From a7c633e586d7dd5d560fc0d64937e4d6204536e0 Mon Sep 17 00:00:00 2001 From: Andy Shevchenko Date: Wed, 9 Aug 2023 14:52:07 +0800 Subject: [PATCH] lib/cmdline: fix get_option() for strings starting with hyphen mainline inclusion from mainline-v5.11-rc1 commit e291851d65495739e4eede33b6bc387bb546a19b category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/I7R8MK CVE: NA Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=e291851d65495739e4eede33b6bc387bb546a19b -------------------------------- When string doesn't have an integer and starts from hyphen get_option() may return interesting results. Fix it to return 0. The simple_strtoull() is used due to absence of simple_strtoul() in a boot code on some architectures. Note, the Fixes tag below is rather for anthropological curiosity. Link: https://lkml.kernel.org/r/20201112180732.75589-4-andriy.shevchenko@linux.intel.com Fixes: f68565831e72 ("Import 2.4.0-test2pre3") Signed-off-by: Andy Shevchenko Cc: Brendan Higgins Cc: David Gow Cc: Mark Brown Cc: Matti Vaittinen Cc: Shuah Khan Cc: Vitor Massaru Iha Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds Signed-off-by: Guo Mengqi --- lib/cmdline.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/lib/cmdline.c b/lib/cmdline.c index 75cb23b0ee69..06d75efb7348 100644 --- a/lib/cmdline.c +++ b/lib/cmdline.c @@ -45,6 +45,9 @@ static int get_range(char **str, int *pint, int n) * 1 - int found, no subsequent comma * 2 - int found including a subsequent comma * 3 - hyphen found to denote a range + * + * Leading hyphen without integer is no integer case, but we consume it + * for the sake of simplification. */ int get_option(char **str, int *pint) @@ -53,7 +56,10 @@ int get_option(char **str, int *pint) if (!cur || !(*cur)) return 0; - *pint = simple_strtol(cur, str, 0); + if (*cur == '-') + *pint = -simple_strtoull(++cur, str, 0); + else + *pint = simple_strtoull(cur, str, 0); if (cur == *str) return 0; if (**str == ',') { -- GitLab