[lxc-devel] [lxc/master] [RFC] remove atoi
brauner on Github
lxc-bot at linuxcontainers.org
Fri Oct 28 18:43:57 UTC 2016
A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 571 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20161028/2502b113/attachment.bin>
-------------- next part --------------
From 214afd26bfc6b086fb95a2d76d4edf3d7ed0042c Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner at canonical.com>
Date: Tue, 6 Sep 2016 17:32:47 +0200
Subject: [PATCH 01/15] utils: add lxc_safe_uint()
This function safely parses an unsigned integer. On success it returns 0 and
stores the unsigned integer in @converted. On error it returns a negative
errno.
Signed-off-by: Christian Brauner <christian.brauner at canonical.com>
---
src/lxc/utils.c | 20 ++++++++++++++++++++
src/lxc/utils.h | 4 ++++
2 files changed, 24 insertions(+)
diff --git a/src/lxc/utils.c b/src/lxc/utils.c
index c912fe8..f7a6030 100644
--- a/src/lxc/utils.c
+++ b/src/lxc/utils.c
@@ -1930,3 +1930,23 @@ bool task_blocking_signal(pid_t pid, int signal)
fclose(f);
return bret;
}
+
+int lxc_safe_uint(const char *numstr, unsigned int *converted)
+{
+ char *err = NULL;
+ unsigned long int uli;
+
+ errno = 0;
+ uli = strtoul(numstr, &err, 0);
+ if (errno > 0)
+ return -errno;
+
+ if (!err || err == numstr || *err != '\0')
+ return -EINVAL;
+
+ if (uli > UINT_MAX)
+ return -ERANGE;
+
+ *converted = (unsigned)uli;
+ return 0;
+}
diff --git a/src/lxc/utils.h b/src/lxc/utils.h
index a0fa0e2..68a3393 100644
--- a/src/lxc/utils.h
+++ b/src/lxc/utils.h
@@ -313,4 +313,8 @@ int lxc_count_file_lines(const char *fn);
/* Check whether a signal is blocked by a process. */
bool task_blocking_signal(pid_t pid, int signal);
+
+/* Helper functions to parse numbers. */
+int lxc_safe_uint(const char *numstr, unsigned int *converted);
+
#endif /* __LXC_UTILS_H */
From 2d042b42c5f93473b559aede31ddedbea41f05ec Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner at canonical.com>
Date: Tue, 6 Sep 2016 17:41:34 +0200
Subject: [PATCH 02/15] tests: add unit tests for lxc_safe_uint()
Signed-off-by: Christian Brauner <christian.brauner at canonical.com>
---
src/tests/lxc-test-utils.c | 30 ++++++++++++++++++++++++++++++
1 file changed, 30 insertions(+)
diff --git a/src/tests/lxc-test-utils.c b/src/tests/lxc-test-utils.c
index 081ed4b..9f25419 100644
--- a/src/tests/lxc-test-utils.c
+++ b/src/tests/lxc-test-utils.c
@@ -25,6 +25,7 @@
#include <errno.h>
#include <fcntl.h>
#include <sched.h>
+#include <limits.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
@@ -220,6 +221,34 @@ void test_detect_ramfs_rootfs(void)
if (fret == EXIT_SUCCESS)
return;
exit(fret);
+
+void test_lxc_safe_uint(void)
+{
+ int ret;
+ unsigned int n;
+ size_t len = /* 2^64 = 21 - 1 */ 21;
+ char uint_max[len];
+
+ ret = snprintf(uint_max, len, "%lu", (unsigned long)UINT_MAX + 1);
+ if (ret < 0 || (size_t)ret >= len) {
+ lxc_error("%s\n", "Failed to create string via snprintf().");
+ exit(EXIT_FAILURE);
+ }
+
