Guest24897
/
DockerCLI
mirror of https://github.com/docker/cli.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

opts: fix potential integer overflow CWE-190, CWE-681 

Caught by CodeQL:

> Incorrect conversion of an integer with architecture-dependent bit size
> from strconv.ParseUint to a lower bit size type uint16 without an upper
> bound check.

fixes https://github.com/docker/cli/security/code-scanning/2

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This commit is contained in:
Sebastiaan van Stijn 2020-10-24 01:24:08 +02:00
parent 064148042d
commit 5cd19d1fec
No known key found for this signature in database
GPG Key ID: 76698F39D527CE8C
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
opts/weightdevice.go
View File

@ -20,7 +20,7 @@ func ValidateWeightDevice(val string) (*blkiodev.WeightDevice, error) {
if !strings.HasPrefix(split[0], "/dev/") { if !strings.HasPrefix(split[0], "/dev/") {
return nil, fmt.Errorf("bad format for device path: %s", val) return nil, fmt.Errorf("bad format for device path: %s", val)
} }
weight, err := strconv.ParseUint(split[1], 10, 0) weight, err := strconv.ParseUint(split[1], 10, 16)
if err != nil { if err != nil {
return nil, fmt.Errorf("invalid weight for device: %s", val) return nil, fmt.Errorf("invalid weight for device: %s", val)
} }