From a190b730ac327d25b23f12c78362e1deefe9b1a5 Mon Sep 17 00:00:00 2001 From: PA4WDH Date: Sun, 21 May 2023 10:46:35 +0200 Subject: Add input validation --- cputemp2maxfreq.c | 27 +++++++++++++++++++++++---- 1 file changed, 23 insertions(+), 4 deletions(-) diff --git a/cputemp2maxfreq.c b/cputemp2maxfreq.c index 163917c..6ea71bf 100644 --- a/cputemp2maxfreq.c +++ b/cputemp2maxfreq.c @@ -10,6 +10,14 @@ #include "failsafe.h" #include "version.h" +// Valid frequencies are between 100MHz and 10GHz +#define VALID_FREQ_MIN 100000 +#define VALID_FREQ_MAX 10000000 + +// Valid temperatures are between 10 and 150 degrees +#define VALID_TEMP_MIN 10000 +#define VALID_TEMP_MAX 150000 + struct s_cpudata cpudata; struct s_config config={"conservative",70000,"/sys/devices/virtual/thermal/thermal_zone0/temp",100000,2000000,10}; @@ -39,9 +47,9 @@ int main() printf("Maximum frequency: %ld\n",cpudata.max_freq); printf("Scaling maximum frequency: %ld\n",cpudata.scale_max); - if ((cpudata.min_freq<100000) || (cpudata.min_freq>10000000) || - (cpudata.max_freq<100000) || (cpudata.max_freq>10000000) || - (cpudata.scale_max<100000) || (cpudata.scale_max>10000000)) + if ((cpudata.min_freqVALID_FREQ_MAX) || + (cpudata.max_freqVALID_FREQ_MAX) || + (cpudata.scale_maxVALID_FREQ_MAX)) { // If we have to fail now, there's not much we can do because we have no data printf("Invalid CPU data, exiting.\n"); @@ -59,9 +67,20 @@ int main() while(1) { +// Get new measurements cpudata.cur_freq=sysfs_read_long_int("/sys/devices/system/cpu/cpufreq/policy0/scaling_cur_freq"); - cpudata.cur_temp=sysfs_read_long_int(config.temp_input); + if ((cpudata.cur_freqVALID_FREQ_MAX)) + { + printf("Invalid current frequency reported by CPU, exiting.\n"); + failsafe(1); + } + cpudata.cur_temp=sysfs_read_long_int(config.temp_input); + if ((cpudata.cur_tempVALID_TEMP_MAX)) + { + printf("Invalid current tempature reported by CPU, exiting.\n"); + failsafe(1); + } DEBUG1_MAIN("Data: %ld %ld %ld %ld %ld\n",cpudata.cur_temp,config.max_temp,cpudata.max_freq,cpudata.scale_max,cpudata.cur_freq); -- cgit v1.2.3