+ lxc_test_assert_abort((0 == lxc_safe_uint("1234345", &n)) && n == 1234345);
+ lxc_test_assert_abort((0 == lxc_safe_uint(" 345", &n)) && n == 345);
+ lxc_test_assert_abort((-EINVAL == lxc_safe_uint(" g345", &n)));
+ lxc_test_assert_abort((-EINVAL == lxc_safe_uint(" 3g45", &n)));
+ lxc_test_assert_abort((-EINVAL == lxc_safe_uint(" 345g", &n)));
+ lxc_test_assert_abort((-EINVAL == lxc_safe_uint("g345", &n)));
+ lxc_test_assert_abort((-EINVAL == lxc_safe_uint("3g45", &n)));
+ lxc_test_assert_abort((-EINVAL == lxc_safe_uint("345g", &n)));
+ lxc_test_assert_abort((-EINVAL == lxc_safe_uint("g345 ", &n)));
+ lxc_test_assert_abort((-EINVAL == lxc_safe_uint("3g45 ", &n)));
+ lxc_test_assert_abort((-EINVAL == lxc_safe_uint("345g ", &n)));
+ lxc_test_assert_abort((-EINVAL == lxc_safe_uint("g", &n)));
+ lxc_test_assert_abort((-EINVAL == lxc_safe_uint(" g345", &n)));
+ lxc_test_assert_abort((-ERANGE == lxc_safe_uint(uint_max, &n)));
}
void test_lxc_string_replace(void)
@@ -280,6 +309,7 @@ int main(int argc, char *argv[])
test_lxc_string_in_array();
test_lxc_deslashify();
test_detect_ramfs_rootfs();
+ test_lxc_safe_uint();
exit(EXIT_SUCCESS);
}
From d2a9b7b47cb18ef9e486c1ec769a44a17afe3a22 Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner at canonical.com>
Date: Wed, 7 Sep 2016 17:47:50 +0200
Subject: [PATCH 03/15] utils: add lxc_safe_int()
Signed-off-by: Christian Brauner <christian.brauner at canonical.com>
---
src/lxc/utils.c | 20 ++++++++++++++++++++
src/lxc/utils.h | 1 +
2 files changed, 21 insertions(+)
diff --git a/src/lxc/utils.c b/src/lxc/utils.c
index f7a6030..ddfeb26 100644
--- a/src/lxc/utils.c
+++ b/src/lxc/utils.c
@@ -1950,3 +1950,23 @@ int lxc_safe_uint(const char *numstr, unsigned int *converted)
*converted = (unsigned)uli;
return 0;
}
+
+int lxc_safe_int(const char *numstr, int *converted)
+{
+ char *err = NULL;
+ signed long int sli;
+
+ errno = 0;
+ sli = strtol(numstr, &err, 0);
+ if (errno > 0)
+ return -errno;
+
+ if (!err || err == numstr || *err != '\0')
+ return -EINVAL;
+
+ if (sli > INT_MAX)
+ return -ERANGE;
+
+ *converted = (int)sli;
+ return 0;
+}
diff --git a/src/lxc/utils.h b/src/lxc/utils.h
index 68a3393..a71b736 100644
--- a/src/lxc/utils.h
+++ b/src/lxc/utils.h
@@ -316,5 +316,6 @@ bool task_blocking_signal(pid_t pid, int signal);
/* Helper functions to parse numbers. */
int lxc_safe_uint(const char *numstr, unsigned int *converted);
+int lxc_safe_int(const char *numstr, int *converted);
#endif /* __LXC_UTILS_H */
From 8e9c5fb501a3d7cdb97c5fd414f28e7e3fcc0a0f Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner at canonical.com>
Date: Wed, 7 Sep 2016 17:51:33 +0200
Subject: [PATCH 04/15] tests: add unit tests for lxc_safe_int()
Signed-off-by: Christian Brauner <christian.brauner at canonical.com>
---
src/tests/lxc-test-utils.c | 33 +++++++++++++++++++++++++++++++++
1 file changed, 33 insertions(+)
diff --git a/src/tests/lxc-test-utils.c b/src/tests/lxc-test-utils.c
index 9f25419..46f8cf3 100644
