From patchwork Tue Jun 26 16:20:57 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sam Protsenko X-Patchwork-Id: 140013 Delivered-To: patch@linaro.org Received: by 2002:a2e:970d:0:0:0:0:0 with SMTP id r13-v6csp5443212lji; Tue, 26 Jun 2018 09:21:05 -0700 (PDT) X-Google-Smtp-Source: AAOMgpeTu58iHsIVZ4r0Rt9Qyfmz3XewiNxf3i7dP41IOwtTRKndOi/4Cw+nlLaL4Sdb4W6AGvFu X-Received: by 2002:a50:cc01:: with SMTP id m1-v6mr2439589edi.171.1530030065430; Tue, 26 Jun 2018 09:21:05 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1530030065; cv=none; d=google.com; s=arc-20160816; b=ao3FAiCsuHFMOofBxn0Ki02kGy1F1JWJHMZHhrEoIFVAySObn8UCHyGixVsnbv+pAu fT8sTdooacdLgzlU8u30Uii2juksOpdLL3urVwKU970AKaboa/MLovUSY38BdHKkM1gp aQqunQeFNecl4DxnRwuAipkYQTCB6xIqimNmhve/dSoCqy11/s/9rgn1FOQkhO+DzFQh PnZKIj9Leic1srw2JqExvF7I5SdcexlVrZCQMwdXo/pfLNALa/NbbzdHOcDSNs8YaBVr oH8dVrdiuWs/2k6UJYI4tBE3uZAVVSX6F2LA9v6g+LY5l1PysQ9OR12nTRGZmLVfGamk blqg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:content-transfer-encoding:mime-version :list-subscribe:list-help:list-post:list-archive:list-unsubscribe :list-id:precedence:subject:cc:message-id:date:to:from :dkim-signature:arc-authentication-results; bh=ATU3pToVw662NR7mm2MUTXNrBCsQAYvSYomBmqKrM34=; b=y+c9p23QGUP53SlM+7AggegwLOfuCojcGQymF55dDuWsbGRvs+Ox60Ox2eQl0v5qet KPzBeyJrhiSHSdUUVBCkOmgr3Zf/YyMmiymLSSYK8+GrAwD0CBaKxEFaYTWjB6HEHyw/ pzik+Wkr9GLR+/9084KODvrSZTQgBknvDUIod6ZeYTrg6E38iUNd7jarcy1HXEBs8GOw ElmWdGCsnjxnlnMowYjfBdpwAXzwZcGW40U801k3471p9E1yCdc5fpAYxCs2JsfqE2yM ly3jDZ5wcDx6sMsEJE9GgZ5B/yWVvDwHR7JsElnCv3hlHzqtJE4K1/BmFb7cR8HtrqOB lNlA== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@linaro.org header.s=google header.b=QHhWymyB; spf=pass (google.com: best guess record for domain of u-boot-bounces@lists.denx.de designates 81.169.180.215 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from lists.denx.de (dione.denx.de. [81.169.180.215]) by mx.google.com with ESMTP id 92-v6si527255edg.337.2018.06.26.09.21.04; Tue, 26 Jun 2018 09:21:05 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of u-boot-bounces@lists.denx.de designates 81.169.180.215 as permitted sender) client-ip=81.169.180.215; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@linaro.org header.s=google header.b=QHhWymyB; spf=pass (google.com: best guess record for domain of u-boot-bounces@lists.denx.de designates 81.169.180.215 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: by lists.denx.de (Postfix, from userid 105) id 9C392C21DD4; Tue, 26 Jun 2018 16:21:04 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de X-Spam-Level: X-Spam-Status: No, score=0.0 required=5.0 tests=RCVD_IN_MSPIKE_H2, T_DKIM_INVALID autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.denx.de (localhost [IPv6:::1]) by lists.denx.de (Postfix) with ESMTP id 5D310C21C2C; Tue, 26 Jun 2018 16:21:02 +0000 (UTC) Received: by lists.denx.de (Postfix, from userid 105) id A2B91C21C2C; Tue, 26 Jun 2018 16:21:01 +0000 (UTC) Received: from mail-lj1-f193.google.com (mail-lj1-f193.google.com [209.85.208.193]) by lists.denx.de (Postfix) with ESMTPS id B155FC21C27 for ; Tue, 26 Jun 2018 16:20:59 +0000 (UTC) Received: by mail-lj1-f193.google.com