From e679925bd0c8608ebe24f34917347ad939c6506d Mon Sep 17 00:00:00 2001
From: Alejandro Sirgo Rica <asirgo@soleta.eu>
Date: Fri, 25 Oct 2024 11:53:22 +0200
Subject: src: add safe_strtoull for safe string to number conversion

Add safe_strtoull to validate the execution of strtoull.
Definining the base of the number is required becase partition
codes are base 16 but they lack the 0x prefix.

Replace uses of atoi and strtoull/strtoul and log the conversion
errors.
---
 src/client.c | 22 +++++++++++++++++++---
 1 file changed, 19 insertions(+), 3 deletions(-)

(limited to 'src/client.c')

diff --git a/src/client.c b/src/client.c
index bc66b4b..d1288c4 100644
--- a/src/client.c
+++ b/src/client.c
@@ -14,6 +14,7 @@
 #include "list.h"
 #include "rest.h"
 #include "json.h"
+#include <stdint.h>
 #include <syslog.h>
 #include <sys/ioctl.h>
 #include <ifaddrs.h>
@@ -557,6 +558,7 @@ static bool og_update_client_disk_info(struct og_dbi *dbi,
 	int disk_part_len = 0;
 	char disk_part[1024];
 	const char *msglog;
+	uint64_t part_code;
 	int i;
 
 	if (serial_number && strlen(serial_number) > 0) {
@@ -617,7 +619,12 @@ static bool og_update_client_disk_info(struct og_dbi *dbi,
 			continue;
 		}
 
-		reported_disk.size = strtoull(disks[i].size, NULL, 0);
+		if (safe_strtoull(disks[i].size, &reported_disk.size, 10, UINT64_MAX) < 0) {
+			syslog(LOG_ERR, "failed to parse disk size for disk %d (%s:%d)\n",
+			       i + 1, __func__, __LINE__);
+			return false;
+		}
+
 		cur_disk.size = dbi_result_get_longlong(result, "tamano");
 
 		dbi_result_free(result);
@@ -661,8 +668,17 @@ static bool og_update_client_disk_info(struct og_dbi *dbi,
 			return false;
 		}
 
-		reported_part.size = strtoull(partitions[i].size, NULL, 0);
-		reported_part.code = strtoul(partitions[i].code, NULL, 16);
+		if (safe_strtoull(partitions[i].size, &reported_part.size, 10, UINT64_MAX) < 0) {
+			syslog(LOG_ERR, "failed to parse partition size %s for partition %d (%s:%d)\n",
+			       partitions[i].size, i + 1, __func__, __LINE__);
+			return false;
+		}
+		if (safe_strtoull(partitions[i].code, &part_code, 32, UINT32_MAX) < 0) {
+			syslog(LOG_ERR, "failed to parse partition code %s for partition %d (%s:%d)\n",
+			       partitions[i].code, i + 1, __func__, __LINE__);
+			return false;
+		}
+		reported_part.code = part_code;
 		reported_part.filesystem = get_filesystem_id(partitions[i].filesystem);
 		reported_part.used_size = partitions[i].used_size;
 		reported_part.free_size = partitions[i].free_size;
-- 
cgit v1.2.3-18-g5258