diff options
| author | Theodore Ts'o <tytso@mit.edu> | 2007-08-20 22:55:33 -0400 |
|---|---|---|
| committer | Theodore Ts'o <tytso@mit.edu> | 2007-08-20 22:55:33 -0400 |
| commit | 5845caa464d51e1dceeb6282c3a00957ae435de1 (patch) | |
| tree | 5e99d79a358d3bd38dc4e3705badb063997d20a2 /e2fsck | |
| parent | 35246253212357f9c1d6e3bbd3c0765d9c9273c9 (diff) | |
| download | e2fsprogs-5845caa464d51e1dceeb6282c3a00957ae435de1.tar.gz | |
Use sscanf instead of atoi when parsing e2fsck options
atoi() does not check for errors so it shouldn't be used for human
input. For example, if the user enters the command "e2fsck -C -n" and
forgets that -C requires an argument, the -n will be used as the
argument to -C, and not parsed as an option. When using sscanf(),
this error case can be detected.
Addresses-Debian-Bug: #435381
Signed-off-by: Bernd Schubert <bs@q-leap.de>
Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
Diffstat (limited to 'e2fsck')
| -rw-r--r-- | e2fsck/unix.c | 37 |
1 files changed, 31 insertions, 6 deletions
diff --git a/e2fsck/unix.c b/e2fsck/unix.c index 03fa3aeb..f5d85604 100644 --- a/e2fsck/unix.c +++ b/e2fsck/unix.c @@ -585,6 +585,10 @@ static errcode_t PRS(int argc, char *argv[], e2fsck_t *ret_ctx) #endif char *extended_opts = 0; char *cp; + int res; /* result of sscanf */ +#ifdef CONFIG_JBD_DEBUG + char *jbd_debug; +#endif retval = e2fsck_allocate_context(&ctx); if (retval) @@ -614,7 +618,10 @@ static errcode_t PRS(int argc, char *argv[], e2fsck_t *ret_ctx) switch (c) { case 'C': ctx->progress = e2fsck_update_progress; - ctx->progress_fd = atoi(optarg); + res = sscanf(optarg, "%d", &ctx->progress_fd); + if (res != 1) + goto sscanf_err; + if (!ctx->progress_fd) break; /* Validate the file descriptor to avoid disasters */ @@ -674,20 +681,26 @@ static errcode_t PRS(int argc, char *argv[], e2fsck_t *ret_ctx) /* What we do by default, anyway! */ break; case 'b': - ctx->use_superblock = atoi(optarg); + res = sscanf(optarg, "%d", &ctx->use_superblock); + if (res != 1) + goto sscanf_err; ctx->flags |= E2F_FLAG_SB_SPECIFIED; break; case 'B': ctx->blocksize = atoi(optarg); break; case 'I': - ctx->inode_buffer_blocks = atoi(optarg); + res = sscanf(optarg, "%d", &ctx->inode_buffer_blocks); + if (res != 1) + goto sscanf_err; break; case 'j': ctx->journal_name = string_copy(ctx, optarg, 0); break; case 'P': - ctx->process_inode_size = atoi(optarg); + res = sscanf(optarg, "%d", &ctx->process_inode_size); + if (res != 1) + goto sscanf_err; break; case 'L': replace_bad_blocks++; @@ -830,10 +843,22 @@ static errcode_t PRS(int argc, char *argv[], e2fsck_t *ret_ctx) putenv(newpath); } #ifdef CONFIG_JBD_DEBUG - if (getenv("E2FSCK_JBD_DEBUG")) - journal_enable_debug = atoi(getenv("E2FSCK_JBD_DEBUG")); + jbd_debug = getenv("E2FSCK_JBD_DEBUG"); + if (jbd_debug) + res = sscanf(jbd_debug, "%d", &journal_enable_debug); + if (res != 1) { + fprintf(stderr, + _("E2FSCK_JBD_DEBUG \"%s\" not an integer\n\n"), + jbd_debug); + exit (1); + } #endif return 0; + +sscanf_err: + fprintf(stderr, _("\nInvalid non-numeric argument to -%c (\"%s\")\n\n"), + c, optarg); + exit (1); } static const char *my_ver_string = E2FSPROGS_VERSION; |