From bfba2f83f522b5305f481b0d5937a7e0afd55582 Mon Sep 17 00:00:00 2001
From: Zdenek Styblik <zdenek.styblik@gmail.com>
Date: Mon, 12 Aug 2013 17:49:07 +0000
Subject: [PATCH] ID: 3528308 - 'lib/ipmi_hpmfwupg.c' - possible int *flow

Commit replaces atoi() call with str2int() and puts a limit on accepted values
for Component ID to <0..7>.
---
 ipmitool/lib/ipmi_hpmfwupg.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/ipmitool/lib/ipmi_hpmfwupg.c b/ipmitool/lib/ipmi_hpmfwupg.c
index a5ed2fd..16d5164 100644
--- a/ipmitool/lib/ipmi_hpmfwupg.c
+++ b/ipmitool/lib/ipmi_hpmfwupg.c
@@ -3855,7 +3855,13 @@ int ipmi_hpmfwupg_main(struct ipmi_intf * intf, int argc, char ** argv)
         {
             if (i+1 < argc)
             {
-                componentId = atoi(argv[i+1]);
+                if (str2int(argv[i+1], &componentId) != 0 ||
+                        componentId < 0 || componentId > 7) {
+                    lprintf(LOG_ERR, "Given Component ID '%s' is invalid.",
+                            argv[i+1]);
+                    lprintf(LOG_ERR, "Valid Compoment ID is: <0..7>");
+                    return (-1);
+                }
                 option &= ~(VERSIONCHECK_MODE);
                 option &= ~(VIEW_MODE);
                 option |= FORCE_MODE_COMPONENT;