--- a/src/tests/lxc-test-utils.c
+++ b/src/tests/lxc-test-utils.c
@@ -221,6 +221,7 @@ void test_detect_ramfs_rootfs(void)
if (fret == EXIT_SUCCESS)
return;
exit(fret);
+}
void test_lxc_safe_uint(void)
{
@@ -251,6 +252,37 @@ void test_lxc_safe_uint(void)
lxc_test_assert_abort((-ERANGE == lxc_safe_uint(uint_max, &n)));
}
+void test_lxc_safe_int(void)
+{
+ int ret;
+ signed int n;
+ size_t len = /* 2^64 = 21 - 1 */ 21;
+ char int_max[len];
+
+ ret = snprintf(int_max, len, "%ld", (signed long)INT_MAX + 1);
+ if (ret < 0 || (size_t)ret >= len) {
+ lxc_error("%s\n", "Failed to create string via snprintf().");
+ exit(EXIT_FAILURE);
+ }
+
+ lxc_test_assert_abort((0 == lxc_safe_int("1234345", &n)) && n == 1234345);
+ lxc_test_assert_abort((0 == lxc_safe_int(" 345", &n)) && n == 345);
+ lxc_test_assert_abort((0 == lxc_safe_int("-1234345", &n)) && n == -1234345);
+ lxc_test_assert_abort((0 == lxc_safe_int(" -345", &n)) && n == -345);
+ lxc_test_assert_abort((-EINVAL == lxc_safe_int(" g345", &n)));
+ lxc_test_assert_abort((-EINVAL == lxc_safe_int(" 3g45", &n)));
+ lxc_test_assert_abort((-EINVAL == lxc_safe_int(" 345g", &n)));
+ lxc_test_assert_abort((-EINVAL == lxc_safe_int("g345", &n)));
+ lxc_test_assert_abort((-EINVAL == lxc_safe_int("3g45", &n)));
+ lxc_test_assert_abort((-EINVAL == lxc_safe_int("345g", &n)));
+ lxc_test_assert_abort((-EINVAL == lxc_safe_int("g345 ", &n)));
+ lxc_test_assert_abort((-EINVAL == lxc_safe_int("3g45 ", &n)));
+ lxc_test_assert_abort((-EINVAL == lxc_safe_int("345g ", &n)));
+ lxc_test_assert_abort((-EINVAL == lxc_safe_int("g", &n)));
+ lxc_test_assert_abort((-EINVAL == lxc_safe_int(" g345", &n)));
+ lxc_test_assert_abort((-ERANGE == lxc_safe_int(int_max, &n)));
+}
+
void test_lxc_string_replace(void)
{
char *s;
@@ -310,6 +342,7 @@ int main(int argc, char *argv[])
test_lxc_deslashify();
test_detect_ramfs_rootfs();
test_lxc_safe_uint();
+ test_lxc_safe_int();
exit(EXIT_SUCCESS);
}
From 45099d419dc50d84c2031e95a9b91088e64f5094 Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner at canonical.com>
Date: Fri, 28 Oct 2016 19:41:42 +0200
Subject: [PATCH 05/15] conf/ile: get ip prefix via lxc_safe_uint()
Signed-off-by: Christian Brauner <christian.brauner at canonical.com>
---
src/lxc/conf.h | 4 ++--
src/lxc/confile.c | 11 ++++++++---
2 files changed, 10 insertions(+), 5 deletions(-)
diff --git a/src/lxc/conf.h b/src/lxc/conf.h
index e484667..51e6bec 100644
--- a/src/lxc/conf.h
+++ b/src/lxc/conf.h
@@ -62,7 +62,7 @@ enum {
struct lxc_inetdev {
struct in_addr addr;
struct in_addr bcast;
- int prefix;
+ unsigned int prefix;
};
struct lxc_route {
@@ -80,7 +80,7 @@ struct lxc_inet6dev {
struct in6_addr addr;
struct in6_addr mcast;
struct in6_addr acast;
- int prefix;
+ unsigned int prefix;
};
struct lxc_route6 {
diff --git a/src/lxc/confile.c b/src/lxc/confile.c
index 8f370f6..ab8ee90 100644
--- a/src/lxc/confile.c
+++ b/src/lxc/confile.c
@@ -853,8 +853,12 @@ static int config_network_ipv4(const char *key, const char *value,
