commit 134ff3844a1d5cc043fedc8ab359643b246679d2
parent 1bf4878630654003cb89c9dd86cf0fe57d9ae976
Author: Christian Grothoff <grothoff@gnunet.org>
Date: Wed, 15 Jul 2026 23:49:12 +0200
be more strict on client_id input validation
Diffstat:
1 file changed, 8 insertions(+), 5 deletions(-)
diff --git a/src/challenger/challenger-admin.c b/src/challenger/challenger-admin.c
@@ -162,12 +162,15 @@ run (void *cls,
unsigned long long row_id;
char dummy;
- if (1 !=
- sscanf (client_id,
- "%llu%c",
- &row_id,
- &dummy))
+ if ( (! isdigit ((unsigned char) client_id[0])) ||
+ (1 !=
+ sscanf (client_id,
+ "%llu%c",
+ &row_id,
+ &dummy)) )
{
+ /* Guard against the leading-sign / whitespace that strtoull (and thus
+ sscanf "%llu") would otherwise accept, so e.g. "-5" is rejected. */
fprintf (stderr,
"CLIENT_ID must be a positive number\n");
global_ret = EXIT_INVALIDARGUMENT;