util/nvmutil: do cmd bound check

instead of simply checking null, just do a bound check. this would also cover NULL (-1) Signed-off-by: Leah Rowe <leah@libreboot.org>
author: Leah Rowe <leah@libreboot.org> 2026-03-08 03:26:51 +0000
committer: Leah Rowe <leah@libreboot.org> 2026-03-08 13:31:59 +0000
commit: de1963fdee4fb6a966c7a58b0de55307fbc2312d (patch)
tree: b80ba3ca466e9257ca7c6bb17f5caae7a0b95f0f /util/nvmutil/nvmutil.c
parent: ccc58cefbb4e651c3254c342f01ddaecb3fcc4b1 (diff)
1 files changed, 15 insertions, 2 deletions
diff --git a/util/nvmutil/nvmutil.c b/util/nvmutil/nvmutil.c
index f68a08d7..361b70b6 100644
--- a/util/nvmutil/nvmutil.c
+++ b/util/nvmutil/nvmutil.c
@@ -350,8 +350,21 @@ set_cmd_args(int argc, char *argv[])
 		part = conv_argv_part_num(argv[3]);
 	}
 
-	if (cmd == CMD_NULL)
-		err(EINVAL, "Bad command");
+	/*
+	 * This will never actually run.
+	 * It's put here as a guard against
+	 * future regressions by maintainers.
+	 *
+	 * The reason this shouldn't run is
+	 * because when a bad command (or no
+	 * command) is given, either the command
+	 * should be treated as a MAC address,
+	 * or if no command is given, a random
+	 * MAC address is used.
+	 */
+
+	if ((size_t)cmd >= items(command))
+		err(EINVAL, "Unhandled command error");
 }
 
 static size_t
author	Leah Rowe <leah@libreboot.org>	2026-03-08 03:26:51 +0000
committer	Leah Rowe <leah@libreboot.org>	2026-03-08 13:31:59 +0000
commit	de1963fdee4fb6a966c7a58b0de55307fbc2312d (patch)
tree	b80ba3ca466e9257ca7c6bb17f5caae7a0b95f0f /util/nvmutil/nvmutil.c
parent	ccc58cefbb4e651c3254c342f01ddaecb3fcc4b1 (diff)