}
/* no prefix specified, determine it from the network class */
- inetdev->prefix = prefix ? atoi(prefix) :
- config_ip_prefix(&inetdev->addr);
+ if (prefix) {
+ if (lxc_safe_uint(prefix, &inetdev->prefix) < 0)
+ return -1;
+ } else {
+ inetdev->prefix = config_ip_prefix(&inetdev->addr);
+ }
/* if no broadcast address, let compute one from the
* prefix and address
@@ -952,7 +956,8 @@ static int config_network_ipv6(const char *key, const char *value,
if (slash) {
*slash = '\0';
netmask = slash + 1;
- inet6dev->prefix = atoi(netmask);
+ if (lxc_safe_uint(netmask, &inet6dev->prefix) < 0)
+ return -1;
}
if (!inet_pton(AF_INET6, valdup, &inet6dev->addr)) {
From 47f31445b56f891359b0eb4c25a74bb50b1485b3 Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner at canonical.com>
Date: Fri, 28 Oct 2016 19:53:19 +0200
Subject: [PATCH 06/15] confile: use lxc_safe_u/int in config_init_{u,g}id
Signed-off-by: Christian Brauner <christian.brauner at canonical.com>
---
src/lxc/confile.c | 14 ++++++++++++--
1 file changed, 12 insertions(+), 2 deletions(-)
diff --git a/src/lxc/confile.c b/src/lxc/confile.c
index ab8ee90..ff06d31 100644
--- a/src/lxc/confile.c
+++ b/src/lxc/confile.c
@@ -1065,14 +1065,24 @@ static int config_init_cmd(const char *key, const char *value,
static int config_init_uid(const char *key, const char *value,
struct lxc_conf *lxc_conf)
{
- lxc_conf->init_uid = atoi(value);
+ unsigned int init_uid;
+
+ if (lxc_safe_uint(value, &init_uid) < 0)
+ return -1;
+ lxc_conf->init_uid = init_uid;
+
return 0;
}
static int config_init_gid(const char *key, const char *value,
struct lxc_conf *lxc_conf)
{
- lxc_conf->init_gid = atoi(value);
+ unsigned int init_gid;
+
+ if (lxc_safe_uint(value, &init_gid) < 0)
+ return -1;
+ lxc_conf->init_gid = init_gid;
+
return 0;
}
From ac8e4d7ed2fa7bd6d0fea7ae9a85e2644e6f4e92 Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner at canonical.com>
Date: Fri, 28 Oct 2016 19:58:10 +0200
Subject: [PATCH 07/15] conf/ile: use lxc_safe_uint() in config_pts()
Signed-off-by: Christian Brauner <christian.brauner at canonical.com>
---
src/lxc/conf.h | 2 +-
src/lxc/confile.c | 5 ++---
2 files changed, 3 insertions(+), 4 deletions(-)
diff --git a/src/lxc/conf.h b/src/lxc/conf.h
index 51e6bec..1801733 100644
--- a/src/lxc/conf.h
+++ b/src/lxc/conf.h
@@ -294,7 +294,7 @@ struct lxc_conf {
int is_execute;
char *fstab;
int tty;
- int pts;
+ unsigned int pts;
int reboot;
int need_utmp_watch;
signed long personality;
diff --git a/src/lxc/confile.c b/src/lxc/confile.c
index ff06d31..c24663e 100644
--- a/src/lxc/confile.c
+++ b/src/lxc/confile.c
@@ -1142,9 +1142,8 @@ static int config_personality(const char *key, const char *value,
static int config_pts(const char *key, const char *value,
struct lxc_conf *lxc_conf)
{
- int maxpts = atoi(value);
-
- lxc_conf->pts = maxpts;
+ if (lxc_safe_uint(value, &lxc_conf->pts) < 0)
+ return -1;
return 0;
}
From 2c942a02702a9d320c74bc68e0826e7ce47d035c Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner at canonical.com>
