In case when user provides '-' as USB controller index, like this:
=> fastboot -
data abort occurs in strcmp() function in do_fastboot(), here:
if (!strcmp(argv[1], "udp"))
(tested on BeagleBone Black).
That's because argv[1] is NULL when user types in the '-', and null
pointer dereference occurs in strcmp() (which is ok according to C
standard specification). So we must validate user input to prevent such
behavior.
While at it, check also the result of strtoul() function and handle
error cases properly.
Signed-off-by: Sam Protsenko <semen.protsenko@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Lukasz Majewski <lukma@denx.de>
#if CONFIG_IS_ENABLED(USB_FUNCTION_FASTBOOT)
int controller_index;
char *usb_controller;
+ char *endp;
int ret;
if (argc < 2)
return CMD_RET_USAGE;
usb_controller = argv[1];
- controller_index = simple_strtoul(usb_controller, NULL, 0);
+ controller_index = simple_strtoul(usb_controller, &endp, 0);
+ if (*endp != '\0') {
+ pr_err("Error: Wrong USB controller index format\n");
+ return CMD_RET_FAILURE;
+ }
ret = board_usb_init(controller_index, USB_INIT_DEVICE);
if (ret) {
;
}
+ /* Handle case when USB controller param is just '-' */
+ if (argc == 1) {
+ pr_err("Error: Incorrect USB controller index\n");
+ return CMD_RET_USAGE;
+ }
+
fastboot_init((void *)buf_addr, buf_size);
if (!strcmp(argv[1], "udp"))