On Thu, 17 Nov 2011 18:31:40 +0200
Alexander Nezhinsky <alexandern@xxxxxxxxxxxx> wrote:
> When a numerical command line param value is out of range or contains
> garbage (both tgtd and tgtadm), this remains unchecked in many cases.
> In some of them 0 value will be used, which may lead to unpredicted or
> "silently" faulty behavior.
>
> This fix defines a new macro str_to_val() which uses strtoull() and
> detects its errors properly, by checking
> 1) errno (range errors) and 2) comparing endptr to the original argument
> (they remain equal in case of non-numerical garbage);
> created
>
> Signed-off-by: Alexander Nezhinsky <alexandern@xxxxxxxxxxxx>
> ---
> usr/util.h | 19 +++++++++++++++++++
> 1 files changed, 19 insertions(+), 0 deletions(-)
The idea sounds good.
> diff --git a/usr/util.h b/usr/util.h
> index d4e9406..d362903 100644
> --- a/usr/util.h
> +++ b/usr/util.h
> @@ -8,6 +8,7 @@
> #include <signal.h>
> #include <syscall.h>
> #include <unistd.h>
> +#include <limits.h>
> #include <linux/types.h>
>
> #include "be_byteshift.h"
> @@ -138,4 +139,22 @@ struct signalfd_siginfo {
> };
> #endif
>
> +#define str_to_val(str, name, val, minv, maxv) \
> +({ \
> + char *ptr; \
> + int ret = 0; \
> + val = (typeof(val)) strtoull(str, &ptr, 0); \
> + if (errno || ptr == str) { \
> + eprintf("%s value '%s' invalid\n", \
> + name ? name : "", str); \
> + ret = EINVAL; \
> + } \
> + else if (val < minv || val > maxv) { \
> + eprintf("%s value '%s' out of range\n", \
> + name ? name : "", str); \
> + ret = ERANGE; \
> + } \
> + ret; \
> +})
> +
Can we drop "name" argument? str_to_val just returns an error and let
the callers to do what they want. opt_long_name() looks a bit hacky (I
don't think that it's a good idea to play with the internal of struct
option). Each caller can print an appropriate error message.
Thanks,
--
To unsubscribe from this list: send the line "unsubscribe stgt" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
