[stgt] [PATCH] improved conversion and checking of numerical cmd line args

Mark Harvey markh794 at gmail.com
Sun Jun 20 05:24:47 CEST 2010 

I've got a fix that I'm testing. I'll forward once I'm happy

Sent from my iPhone

On 20/06/2010, at 12:01, FUJITA Tomonori  
<fujita.tomonori at lab.ntt.co.jp> wrote:

> On Thu, 17 Jun 2010 16:19:43 +0300 (IDT)
> Alexander Nezhinsky <alexandern at voltaire.com> wrote:
>
>> When a numerical command line param value is out of range or  
>> contains garbage
>> (both tgtd and tgtadm), this remains unchecked in many cases.
>> In some of them 0 value will be used, which may lead to unpredicted  
>> or
>> "silently" faulty behavior.
>>
>> This fix defines a new function str_to_uit64() which uses strtoull 
>> () and
>> detects its errors properly, by checking 1) errno (range errors) and
>> 2) comparing endptr to the original argument (nun-numerical garbage);
>> must check both.
>>
>> str_to_uit64() is declared static twice, in tgtd.c and tgtadm.c, as
>> tgtadm does not uses util.c, where the natural place of this function
>> would be otherwise.
>>
>> It returns the converted integer value directly, while error is  
>> returned
>> through a pointer argument. Although the opposite arrangement may  
>> seem
>> intuitive, this one allows free casting of the returned value to  
>> various
>> types. Return type uint64 is choosen to cover all possible cases.
>> min and max arguments support range checking. To use the natural  
>> integer
>> ranges, use ULLONG_MAX, ULONG_MAX, USHRT_MAX etc.
>>
>> Signed-off-by: Alexander Nezhinsky <alexandern at voltaire.com>
>
> I'm for the strict checking however two comments.
>
> - casting a returned value looks ugly.
>
> - duplicating the same function isn't nice.
>
>
> How about something like this?
>
> diff --git a/usr/tgtadm.c b/usr/tgtadm.c
> index 28ed754..2282c86 100644
> --- a/usr/tgtadm.c
> +++ b/usr/tgtadm.c
> @@ -471,8 +471,8 @@ int main(int argc, char **argv)
>            mode = str_to_mode(optarg);
>            break;
>        case 't':
> -            tid = strtol(optarg, NULL, 10);
> -            if (errno == EINVAL) {
> +            tid = str_to_val(optarg, int, 0, INT_MAX, &rc);
> +            if (rc == EINVAL) {
>                eprintf("invalid tid '%s'\n", optarg);
>                exit(EINVAL);
>            }
> diff --git a/usr/util.h b/usr/util.h
> index 6e1fd6f..fc406b1 100644
> --- a/usr/util.h
> +++ b/usr/util.h
> @@ -156,4 +156,17 @@ struct signalfd_siginfo {
> };
> #endif
>
> +#define str_to_val(str, type, min, max, err_ptr)    \
> +({                            \
> +    char *ptr;                    \
> +    int ret = 0;                    \
> +    typeof(type) v = strtoull(str, &ptr, 0);    \
> +    if (errno || ptr == str)            \
> +        ret = EINVAL;                \
> +    if (v < min|| v > max)                \
> +        ret = ERANGE;                \
> +    *err_ptr = ret;                    \
> +    v;                        \
> +})                            \
> +
> #endif
> --
> To unsubscribe from this list: send the line "unsubscribe stgt" in
> the body of a message to majordomo at vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
--
To unsubscribe from this list: send the line "unsubscribe stgt" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

More information about the stgt mailing list