From 70c50c9243666aedc6a5a7d084600f6b773a709a Mon Sep 17 00:00:00 2001
From: Randall Spangler <rspangler@chromium.org>
Date: Tue, 22 Mar 2011 10:26:49 -0700
Subject: Add error checking for poorly-formed crossystem args

R=petkov@chromium.org
BUG=chromium-os:13322
TEST=manual

The following command lines should cause crossystem to fail with a
warning about a poorly formed parameter:
  crossystem ''
  crossystem '=cros_debug'
  crossystem '?cros_debug'

The following command line should warn that you can't use both = and ?:
  crossystem cros_debug?=0
(that is, it warns, not just compares with '=0')

The following should print 'UNEQUAL'
  crossystem cros_debug? || echo UNEQUAL
(because it's comparing cros_debug with an empty string)

Review URL: http://codereview.chromium.org/6718012

Change-Id: I2e2851515f4914b16aba64065600fb92d9ad1a63
(cherry picked from commit f27583f08361522909e49155d8b14671f644ec85)

Review URL: http://codereview.chromium.org/6675014
---
 utility/crossystem_main.c | 24 +++++++++++++++++++-----
 1 file changed, 19 insertions(+), 5 deletions(-)

diff --git a/utility/crossystem_main.c b/utility/crossystem_main.c
index 53166e48..31634381 100644
--- a/utility/crossystem_main.c
+++ b/utility/crossystem_main.c
@@ -99,6 +99,8 @@ void PrintHelp(const char *progname) {
  * Returns the parameter, or NULL if no match. */
 const Param* FindParam(const char* name) {
   const Param* p;
+  if (!name)
+    return NULL;
   for (p = sys_param_list; p->name; p++) {
     if (!strcasecmp(p->name, name))
       return p;
@@ -220,22 +222,34 @@ int main(int argc, char* argv[]) {
 
   /* Otherwise, loop through params and get/set them */
   for (i = 1; i < argc && retval == 0; i++) {
-    int has_set = (NULL != strchr(argv[i], '='));
-    int has_expect = (NULL != strchr(argv[i], '?'));
+    char* has_set = strchr(argv[i], '=');
+    char* has_expect = strchr(argv[i], '?');
     char* name = strtok(argv[i], "=?");
     char* value = strtok(NULL, "=?");
-    const Param* p = FindParam(name);
-    if (!p) {
-      fprintf(stderr, "Invalid parameter name: %s\n", name);
+    const Param* p;
+
+    /* Make sure args are well-formed. '' or '=foo' or '?foo' not allowed. */
+    if (!name || has_set == argv[i] || has_expect == argv[i]) {
+      fprintf(stderr, "Poorly formed parameter\n");
       PrintHelp(progname);
       return 1;
     }
+    if (!value)
+      value=""; /* Allow setting/checking an empty string ('foo=' or 'foo?') */
     if (has_set && has_expect) {
       fprintf(stderr, "Use either = or ? in a parameter, but not both.\n");
       PrintHelp(progname);
       return 1;
     }
 
+    /* Find the parameter */
+    p = FindParam(name);
+    if (!p) {
+      fprintf(stderr, "Invalid parameter name: %s\n", name);
+      PrintHelp(progname);
+      return 1;
+    }
+
     if (i > 1)
       printf(" ");  /* Output params space-delimited */
     if (has_set)
-- 
cgit v1.2.1