Re: [PATCH] net: wget: check strict_strtoul() return value

On Tue, 8 Oct 2024 at 03:47, Jerome Forissier jerome.forissier@linaro.org wrote:

Check the return value of strict_strtoul() when processing the Content-Length header as recommended by Coverity [1].

[1] https://lists.denx.de/pipermail/u-boot/2024-October/567050.html

Reported-by: Coverity (CID 510464) Signed-off-by: Jerome Forissier jerome.forissier@linaro.org

---

net/wget.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-)

Reviewed-by: Simon Glass sjg@chromium.org

diff --git a/net/wget.c b/net/wget.c index b4251e0f293..a3821495e03 100644 --- a/net/wget.c +++ b/net/wget.c @@ -256,7 +256,12 @@ static void wget_connected(uchar *pkt, unsigned int tcp_seq_num, content_length = -1; } else { pos += sizeof(content_len) + 2;

•                           strict_strtoul(pos, 10, &content_length);
  

•                           if (strict_strtoul(pos, 10, &content_length) < 0) {
  

•                                   wget_loop_state = NETLOOP_FAIL;
  

•                                   wget_fail("wget: bad Content-Length\n", tcp_seq_num, tcp_ack_num, action);
  

•                                   net_set_state(NETLOOP_FAIL);
  

•                                   return;
  

•                           }
                            debug_cond(DEBUG_WGET,
                                       "wget: Connected Len %lu\n",
                                       content_length);
  

-- 2.40.1