1. Patchew
  2. linux
  3. View series

[PATCH v2] ACPI: tools: pfrut: Check if the input of level and type is in the right numeric range

Chen Yu posted 1 patch 3 years, 1 month ago
There is a newer version of this series
tools/power/acpi/tools/pfrut/pfrut.c | 16 +++++++++++++---
1 file changed, 13 insertions(+), 3 deletions(-)
[PATCH v2] ACPI: tools: pfrut: Check if the input of level and type is in the right numeric range
Posted by Chen Yu 3 years, 1 month ago 
The user provides arbitrary non-numeic value to level and type, which could
bring expected bahavior. In this case the expected behavior would be to throw
an error.

 pfrut -h
usage: pfrut [OPTIONS]
code injection:
-l, --load
-s, --stage
-a, --activate
-u, --update [stage and activate]
-q, --query
-d, --revid
update telemetry:
-G, --getloginfo
-T, --type(0:execution, 1:history)
-L, --level(0, 1, 2, 4)
-R, --read
-D, --revid log

 pfrut -T A
 pfrut -G
log_level:0
log_type:0
log_revid:2
max_data_size:65536
chunk1_size:0
chunk2_size:1530
rollover_cnt:0
reset_cnt:17

Fix this by restricting the input to be in the expected range.

Reported-by: Hariganesh Govindarajulu <hariganesh.govindarajulu@intel.com>
Suggested-by: "Rafael J. Wysocki" <rafael.j.wysocki@intel.com>
Signed-off-by: Chen Yu <yu.c.chen@intel.com>
---
 tools/power/acpi/tools/pfrut/pfrut.c | 16 +++++++++++++---
 1 file changed, 13 insertions(+), 3 deletions(-)

diff --git a/tools/power/acpi/tools/pfrut/pfrut.c b/tools/power/acpi/tools/pfrut/pfrut.c
index 52aa0351533c..13161a6e672d 100644
--- a/tools/power/acpi/tools/pfrut/pfrut.c
+++ b/tools/power/acpi/tools/pfrut/pfrut.c
@@ -97,7 +97,7 @@ static struct option long_options[] = {
 static void parse_options(int argc, char **argv)
 {
 	int option_index = 0;
-	char *pathname;
+	char *pathname, *endptr;
 	int opt;
 
 	pathname = strdup(argv[0]);
@@ -125,11 +125,21 @@ static void parse_options(int argc, char **argv)
 			log_getinfo = 1;
 			break;
 		case 'T':
-			log_type = atoi(optarg);
+			log_type = strtol(optarg, &endptr, 0);
+			if(*endptr || (log_type != 0 && log_type != 1)) {
+				printf("Please provide numeric value for type (0:execution, 1:history) - Exiting.\n");
+				exit(1);
+			}
+
 			set_log_type = 1;
 			break;
 		case 'L':
-			log_level = atoi(optarg);
+			log_level = strtol(optarg, &endptr, 0);
+			if(*endptr || (log_level != 0 && log_level != 1 && log_level != 2 && log_level != 4)) {
+				printf("Please provide numeric value for level (0, 1, 2, 4) - Exiting.\n");
+				exit(1);
+			}
+
 			set_log_level = 1;
 			break;
 		case 'R':
-- 
2.25.1
Re: [PATCH v2] ACPI: tools: pfrut: Check if the input of level and type is in the right numeric range
Posted by Chen Yu 3 years, 1 month ago 
On 2023-03-08 at 21:09:02 +0800, Chen Yu wrote:
> The user provides arbitrary non-numeic value to level and type, which could
> bring expected bahavior. In this case the expected behavior would be to throw
> an error.
> 
>  pfrut -h
> usage: pfrut [OPTIONS]
> code injection:
> -l, --load
> -s, --stage
> -a, --activate
> -u, --update [stage and activate]
> -q, --query
> -d, --revid
> update telemetry:
> -G, --getloginfo
> -T, --type(0:execution, 1:history)
> -L, --level(0, 1, 2, 4)
> -R, --read
> -D, --revid log
> 
>  pfrut -T A
>  pfrut -G
> log_level:0
> log_type:0
> log_revid:2
> max_data_size:65536
> chunk1_size:0
> chunk2_size:1530
> rollover_cnt:0
> reset_cnt:17
> 
> Fix this by restricting the input to be in the expected range.
> 
> Reported-by: Hariganesh Govindarajulu <hariganesh.govindarajulu@intel.com>
> Suggested-by: "Rafael J. Wysocki" <rafael.j.wysocki@intel.com>
> Signed-off-by: Chen Yu <yu.c.chen@intel.com>
>
Please ignore this version due to broken format, I'll send a new one.
Sorry for the noise.

thanks,
Chenyu

Patchew 2.1-devel-ea86937

© 2016 - 2026 Red Hat, Inc.