From: Dan McGee <dan-fd97jBR+K/6hPH1hqNUYSQ@public.gmane.org>
To: linux-nilfs-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
Subject: [PATCH 6/7] rmcp/chcp: sanity check for positive checkpoint number
Date: Wed, 21 Dec 2011 15:34:08 -0600 [thread overview]
Message-ID: <1324503249-17432-7-git-send-email-dan@archlinux.org> (raw)
In-Reply-To: <1324503249-17432-1-git-send-email-dan-fd97jBR+K/6hPH1hqNUYSQ@public.gmane.org>
These two utilities parse a command line argument with either a
checkpoint number or range. Unfortunately, an unchecked strtoull() call
happily parses a negative number (casting it to a really large unsigned
number).
For rmcp, ensure the single number or range passed in is not negative.
Before, this caused a near-infinite loop with a command such as
`rmcp -- -1`.
For chcp, also ensure the passed in number is not negative by using the
new helper function introduced for the range validation,
nilfs_parse_cno().
Signed-off-by: Dan McGee <dan-fd97jBR+K/6hPH1hqNUYSQ@public.gmane.org>
---
Some other commands to try for fuzz testing:
$ rmcp -- '-234'
$ rmcp -- ' -234'
$ rmcp 4135860689012436789324689324061328960812949788907
bin/Makefile.am | 2 +-
bin/chcp.c | 7 ++++---
include/cno.h | 1 +
lib/cno.c | 29 +++++++++++++++++++++--------
4 files changed, 27 insertions(+), 12 deletions(-)
diff --git a/bin/Makefile.am b/bin/Makefile.am
index 78928d0..32b6ee8 100644
--- a/bin/Makefile.am
+++ b/bin/Makefile.am
@@ -7,7 +7,7 @@ LDADD = $(top_builddir)/lib/libnilfs.la
bin_PROGRAMS = chcp dumpseg lscp lssu mkcp rmcp
chcp_SOURCES = chcp.c
-chcp_LDADD = $(LDADD) $(LIB_POSIX_SEM)
+chcp_LDADD = $(LDADD) $(LIB_POSIX_SEM) $(top_builddir)/lib/libcno.la
dumpseg_SOURCES = dumpseg.c
diff --git a/bin/chcp.c b/bin/chcp.c
index 13a73d7..a7072ef 100644
--- a/bin/chcp.c
+++ b/bin/chcp.c
@@ -49,6 +49,7 @@
#include <errno.h>
#include <signal.h>
#include "nilfs.h"
+#include "cno.h"
#define CHCP_MODE_CP "cp"
@@ -121,7 +122,7 @@ int main(int argc, char *argv[])
dev = NULL;
} else {
modestr = argv[optind++];
- strtoul(argv[optind], &endptr, CHCP_BASE);
+ nilfs_parse_cno(argv[optind], &endptr, CHCP_BASE);
if (*endptr == '\0')
dev = NULL;
else
@@ -178,8 +179,8 @@ int main(int argc, char *argv[])
break;
}
- cno = strtoul(argv[optind], &endptr, CHCP_BASE);
- if (*endptr != '\0') {
+ cno = nilfs_parse_cno(argv[optind], &endptr, CHCP_BASE);
+ if (cno >= NILFS_CNO_MAX || *endptr != '\0') {
fprintf(stderr, "%s: %s: invalid checkpoint number\n",
progname, argv[optind]);
status = 1;
diff --git a/include/cno.h b/include/cno.h
index 2d5c4af..79a327f 100644
--- a/include/cno.h
+++ b/include/cno.h
@@ -10,6 +10,7 @@
#ifndef NILFS_CNO_H
#define NILFS_CNO_H
+extern nilfs_cno_t nilfs_parse_cno(const char *arg, char **endptr, int base);
extern int nilfs_parse_cno_range(const char *arg, __u64 *start, __u64 *end,
int base);
diff --git a/lib/cno.c b/lib/cno.c
index 2391f0b..7dcdb71 100644
--- a/lib/cno.c
+++ b/lib/cno.c
@@ -35,8 +35,21 @@
#endif /* HAVE_STRING_H */
#include <assert.h>
+#include <ctype.h>
#include "nilfs.h"
+nilfs_cno_t nilfs_parse_cno(const char *arg, char **endptr, int base)
+{
+ /* ensure the number we are about to parse is not negative, which
+ * strtoull() will happily accept and cast to an unsigned value. */
+ while (isspace(*arg))
+ arg++;
+ if (*arg == '-')
+ return NILFS_CNO_MAX;
+
+ return strtoull(arg, endptr, base);
+}
+
int nilfs_parse_cno_range(const char *arg, __u64 *start, __u64 *end, int base)