with SMTP id u6-v6so6086519lju.13 for ; Tue, 26 Jun 2018 09:20:59 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id; bh=MsgSJ0FD6geAWcGNgmJK5tVDqtPJiW4UbqNM/EGAxh0=; b=QHhWymyBk7B04PjgZXngtxaGv0mh6MGyndMQ1p1wyesdlQpscxulcpjbXq99MV3AeX g31jI1B7BusjrNPhnSyUqLEW9Czae2MyC0En4i0FRuDXw8aYszeG5nnaynEePCA1+gcu 5GnnJ9rOvl77dsUcylnsB/Dck2CdJwbGdgNag= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=MsgSJ0FD6geAWcGNgmJK5tVDqtPJiW4UbqNM/EGAxh0=; b=DbXBhbSlM0t0FrQ51VXjklczf9irFPU7QSth3vzkNPmahmlMoNa/WxbuEc5yAhQF+D Qe255LXMEsZqPoSFDcpuDhoiL3B//auhfYP+VIpX8llla3sPVoxWkTSU9mrd7NPuhy/g 8sNJM6HZQlqT+kd2uuQ2fYi2Wog0uzYFVqSKUt7dYtmQk1cUe2j2jD4en2egLhTQ6YRm YUy3qt5G81c3jRwcdVBGTP5QmzjPWuG7ciZRt51JUdhhlFUPr/D5RfnAxQsACRuzO8dY /CO3DBDTM04EqJvVSwfX1+71AB+tgPVbwCgHdDWcKu3V4mAJr1qdmosE2v7EVlc8Bd9B edEg== X-Gm-Message-State: APt69E1M2mR1Fxy78XMM6d5wsxJ8cyeULhXLGL4Y6UPsJ23ZIsOEked0 RO2cnBS3mPo4m5xmbY/zf5jWLDSVOk8= X-Received: by 2002:a2e:59d1:: with SMTP id g78-v6mr1571033ljf.79.1530030058876; Tue, 26 Jun 2018 09:20:58 -0700 (PDT) Received: from localhost ([195.238.92.132]) by smtp.gmail.com with ESMTPSA id 66-v6sm317767ljz.28.2018.06.26.09.20.57 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Tue, 26 Jun 2018 09:20:58 -0700 (PDT) From: Sam Protsenko To: u-boot@lists.denx.de Date: Tue, 26 Jun 2018 19:20:57 +0300 Message-Id: <20180626162057.16043-1-semen.protsenko@linaro.org> X-Mailer: git-send-email 2.17.1 Cc: Tom Rini , Jocelyn Bohr Subject: [U-Boot] [PATCH] cmd: fastboot: Validate user input X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.18 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" In case when user provides '-' as USB controller index, like this: => fastboot - data abort occurs in strcmp() function in do_fastboot(), here: if (!strcmp(argv[1], "udp")) That's because argv[1] is NULL when user types in the '-', and null pointer dereference occurs in strcmp() (which is ok according to C standard specification). So we must validate user input to prevent such behavior. While at it, check also the result of strtoul() function and handle error cases properly. Signed-off-by: Sam Protsenko Reviewed-by: Simon Glass --- cmd/fastboot.c | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/cmd/fastboot.c b/cmd/fastboot.c index e6ae0570d5..dab686eef4 100644 --- a/cmd/fastboot.c +++ b/cmd/fastboot.c @@ -38,13 +38,18 @@ static int do_fastboot_usb(int argc, char *const argv[], #if CONFIG_IS_ENABLED(USB_FUNCTION_FASTBOOT) int controller_index; char *usb_controller; + char *endp; int ret; if (argc < 2) return CMD_RET_USAGE; usb_controller = argv[1]; - controller_index = simple_strtoul(usb_controller, NULL, 0); + controller_index = simple_strtoul(usb_controller, &endp, 0); + if (*endp != '\0') { + pr_err("Error: Wrong USB controller index format\n"); + return CMD_RET_FAILURE; + } ret = board_usb_init(controller_index, USB_INIT_DEVICE); if (ret) { @@ -120,6 +125,12 @@ NXTARG: ; } + /* Handle case when USB controller param is just '-' */ + if (!argv[1]) { + pr_err("Error: Incorrect USB controller index\n"); + return CMD_RET_USAGE; + } + fastboot_init((void *)buf_addr, buf_size); if (!strcmp(argv[1], "udp"))