[ovs-dev] [PATCH v2] ovs-appctl: Fix potential crash with missing timeout value

Mon, 08 Aug 2016 03:58:47 -0700 

ovs-appctl can crash with missing timeout value on --timeout.
  # ovs-appctl --timeout= dpif-netdev/pmd-stats-show

Fix by using strtol and validate the timeout input.

Signed-off-by: Bhanuprakash Bodireddy <bhanuprakash.bodire...@intel.com>
---
v1->v2:
* Validate all input cases and tested below conditions.

  #ovs-appctl --timeout= dpif-netdev/pmd-stats-show   (no timeout specified)
  #ovs-appctl --timeout=0 dpif-netdev/pmd-stats-show  (timeout 0, invalid)
  #ovs-appctl --timeout=12345675345212151252543523524524 
dpif-netdev/pmd-stats-show (overflow case)
  #ovs-appctl --timeout=123abc dpif-netdev/pmd-stats-show (invalid input) 
  #ovs-appctl --timeout=1 dpif-netdev/pmd-stats-show  (valid input)

 utilities/ovs-appctl.c | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/utilities/ovs-appctl.c b/utilities/ovs-appctl.c
index 8f87cc4..1b201e2 100644
--- a/utilities/ovs-appctl.c
+++ b/utilities/ovs-appctl.c
@@ -127,6 +127,8 @@ parse_command_line(int argc, char *argv[])
     char *short_options_ = 
ovs_cmdl_long_options_to_short_options(long_options);
     char *short_options = xasprintf("+%s", short_options_);
     const char *target;
+    char *endptr;
+    int timeout;
     int e_options;
 
     target = NULL;
@@ -165,7 +167,15 @@ parse_command_line(int argc, char *argv[])
             exit(EXIT_SUCCESS);
 
         case 'T':
-            time_alarm(atoi(optarg));
+            errno = 0;
+            timeout = strtol(optarg, &endptr, 10);
+            if ((endptr != optarg && *endptr != '\0') || errno == ERANGE ||
+                             timeout <= 0) {
+                ovs_fatal(0, "timeout value %s on -t or --timeout is invalid",
+                               optarg);
+            } else {
+                time_alarm(timeout);
+            }
             break;
 
         case 'V':
-- 
2.4.11

_______________________________________________
dev mailing list
dev@openvswitch.org
http://openvswitch.org/mailman/listinfo/dev

Reply via email to