| Message ID | 20170831103601.13500-1-christian.storm@siemens.com |
|---|---|
| State | Accepted |
| Delegated to: | Stefano Babic |
| Headers | show |
| Series | [v2] core: make cmdline parsing more robust | expand |
On 31/08/2017 12:36, Christian Storm wrote: > (1) disallow options' values starting with '-' except for > downloader, webserver, and suricatta doing their own > cmdline parsing. Otherwise, e.g., this command > $ swupdate -l -c -i <file> > installs <file> instead of checking it due to -l's > option value missing. > (2) abort on superfluous non-option cmdline arguments > as SWUpdate doesn't use them, probably an usage error. > (3) check some sensible combinations with suricatta mode > > Signed-off-by: Christian Storm <christian.storm@siemens.com> > --- > core/swupdate.c | 20 ++++++++++++++++++++ > 1 file changed, 20 insertions(+) > > diff --git a/core/swupdate.c b/core/swupdate.c > index b01aadd..1f0ba0d 100644 > --- a/core/swupdate.c > +++ b/core/swupdate.c > @@ -599,6 +599,13 @@ int main(int argc, char **argv) > /* Process options with getopt */ > while ((c = getopt_long(argc, argv, main_options, > long_options, NULL)) != EOF) { > + if (optarg && *optarg == '-' && (c != 'd' && c != 'u' && c != 'w')) { > + /* An option's value starting with '-' is not allowed except > + * for downloader, webserver, and suricatta doing their own > + * argv parsing. > + */ > + c = '?'; > + } > switch (c) { > case 'v': > loglevel = TRACELEVEL; > @@ -680,6 +687,12 @@ int main(int argc, char **argv) > } > } > > + if (optind < argc) { > + /* SWUpdate has no non-option arguments, fail on them */ > + usage(argv[0]); > + exit(1); > + } > + > /* > * Parameters are parsed: now performs plausibility > * tests before starting processes and threads > @@ -698,6 +711,13 @@ int main(int argc, char **argv) > exit(1); > } > > +#ifdef CONFIG_SURICATTA > + if (opt_u && (opt_c || opt_i)) { > + fprintf(stderr, "invalid mode combination with suricatta.\n"); > + exit(1); > + } > +#endif > + > swupdate_crypto_init(); > > if (strlen(swcfg.globals.publickeyfname)) { > Applied to -master, thanks ! Best regards, Stefano Babic
diff --git a/core/swupdate.c b/core/swupdate.c index b01aadd..1f0ba0d 100644 --- a/core/swupdate.c +++ b/core/swupdate.c @@ -599,6 +599,13 @@ int main(int argc, char **argv) /* Process options with getopt */ while ((c = getopt_long(argc, argv, main_options, long_options, NULL)) != EOF) { + if (optarg && *optarg == '-' && (c != 'd' && c != 'u' && c != 'w')) { + /* An option's value starting with '-' is not allowed except + * for downloader, webserver, and suricatta doing their own + * argv parsing. + */ + c = '?'; + } switch (c) { case 'v': loglevel = TRACELEVEL; @@ -680,6 +687,12 @@ int main(int argc, char **argv) } } + if (optind < argc) { + /* SWUpdate has no non-option arguments, fail on them */ + usage(argv[0]); + exit(1); + } + /* * Parameters are parsed: now performs plausibility * tests before starting processes and threads @@ -698,6 +711,13 @@ int main(int argc, char **argv) exit(1); } +#ifdef CONFIG_SURICATTA + if (opt_u && (opt_c || opt_i)) { + fprintf(stderr, "invalid mode combination with suricatta.\n"); + exit(1); + } +#endif + swupdate_crypto_init(); if (strlen(swcfg.globals.publickeyfname)) {
(1) disallow options' values starting with '-' except for downloader, webserver, and suricatta doing their own cmdline parsing. Otherwise, e.g., this command $ swupdate -l -c -i <file> installs <file> instead of checking it due to -l's option value missing. (2) abort on superfluous non-option cmdline arguments as SWUpdate doesn't use them, probably an usage error. (3) check some sensible combinations with suricatta mode Signed-off-by: Christian Storm <christian.storm@siemens.com> --- core/swupdate.c | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+)