diff options
author | Iwona Klimaszewska <iwona.klimaszewska@intel.com> | 2019-10-23 01:52:55 +0300 |
---|---|---|
committer | Iwona Klimaszewska <iwona.klimaszewska@intel.com> | 2019-11-21 16:35:35 +0300 |
commit | e6604b116afef4cd603956941e299e7bcda4351a (patch) | |
tree | 231ee4aba4dcc2e468667644d46f74e3b87da1e2 /redfish-core/lib/certificate_service.hpp | |
parent | fd4859a7fba462b9762ac948702a1e768c66848f (diff) | |
download | bmcweb-e6604b116afef4cd603956941e299e7bcda4351a.tar.xz |
Fix extracting certificate id
std::strtol() expects null-terminated string. This means that passing
string_view.data() to it may cause undefined behaviour.
Let's fix it by using boost::convert instead.
Tested: Manually by sending valid requests and looking for empty
responses.
Change-Id: I319277551b5e85586783afdc8c86e4a7d8db876e
Signed-off-by: Iwona Klimaszewska <iwona.klimaszewska@intel.com>
Diffstat (limited to 'redfish-core/lib/certificate_service.hpp')
-rw-r--r-- | redfish-core/lib/certificate_service.hpp | 13 |
1 files changed, 6 insertions, 7 deletions
diff --git a/redfish-core/lib/certificate_service.hpp b/redfish-core/lib/certificate_service.hpp index 9b4f60ec62..f82363bc3a 100644 --- a/redfish-core/lib/certificate_service.hpp +++ b/redfish-core/lib/certificate_service.hpp @@ -17,6 +17,8 @@ #include "node.hpp" +#include <boost/convert.hpp> +#include <boost/convert/strtol.hpp> #include <variant> namespace redfish { @@ -104,17 +106,14 @@ long getIDFromURL(const std::string_view url) { return -1; } + if ((found + 1) < url.length()) { - char *endPtr; std::string_view str = url.substr(found + 1); - long value = std::strtol(str.data(), &endPtr, 10); - if (endPtr != str.end()) - { - return -1; - } - return value; + + return boost::convert<long>(str, boost::cnv::strtol()).value_or(-1); } + return -1; } |