On Wed, 2 Aug 2023 08:11:05 +0000
Wenbo Cao <caowe...@mucse.com> wrote:
> + if (strcmp(key, RNP_HW_MAC_LOOPBACK_ARG) == 0) {
> + uint16_t *n = extra_args;
> + *n = (uint16_t)strtoul(value, NULL, 10);
> + if (*n == USHRT_MAX && errno == ERANGE)
> + return -1;
You should be using unsigned long for n here
and no cast. Otherwise a large buggy argument would not be caught.
Something like:
if (strcmp(key, RNP_HW_MAC_LOOPBACK_ARG) == 0) {
unsigned long n;
uint16_t *result = extra_args;
n = strtoul(value, NULL, 10);
if (n > UINT16_MAX) {
XXXLOG("invalid loopback arg"...
return -1;
}
*result = n;
