Skip to content

Commit

Permalink
opts: fix potential integer overflow CWE-190, CWE-681
Browse files Browse the repository at this point in the history 
Caught by CodeQL:

> Incorrect conversion of an integer with architecture-dependent bit size
> from strconv.ParseUint to a lower bit size type uint16 without an upper
> bound check.

fixes https://github.com/docker/cli/security/code-scanning/2

Signed-off-by: Sebastiaan van Stijn <[email protected]>
  • Loading branch information
@thaJeztah
thaJeztah committed Oct 23, 2020
1 parent 0641480 commit 5cd19d1
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion opts/weightdevice.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@ func ValidateWeightDevice(val string) (*blkiodev.WeightDevice, error) {
if !strings.HasPrefix(split[0], "/dev/") {
return nil, fmt.Errorf("bad format for device path: %s", val)
}
weight, err := strconv.ParseUint(split[1], 10, 0)
weight, err := strconv.ParseUint(split[1], 10, 16)
if err != nil {
return nil, fmt.Errorf("invalid weight for device: %s", val)
}
Expand Down

0 comments on commit 5cd19d1

Please sign in to comment.