[PULL 02/17] ui: Fix silent truncation of numeric keys in HMP sendkey

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PULL 02/17] ui: Fix silent truncation of numeric keys in HMP sendkey

From:	Markus Armbruster
Subject:	[PULL 02/17] ui: Fix silent truncation of numeric keys in HMP sendkey
Date:	Thu, 19 Jan 2023 14:26:58 +0100

Keys are int.  HMP sendkey assigns them from the value strtoul(),
silently truncating values greater than INT_MAX.  Fix to reject them.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <20230109190321.1056914-3-armbru@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
---
 monitor/hmp-cmds.c | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/monitor/hmp-cmds.c b/monitor/hmp-cmds.c
index ed78a87ddd..9947ff0b45 100644
--- a/monitor/hmp-cmds.c
+++ b/monitor/hmp-cmds.c
@@ -1549,8 +1549,12 @@ void hmp_sendkey(Monitor *mon, const QDict *qdict)
         v = g_malloc0(sizeof(*v));
 
         if (strstart(keys, "0x", NULL)) {
-            char *endp;
-            int value = strtoul(keys, &endp, 0);
+            const char *endp;
+            int value;
+
+            if (qemu_strtoi(keys, &endp, 0, &value) < 0) {
+                goto err_out;
+            }
             assert(endp <= keys + keyname_len);
             if (endp != keys + keyname_len) {
                 goto err_out;
-- 
2.39.0

[Prev in Thread]

Current Thread

[Next in Thread]

[PULL 00/17] Monitor patches for 2023-01-19, Markus Armbruster, 2023/01/19
- [PULL 16/17] ui: Split hmp_mouse_set() and move the HMP part to ui/, Markus Armbruster, 2023/01/19
- [PULL 15/17] ui: Don't check for mode change after mouse_set error, Markus Armbruster, 2023/01/19
- [PULL 09/17] ui: Move QMP commands from monitor to new ui/ui-qmp-cmds.c, Markus Armbruster, 2023/01/19
- [PULL 03/17] ui/spice: Require spice-protocol >= 0.14.0, Markus Armbruster, 2023/01/19
- [PULL 04/17] Revert "hmp: info spice: take out webdav", Markus Armbruster, 2023/01/19
- [PULL 05/17] ui/spice: Require spice-server >= 0.14.0, Markus Armbruster, 2023/01/19
- [PULL 10/17] ui: Factor out qmp_add_client() parts and move to ui/ui-qmp-cmds.c, Markus Armbruster, 2023/01/19
- [PULL 02/17] ui: Fix silent truncation of numeric keys in HMP sendkey, Markus Armbruster <=
- [PULL 11/17] ui: Move HMP commands from monitor to new ui/ui-hmp-cmds.c, Markus Armbruster, 2023/01/19
- [PULL 14/17] ui: Reduce nesting in hmp_change_vnc() slightly, Markus Armbruster, 2023/01/19
- [PULL 13/17] ui: Factor out hmp_change_vnc(), and move to ui/ui-hmp-cmds.c, Markus Armbruster, 2023/01/19
- [PULL 17/17] ui: Simplify control flow in qemu_mouse_set(), Markus Armbruster, 2023/01/19
- [PULL 07/17] ui/spice: Give hmp_info_spice()'s channel_names[] static linkage, Markus Armbruster, 2023/01/19
- [PULL 08/17] ui: Clean up a few things checkpatch.pl would flag later on, Markus Armbruster, 2023/01/19
- [PULL 12/17] ui: Improve "change vnc" error reporting, Markus Armbruster, 2023/01/19
- [PULL 06/17] ui/spice: QXLInterface method set_mm_time() is now dead, drop, Markus Armbruster, 2023/01/19
- [PULL 01/17] ui: Check numeric part of expire_password argument @time properly, Markus Armbruster, 2023/01/19
- Re: [PULL 00/17] Monitor patches for 2023-01-19, Peter Maydell, 2023/01/20

Prev by Date: [PULL 10/17] ui: Factor out qmp_add_client() parts and move to ui/ui-qmp-cmds.c
Next by Date: [PULL 11/17] ui: Move HMP commands from monitor to new ui/ui-hmp-cmds.c
Previous by thread: [PULL 10/17] ui: Factor out qmp_add_client() parts and move to ui/ui-qmp-cmds.c
Next by thread: [PULL 11/17] ui: Move HMP commands from monitor to new ui/ui-hmp-cmds.c
Index(es):
- Date
- Thread