 +898,7 @@ static struct option write_prepare_options[] = {
>
>  static void cmd_write_prepare(struct client *cli, char *cmd_str)
>  {
> -       int opt, i;
> +       int opt, i, val;
>         char *argvbuf[516];
>         char **argv = argvbuf;
>         int argc = 0;
> @@ -1002,18 +991,14 @@ static void cmd_write_prepare(struct client *cli, char *cmd_str)
>         }
>
>         for (i = 2; i < argc; i++) {
> -               if (strlen(argv[i]) != 2) {
> -                       printf("Invalid value byte: %s\n", argv[i]);
> -                       free(value);
> -                       return;
> -               }
> -
> -               value[i-2] = strtol(argv[i], &endptr, 0);
> -               if (endptr == argv[i] || *endptr != '\0' || errno == ERANGE) {
> +               val = strtol(argv[i], &endptr, 0);
> +               if (endptr == argv[i] || *endptr != '\0' || errno == ERANGE
> +                                               || val < 0 || val > 255) {
>                         printf("Invalid value byte: %s\n", argv[i]);
>                         free(value);
>                         return;
>                 }
> +               value[i-2] = val;
>         }
>
>  done:
> --
> 2.1.4

Applied, thanks.


-- 
Luiz Augusto von Dentz
--
To unsubscribe from this list: send the line "unsubscribe linux-bluetooth" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html



[Index of Archives]     [Bluez Devel]     [Linux Wireless Networking]     [Linux Wireless Personal Area Networking]     [Linux ATH6KL]     [Linux USB Devel]     [Linux Media Drivers]     [Linux Audio Users]     [Linux Kernel]     [Linux SCSI]     [Big List of Linux Books]

  Powered by Linux