From: Dan McGee <dan-fd97jBR+K/6hPH1hqNUYSQ@public.gmane.org>
To: linux-nilfs-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
Subject: [PATCH 6/7] rmcp/chcp: sanity check for positive checkpoint number
Date: Wed, 21 Dec 2011 15:34:08 -0600 [thread overview]
Message-ID: <1324503249-17432-7-git-send-email-dan@archlinux.org> (raw)
In-Reply-To: <1324503249-17432-1-git-send-email-dan-fd97jBR+K/6hPH1hqNUYSQ@public.gmane.org>
These two utilities parse a command line argument with either a
checkpoint number or range. Unfortunately, an unchecked strtoull() call
happily parses a negative number (casting it to a really large unsigned
number).
For rmcp, ensure the single number or range passed in is not negative.
Before, this caused a near-infinite loop with a command such as
`rmcp -- -1`.
For chcp, also ensure the passed in number is not negative by using the
new helper function introduced for the range validation,
nilfs_parse_cno().
Signed-off-by: Dan McGee <dan-fd97jBR+K/6hPH1hqNUYSQ@public.gmane.org>
---
Some other commands to try for fuzz testing:
$ rmcp -- '-234'
$ rmcp -- ' -234'
$ rmcp 4135860689012436789324689324061328960812949788907
bin/Makefile.am | 2 +-
bin/chcp.c | 7 ++++---
include/cno.h | 1 +
lib/cno.c | 29 +++++++++++++++++++++--------
4 files changed, 27 insertions(+), 12 deletions(-)
diff --git a/bin/Makefile.am b/bin/Makefile.am
index 78928d0..32b6ee8 100644
--- a/bin/Makefile.am
+++ b/bin/Makefile.am
@@ -7,7 +7,7 @@ LDADD = $(top_builddir)/lib/libnilfs.la
bin_PROGRAMS = chcp dumpseg lscp lssu mkcp rmcp
chcp_SOURCES = chcp.c
-chcp_LDADD = $(LDADD) $(LIB_POSIX_SEM)
+chcp_LDADD = $(LDADD) $(LIB_POSIX_SEM) $(top_builddir)/lib/libcno.la
dumpseg_SOURCES = dumpseg.c
diff --git a/bin/chcp.c b/bin/chcp.c
index 13a73d7..a7072ef 100644
--- a/bin/chcp.c
+++ b/bin/chcp.c
@@ -49,6 +49,7 @@
#include <errno.h>
#include <signal.h>
#include "nilfs.h"
+#include "cno.h"
#define CHCP_MODE_CP "cp"
@@ -121,7 +122,7 @@ int main(int argc, char *argv[])
dev = NULL;
} else {
modestr = argv[optind++];
- strtoul(argv[optind], &endptr, CHCP_BASE);
+ nilfs_parse_cno(argv[optind], &endptr, CHCP_BASE);
if (*endptr == '\0')
dev = NULL;
else
@@ -178,8 +179,8 @@ int main(int argc, char *argv[])
break;
}
- cno = strtoul(argv[optind], &endptr, CHCP_BASE);
- if (*endptr != '\0') {
+ cno = nilfs_parse_cno(argv[optind], &endptr, CHCP_BASE);
+ if (cno >= NILFS_CNO_MAX || *endptr != '\0') {
fprintf(stderr, "%s: %s: invalid checkpoint number\n",
progname, argv[optind]);
status = 1;
diff --git a/include/cno.h b/include/cno.h
index 2d5c4af..79a327f 100644
--- a/include/cno.h
+++ b/include/cno.h
@@ -10,6 +10,7 @@
#ifndef NILFS_CNO_H
#define NILFS_CNO_H
+extern nilfs_cno_t nilfs_parse_cno(const char *arg, char **endptr, int base);
extern int nilfs_parse_cno_range(const char *arg, __u64 *start, __u64 *end,
int base);
diff --git a/lib/cno.c b/lib/cno.c
index 2391f0b..7dcdb71 100644
--- a/lib/cno.c
+++ b/lib/cno.c
@@ -35,8 +35,21 @@
#endif /* HAVE_STRING_H */
#include <assert.h>
+#include <ctype.h>
#include "nilfs.h"
+nilfs_cno_t nilfs_parse_cno(const char *arg, char **endptr, int base)
+{
+ /* ensure the number we are about to parse is not negative, which
+ * strtoull() will happily accept and cast to an unsigned value. */
+ while (isspace(*arg))
+ arg++;
+ if (*arg == '-')
+ return NILFS_CNO_MAX;
+
+ return strtoull(arg, endptr, base);
+}
+
int nilfs_parse_cno_range(const char *arg, __u64 *start, __u64 *end, int base)
