From bb4e5a7a62ce7322beaac55d3f14528bde43eec0 Mon Sep 17 00:00:00 2001 From: Thomas Haller Date: Sun, 17 Mar 2019 12:59:40 +0100 Subject: [PATCH] cli: don't treat empty string as valid number in nmc_string_to_uint_base() How hard can it be to use strtol()? Apparently very. You need to check errno, the endpointer, and also not pass in an empty string. Previously, nmc_string_to_uint_base() would silently accept "" as valid number. That's a bug. Btw, let's not use strtol() (or nmc_string_to_uint*()). We have _nm_utils_ascii_str_to_int64(), which gets all of this right. --- clients/common/nm-client-utils.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/clients/common/nm-client-utils.c b/clients/common/nm-client-utils.c index 1241131a11..0a155dae40 100644 --- a/clients/common/nm-client-utils.c +++ b/clients/common/nm-client-utils.c @@ -82,6 +82,10 @@ nmc_string_to_uint_base (const char *str, char *end; unsigned long int tmp; + if (!str || !str[0]) + return FALSE; + + /* FIXME: don't use this function, replace by _nm_utils_ascii_str_to_int64() */ errno = 0; tmp = strtoul (str, &end, base); if (errno || *end != '\0' || (range_check && (tmp < min || tmp > max))) {