{
const char *delim;
@@ -49,8 +62,8 @@ int nilfs_parse_cno_range(const char *arg, __u64 *start, __u64 *end, int base)
if (delim && delim == arg) {
if (arg[2] != '\0') {
/* ..yyy */
- cno = strtoull(arg + 2, &endptr, base);
- if (*endptr == '\0') {
+ cno = nilfs_parse_cno(arg + 2, &endptr, base);
+ if (cno < NILFS_CNO_MAX && *endptr == '\0') {
/* ..CNO */
*start = NILFS_CNO_MIN;
*end = cno;
@@ -59,24 +72,24 @@ int nilfs_parse_cno_range(const char *arg, __u64 *start, __u64 *end, int base)
}
} else if (!delim) {
/* xxx */
- cno = strtoull(arg, &endptr, base);
- if (*endptr == '\0') {
+ cno = nilfs_parse_cno(arg, &endptr, base);
+ if (cno < NILFS_CNO_MAX && *endptr == '\0') {
/* CNO */
*start = *end = cno;
return 0;
}
} else {
/* xxx..yyy */
- cno = strtoull(arg, &endptr, base);
- if (endptr == delim) {
+ cno = nilfs_parse_cno(arg, &endptr, base);
+ if (cno < NILFS_CNO_MAX && endptr == delim) {
if (delim[2] == '\0') {
/* CNO.. */
*start = cno;
*end = NILFS_CNO_MAX;
return 0;
}
- cno2 = strtoull(delim + 2, &endptr, base);
- if (*endptr == '\0') {
+ cno2 = nilfs_parse_cno(delim + 2, &endptr, base);
+ if (cno2 < NILFS_CNO_MAX && *endptr == '\0') {
/* CNO..CNO */
*start = cno;
*end = cno2;
--
1.7.8
--
To unsubscribe from this list: send the line "unsubscribe linux-nilfs" in
the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
next prev parent reply other threads:[~2011-12-21 21:34 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-12-21 21:34 [PATCH 0/7] A handful of small cleanups and improvements Dan McGee
[not found] ` <1324503249-17432-1-git-send-email-dan-fd97jBR+K/6hPH1hqNUYSQ@public.gmane.org>
2011-12-21 21:34 ` [PATCH 1/7] Add .gitignore rules for generated binaries Dan McGee
2011-12-21 21:34 ` [PATCH 2/7] umount.nilfs2 (libmount): send proper error code to complain function Dan McGee
2011-12-21 21:34 ` [PATCH 3/7] Remove kern_compat.h Dan McGee
[not found] ` <1324503249-17432-4-git-send-email-dan-fd97jBR+K/6hPH1hqNUYSQ@public.gmane.org>
2011-12-23 5:25 ` Ryusuke Konishi
2011-12-21 21:34 ` [PATCH 4/7] Alpha sort AC_CHECK_FUNCS list in configure.ac Dan McGee
2011-12-21 21:34 ` [PATCH 5/7] Use strtoull instead of strtoul where applicable Dan McGee
2011-12-21 21:34 ` Dan McGee [this message]
2011-12-21 21:34 ` [PATCH 7/7] rmcp: print sensible error message on permission failure Dan McGee
[not found] ` <1324503249-17432-8-git-send-email-dan-fd97jBR+K/6hPH1hqNUYSQ@public.gmane.org>
2011-12-23 5:56 ` Ryusuke Konishi
[not found] ` <20111223.145629.123971064.ryusuke-sG5X7nlA6pw@public.gmane.org>
2011-12-23 15:00 ` Dan McGee
[not found] ` <CAEik5nNHs1Lp-Wz_p9k_Xt1-CBu4L=Agsf28vVC7iBp4mSsuwA-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2011-12-24 7:20 ` Ryusuke Konishi
[not found] ` <20111224.162041.267403683.ryusuke-sG5X7nlA6pw@public.gmane.org>
2012-01-03 19:46 ` [PATCH] " Dan McGee
[not found] ` <1325619960-9715-1-git-send-email-dan-fd97jBR+K/6hPH1hqNUYSQ@public.gmane.org>
2012-01-05 5:14 ` Ryusuke Konishi
2011-12-22 16:35 ` [PATCH 0/7] A handful of small cleanups and improvements Ryusuke Konishi
[not found] ` <20111223.013541.163265429.ryusuke-sG5X7nlA6pw@public.gmane.org>
2011-12-23 6:40 ` Ryusuke Konishi
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1324503249-17432-7-git-send-email-dan@archlinux.org \
--to=dan-fd97jbr+k/6hph1hqnuysq@public.gmane.org \
--cc=linux-nilfs-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).