>
>ovs-appctl can crash with missing timeout argument.
> # ovs-appctl --timeout= dpif-netdev/pmd-stats-show
>
>Fix by using strtol and validating the timeout value.
>
>Signed-off-by: Bhanuprakash Bodireddy <bhanuprakash.bodire...@intel.com>
>---
> utilities/ovs-appctl.c | 9 ++++++++-
> 1 file changed, 8 insertions(+), 1 deletion(-)
>
>diff --git a/utilities/ovs-appctl.c b/utilities/ovs-appctl.c
>index 8f87cc4..2543ee9 100644
>--- a/utilities/ovs-appctl.c
>+++ b/utilities/ovs-appctl.c
>@@ -127,6 +127,7 @@ parse_command_line(int argc, char *argv[])
> char *short_options_ =
> ovs_cmdl_long_options_to_short_options(long_options);
> char *short_options = xasprintf("+%s", short_options_);
> const char *target;
>+ int timeout;
> int e_options;
>
> target = NULL;
>@@ -165,7 +166,13 @@ parse_command_line(int argc, char *argv[])
> exit(EXIT_SUCCESS);
>
> case 'T':
>- time_alarm(atoi(optarg));
>+ timeout = strtol(optarg, NULL, 10);
Hi Bhanu,
To ensure that the user has supplied a valid numeric timeout value, you should
provide a non-NULL 'endptr' parameter, and perform the usual checks on it, as
described in the strtol man page:
" If endptr is not NULL, strtol() stores the address of the first
invalid character in *endptr. If there were no digits at all,
strtol() stores the original value of nptr in *endptr (and returns
0). In particular, if *nptr is not '\0' but **endptr is '\0' on
return, the entire string is valid."
Cheers,
Mark
>+ if (timeout <= 0) {
>+ ovs_fatal(0, "timeout value %s on -t or --timeout is invalid",
>+ optarg);
>+ } else {
>+ time_alarm(timeout);
>+ }
> break;
>
> case 'V':
>--
>2.4.11
>
>_______________________________________________
>dev mailing list
>dev@openvswitch.org
>http://openvswitch.org/mailman/listinfo/dev
_______________________________________________
dev mailing list
dev@openvswitch.org
http://openvswitch.org/mailman/listinfo/dev
