Hello everyone,
usbdevs(8) uses atoi(3) to convert a device address given from a
command line argument.
But atoi(3) will return - zero in a case of non-integer value and such
device will be used.
This is kind of unpredictable behaviour to use a device by 0 addr in a
case when wrong
address was given to usbdevs.
Here is the patch which replaces atoi(3) with strtol(3) and prints out
an error message
with EINVAL error code for such cases:
diff --git a/usr.sbin/usbdevs/usbdevs.c b/usr.sbin/usbdevs/usbdevs.c
index e8fe1e7e6f4..526c1eade38 100644
--- a/usr.sbin/usbdevs/usbdevs.c
+++ b/usr.sbin/usbdevs/usbdevs.c
@@ -372,11 +372,14 @@ main(int argc, char **argv)
char *dev = NULL;
int addr = -1;
int ncont;
2+ char *ep;
while ((ch = getopt(argc, argv, "a:df:v?")) != -1) {
switch(ch) {
case 'a':
- addr = atoi(optarg);
+ addr = strtol(optarg, &ep, 10);
+ if (*ep != '\0' || addr < 0)
+ errx(EINVAL, "bad value for device address - %s", optarg);
break;
case 'd':
showdevs++;
Any comments?
Thank you.
