From patchwork Tue Oct 25 16:50:26 2011 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Chuck Lever X-Patchwork-Id: 121755 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from acsinet14.oracle.com (acsinet14.oracle.com [141.146.126.236]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "acsinet14.oracle.com", Issuer "VeriSign Class 3 International Server CA - G3" (verified OK)) by ozlabs.org (Postfix) with ESMTPS id 81537B6F8B for ; Wed, 26 Oct 2011 03:50:45 +1100 (EST) Received: from acsinet15.oracle.com (acsinet15.oracle.com [141.146.126.227]) by acsinet14.oracle.com (Switch-3.4.4/Switch-3.4.1) with ESMTP id p9PGogr4025494 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK) for ; Tue, 25 Oct 2011 16:50:42 GMT Received: from ucsinet22.oracle.com (ucsinet22.oracle.com [156.151.31.94]) by acsinet15.oracle.com (Switch-3.4.4/Switch-3.4.4) with ESMTP id p9PGobLK008940 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Tue, 25 Oct 2011 16:50:38 GMT Received: from oss.oracle.com (oss.oracle.com [141.146.12.120]) by ucsinet22.oracle.com (8.14.4+Sun/8.14.4) with ESMTP id p9PGobYm018138 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 25 Oct 2011 16:50:37 GMT Received: from localhost ([127.0.0.1] helo=oss.oracle.com) by oss.oracle.com with esmtp (Exim 4.63) (envelope-from ) id 1RIkCu-0004B2-2e; Tue, 25 Oct 2011 09:50:32 -0700 Received: from rcsinet12.oracle.com ([148.87.113.124]) by oss.oracle.com with esmtp (Exim 4.63) (envelope-from ) id 1RIkCs-0004An-2E for fedfs-utils-devel@oss.oracle.com; Tue, 25 Oct 2011 09:50:30 -0700 Received: from mail-iy0-f171.google.com (mail-iy0-f171.google.com [209.85.210.171]) by rcsinet12.oracle.com (Sentrion-MTA-4.2.0/Sentrion-MTA-4.2.0) with ESMTP id p9PGmm2G017534 (version=TLSv1/SSLv3 cipher=RC4-SHA bits=128 verify=OK) for ; Tue, 25 Oct 2011 16:50:29 GMT Received: by mail-iy0-f171.google.com with SMTP id n33so975196iae.2 for ; Tue, 25 Oct 2011 09:50:29 -0700 (PDT) Received: by 10.231.8.100 with SMTP id g36mr593486ibg.55.1319561429472; Tue, 25 Oct 2011 09:50:29 -0700 (PDT) Received: from seurat.1015granger.net (adsl-99-26-161-222.dsl.sfldmi.sbcglobal.net. [99.26.161.222]) by mx.google.com with ESMTPS id el2sm59871596ibb.10.2011.10.25.09.50.27 (version=TLSv1/SSLv3 cipher=OTHER); Tue, 25 Oct 2011 09:50:28 -0700 (PDT) From: Chuck Lever To: fedfs-utils-devel@oss.oracle.com Date: Tue, 25 Oct 2011 12:50:26 -0400 Message-ID: <20111025165026.18584.42748.stgit@seurat.1015granger.net> In-Reply-To: <20111025163952.18584.51838.stgit@seurat.1015granger.net> References: <20111025163952.18584.51838.stgit@seurat.1015granger.net> User-Agent: StGIT/0.14.3 MIME-Version: 1.0 Subject: [fedfs-utils] [PATCH 14/15] libnsdb: Stricter type checking X-BeenThere: fedfs-utils-devel@oss.oracle.com X-Mailman-Version: 2.1.9 Precedence: list Reply-To: fedfs-utils Developers List-Id: fedfs-utils Developers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: fedfs-utils-devel-bounces@oss.oracle.com Errors-To: fedfs-utils-devel-bounces@oss.oracle.com X-Source-IP: ucsinet22.oracle.com [156.151.31.94] X-CT-RefId: str=0001.0A090205.4EA6E8DF.0041:SCFSTAT3865452, ss=1, re=-4.000, fgs=0 For integer LDAP values, replace atoi(3) with something more robust. Signed-off-by: Chuck Lever --- src/libnsdb/ldap.c | 15 +++++++++++++-- 1 files changed, 13 insertions(+), 2 deletions(-) diff --git a/src/libnsdb/ldap.c b/src/libnsdb/ldap.c index acd9672..618b62a 100644 --- a/src/libnsdb/ldap.c +++ b/src/libnsdb/ldap.c @@ -31,6 +31,7 @@ #include #include #include +#include #include #include #include @@ -216,14 +217,24 @@ nsdb_parse_singlevalue_bool(char *attr, struct berval **values, _Bool *result) FedFsStatus nsdb_parse_singlevalue_int(char *attr, struct berval **values, int *result) { + char *endptr; + long tmp; + if (values[1] != NULL) { xlog(L_ERROR, "%s: Expecting only one value for attribute %s", __func__, attr); return FEDFS_ERR_NSDB_RESPONSE; } - /* XXX: Better value type checking, please */ - *result = atoi(values[0]->bv_val); + errno = 0; + tmp = strtol(values[0]->bv_val, &endptr, 10); + if (errno != 0 || *endptr != '\0' || tmp < INT_MIN || tmp > INT_MAX) { + xlog(D_CALL, "%s: Attribute %s contains out-of-range value %.*s", + __func__, attr, values[0]->bv_len, values[0]->bv_val); + return FEDFS_ERR_NSDB_RESPONSE; + } + + *result = (int)tmp; xlog(D_CALL, "%s: Attribute %s contains value %d", __func__, attr, *result); return FEDFS_OK;