From a7a96131bd2ea342f6def0e46be514baf8037ae8 Mon Sep 17 00:00:00 2001 From: Lee Duncan Date: Fri, 15 Dec 2017 11:18:35 -0800 Subject: [PATCH] Skip useless strcopy, and validate CIDR length Remove a useless strcpy() that copies a string onto itself, and ensure the CIDR length "keepbits" is not negative. Found by Qualsys. --- iscsiuio/src/unix/iscsid_ipc.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/iscsiuio/src/unix/iscsid_ipc.c b/iscsiuio/src/unix/iscsid_ipc.c index 8478f9a411a3..4e3d065667c9 100644 --- a/iscsiuio/src/unix/iscsid_ipc.c +++ b/iscsiuio/src/unix/iscsid_ipc.c @@ -143,7 +143,7 @@ static int decode_cidr(char *in_ipaddr_str, struct iface_rec_decode *ird) char *tmp, *tok; char ipaddr_str[NI_MAXHOST]; char str[INET6_ADDRSTRLEN]; - int keepbits = 0; + unsigned long keepbits = 0; struct in_addr ia; struct in6_addr ia6; @@ -156,8 +156,7 @@ static int decode_cidr(char *in_ipaddr_str, struct iface_rec_decode *ird) tmp = ipaddr_str; tok = strsep(&tmp, "/"); LOG_INFO(PFX "in cidr: bitmask '%s' ip '%s'", tmp, tok); - keepbits = atoi(tmp); - strcpy(ipaddr_str, tok); + keepbits = strtoull(tmp, NULL, 10); } /* Determine if the IP address passed from the iface file is -- 2.17.2