[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH v8 10/12] uuid: Tighten uuid parse
From: |
Jeff Cody |
Subject: |
Re: [Qemu-devel] [PATCH v8 10/12] uuid: Tighten uuid parse |
Date: |
Sun, 18 Sep 2016 23:44:04 -0400 |
User-agent: |
Mutt/1.5.24 (2015-08-30) |
On Sun, Sep 18, 2016 at 12:25:30PM +0800, Fam Zheng wrote:
> sscanf is relatively loose (tolerate) on some invalid formats that we
> should fail instead of generating a wrong uuid structure, like with
> whitespaces and short strings.
>
> Add and use a helper function to first check the format.
>
> Signed-off-by: Fam Zheng <address@hidden>
> ---
> util/uuid.c | 24 +++++++++++++++++++++++-
> 1 file changed, 23 insertions(+), 1 deletion(-)
>
> diff --git a/util/uuid.c b/util/uuid.c
> index 4701903..dd6b5fd 100644
> --- a/util/uuid.c
> +++ b/util/uuid.c
> @@ -61,12 +61,34 @@ char *qemu_uuid_unparse_strdup(const QemuUUID *uuid)
> uu[13], uu[14], uu[15]);
> }
>
> +static bool qemu_uuid_is_valid(const char *str)
> +{
> + int i;
> +
> + for (i = 0; i < strlen(str); i++) {
> + const char c = str[i];
> + if (i == 8 || i == 13 || i == 18 || i == 23) {
> + if (str[i] != '-') {
> + return false;
> + }
> + } else {
> + if ((c >= '0' && c <= '9') ||
> + (c >= 'A' && c <= 'F') ||
> + (c >= 'a' && c <= 'f')) {
> + continue;
> + }
> + return false;
> + }
> + }
> + return i == 36;
> +}
> +
Doesn't verify variant / version, but it is a lot better than what was
before.
Reviewed-by: Jeff Cody <address@hidden>
> int qemu_uuid_parse(const char *str, QemuUUID *uuid)
> {
> unsigned char *uu = &uuid->data[0];
> int ret;
>
> - if (strlen(str) != 36) {
> + if (!qemu_uuid_is_valid(str)) {
> return -1;
> }
>
> --
> 2.7.4
>
>
- Re: [Qemu-devel] [PATCH v8 05/12] vpc: Use QEMU UUID API, (continued)
- [Qemu-devel] [PATCH v8 06/12] crypto: Switch to QEMU UUID API, Fam Zheng, 2016/09/18
- [Qemu-devel] [PATCH v8 07/12] tests: No longer dependent on CONFIG_UUID, Fam Zheng, 2016/09/18
- [Qemu-devel] [PATCH v8 08/12] configure: Remove detection code for UUID, Fam Zheng, 2016/09/18
- [Qemu-devel] [PATCH v8 09/12] vl: Switch qemu_uuid to QemuUUID, Fam Zheng, 2016/09/18
- [Qemu-devel] [PATCH v8 10/12] uuid: Tighten uuid parse, Fam Zheng, 2016/09/18
- [Qemu-devel] [PATCH v8 11/12] tests: Add uuid tests, Fam Zheng, 2016/09/18
- [Qemu-devel] [PATCH v8 12/12] Add UUID files to MAINTAINERS, Fam Zheng, 2016/09/18