Check data from getenv("LIBNFC_LOG_LEVEL") and config file

Problem reported by Coverity:
CID 1090344 (#1 of 1): Use of untrusted string value (TAINTED_STRING)
. tainted_string: Passing tainted string "res->log_level" to "log_init(nfc_context const *)", which cannot accept tainted data.[show details]
This commit is contained in:
Philippe Teuwen 2013-09-22 19:32:37 +02:00
parent 9bb568b799
commit 846189b62c
3 changed files with 12 additions and 3 deletions

View file

@ -125,7 +125,10 @@ conf_keyvalue_context(void *data, const char *key, const char *value)
} else if (strcmp(key, "allow_intrusive_scan") == 0) { } else if (strcmp(key, "allow_intrusive_scan") == 0) {
string_as_boolean(value, &(context->allow_intrusive_scan)); string_as_boolean(value, &(context->allow_intrusive_scan));
} else if (strcmp(key, "log_level") == 0) { } else if (strcmp(key, "log_level") == 0) {
context->log_level = atoi(value); int i = atoi(value);
if (i < 0) i = 0;
if (i > 3) i = 3;
context->log_level = i;
} else if (strcmp(key, "device.name") == 0) { } else if (strcmp(key, "device.name") == 0) {
if ((context->user_defined_device_count == 0) || strcmp(context->user_defined_devices[context->user_defined_device_count - 1].name, "") != 0) { if ((context->user_defined_device_count == 0) || strcmp(context->user_defined_devices[context->user_defined_device_count - 1].name, "") != 0) {
if (context->user_defined_device_count >= MAX_USER_DEFINED_DEVICES) { if (context->user_defined_device_count >= MAX_USER_DEFINED_DEVICES) {

View file

@ -87,7 +87,10 @@ log_put(const uint8_t group, const char *category, const uint8_t priority, const
log_level = 1; log_level = 1;
#endif #endif
} else { } else {
log_level = atoi(env_log_level); int i = atoi(env_log_level);
if (i < 0) i = 0;
if (i > 3) i = 3;
log_level = i;
} }
// printf("log_level = %"PRIu32" group = %"PRIu8" priority = %"PRIu8"\n", log_level, group, priority); // printf("log_level = %"PRIu32" group = %"PRIu8" priority = %"PRIu8"\n", log_level, group, priority);

View file

@ -121,7 +121,10 @@ nfc_context_new(void)
// log level // log level
envvar = getenv("LIBNFC_LOG_LEVEL"); envvar = getenv("LIBNFC_LOG_LEVEL");
if (envvar) { if (envvar) {
res->log_level = atoi(envvar); int i = atoi(envvar);
if (i < 0) i = 0;
if (i > 3) i = 3;
res->log_level = i;
} }
#endif // ENVVARS #endif // ENVVARS