{
const char *delim;
@@ -49,8 +62,8 @@ int nilfs_parse_cno_range(const char *arg, __u64 *start, __u64 *end, int base)
if (delim && delim == arg) {
if (arg[2] != '\0') {
/* ..yyy */
- cno = strtoull(arg + 2, &endptr, base);
- if (*endptr == '\0') {
+ cno = nilfs_parse_cno(arg + 2, &endptr, base);
+ if (cno < NILFS_CNO_MAX && *endptr == '\0') {
/* ..CNO */
*start = NILFS_CNO_MIN;
*end = cno;
@@ -59,24 +72,24 @@ int nilfs_parse_cno_range(const char *arg, __u64 *start, __u64 *end, int base)
}
} else if (!delim) {
/* xxx */
- cno = strtoull(arg, &endptr, base);
- if (*endptr == '\0') {
+ cno = nilfs_parse_cno(arg, &endptr, base);
+ if (cno < NILFS_CNO_MAX && *endptr == '\0') {
/* CNO */
*start = *end = cno;
return 0;
}
} else {
/* xxx..yyy */
- cno = strtoull(arg, &endptr, base);
- if (endptr == delim) {
+ cno = nilfs_parse_cno(arg, &endptr, base);
+ if (cno < NILFS_CNO_MAX && endptr == delim) {
if (delim[2] == '\0') {
/* CNO.. */
*start = cno;
*end = NILFS_CNO_MAX;
return 0;
}
- cno2 = strtoull(delim + 2, &endptr, base);
- if (*endptr == '\0') {
+ cno2 = nilfs_parse_cno(delim + 2, &endptr, base);
+ if (cno2 < NILFS_CNO_MAX && *endptr == '\0') {
/* CNO..CNO */
*start = cno;
*end = cno2;
--
1.7.8
--
To unsubscribe from this list: send the line "unsubscribe linux-nilfs" in
the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
next prev parent reply other threads:[~2011-12-21 21:34 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-12-21 21:34 [PATCH 0/7] A handful of small cleanups and improvements Dan McGee
[not found] ` <1324503249-17432-1-git-send-email-dan-fd97jBR+K/6hPH1hqNUYSQ@public.gmane.org>
2011-12-21 21:34 ` [PATCH 1/7] Add .gitignore rules for generated binaries Dan McGee
2011-12-21 21:34 ` [PATCH 2/7] umount.nilfs2 (libmount): send proper error code to complain function Dan McGee
2011-12-21 21:34 ` [PATCH 3/7] Remove kern_compat.h Dan McGee
[not found] ` <1324503249-17432-4-git-send-email-dan-fd97jBR+K/6hPH1hqNUYSQ@public.gmane.org>
2011-12-23 5:25 ` Ryusuke Konishi
2011-12-21 21:34 ` [PATCH 4/7] Alpha sort AC_CHECK_FUNCS list in configure.ac Dan McGee
2011-12-21 21:34 ` [PATCH 5/7] Use strtoull instead of strtoul where applicable Dan McGee
2011-12-21 21:34 ` Dan McGee [this message]
2011-12-21 21:34 ` [PATCH 7/7] rmcp: print sensible error message on permission failure Dan McGee
[not found] ` <1324503249-17432-8-git-send-email-dan-fd97jBR+K/6hPH1hqNUYSQ@public.gmane.org>
2011-12-23 5:56 ` Ryusuke Konishi
[not found] ` <20111223.145629.123971064.ryusuke-sG5X7nlA6pw@public.gmane.org>
2011-12-23 15:00 ` Dan McGee
[not found] ` <CAEik5nNHs1Lp-Wz_p9k_Xt1-CBu4L=Agsf28vVC7iBp4mSsuwA-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2011-12-24 7:20 ` Ryusuke Konishi
[not found] ` <20111224.162041.267403683.ryusuke-sG5X7nlA6pw@public.gmane.org>
2012-01-03 19:46 ` [PATCH] " Dan McGee
[not found] ` <1325619960-9715-1-git-send-email-dan-fd97jBR+K/6hPH1hqNUYSQ@public.gmane.org>
2012-01-05 5:14 ` Ryusuke Konishi
2011-12-22 16:35 ` [PATCH 0/7] A handful of small cleanups and improvements Ryusuke Konishi
[not found] ` <20111223.013541.163265429.ryusuke-sG5X7nlA6pw@public.gmane.org>
2011-12-23 6:40 ` Ryusuke Konishi
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1324503249-17432-7-git-send-email-dan@archlinux.org \
--to=dan-fd97jbr+k/6hph1hqnuysq@public.gmane.org \
--cc=linux-nilfs-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.