Date: Fri, 28 Oct 2016 20:01:21 +0200
Subject: [PATCH 08/15] conf/ile: use lxc_safe_u/int() in config_start()
Signed-off-by: Christian Brauner <christian.brauner at canonical.com>
---
src/lxc/conf.h | 4 ++--
src/lxc/confile.c | 11 ++++++++---
2 files changed, 10 insertions(+), 5 deletions(-)
diff --git a/src/lxc/conf.h b/src/lxc/conf.h
index 1801733..32eeb49 100644
--- a/src/lxc/conf.h
+++ b/src/lxc/conf.h
@@ -343,8 +343,8 @@ struct lxc_conf {
int inherit_ns_fd[LXC_NS_MAX];
- int start_auto;
- int start_delay;
+ unsigned int start_auto;
+ unsigned int start_delay;
int start_order;
struct lxc_list groups;
int nbd_idx;
diff --git a/src/lxc/confile.c b/src/lxc/confile.c
index c24663e..72d4660 100644
--- a/src/lxc/confile.c
+++ b/src/lxc/confile.c
@@ -1152,15 +1152,20 @@ static int config_start(const char *key, const char *value,
struct lxc_conf *lxc_conf)
{
if(strcmp(key, "lxc.start.auto") == 0) {
- lxc_conf->start_auto = atoi(value);
+ if (lxc_safe_uint(value, &lxc_conf->start_auto) < 0)
+ return -1;
+ if (lxc_conf->start_auto > 1)
+ return -1;
return 0;
}
else if (strcmp(key, "lxc.start.delay") == 0) {
- lxc_conf->start_delay = atoi(value);
+ if (lxc_safe_uint(value, &lxc_conf->start_delay) < 0)
+ return -1;
return 0;
}
else if (strcmp(key, "lxc.start.order") == 0) {
- lxc_conf->start_order = atoi(value);
+ if (lxc_safe_int(value, &lxc_conf->start_order) < 0)
+ return -1;
return 0;
}
SYSERROR("Unknown key: %s", key);
From 01d989bffaa1f342331062c08a2a5f0937ecfa2c Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner at canonical.com>
Date: Fri, 28 Oct 2016 20:05:07 +0200
Subject: [PATCH 09/15] conf/ile: use lxc_safe_uint() in config_monitor()
Signed-off-by: Christian Brauner <christian.brauner at canonical.com>
---
src/lxc/conf.h | 2 +-
src/lxc/confile.c | 3 ++-
2 files changed, 3 insertions(+), 2 deletions(-)
diff --git a/src/lxc/conf.h b/src/lxc/conf.h
index 32eeb49..df3dcd7 100644
--- a/src/lxc/conf.h
+++ b/src/lxc/conf.h
@@ -350,7 +350,7 @@ struct lxc_conf {
int nbd_idx;
/* unshare the mount namespace in the monitor */
- int monitor_unshare;
+ unsigned int monitor_unshare;
/* set to true when rootfs has been setup */
bool rootfs_setup;
diff --git a/src/lxc/confile.c b/src/lxc/confile.c
index 72d4660..614baac 100644
--- a/src/lxc/confile.c
+++ b/src/lxc/confile.c
@@ -1176,7 +1176,8 @@ static int config_monitor(const char *key, const char *value,
struct lxc_conf *lxc_conf)
{
if(strcmp(key, "lxc.monitor.unshare") == 0) {
- lxc_conf->monitor_unshare = atoi(value);
+ if (lxc_safe_uint(value, &lxc_conf->monitor_unshare) < 0)
+ return -1;
return 0;
}
SYSERROR("Unknown key: %s", key);
From a4cfc8901be6b82ceaf994c78e8c6e9326b59579 Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner at canonical.com>
Date: Fri, 28 Oct 2016 20:06:40 +0200
Subject: [PATCH 10/15] conf/ile: use lxc_safe_uint() in config_tty()
Signed-off-by: Christian Brauner <christian.brauner at canonical.com>
---
src/lxc/conf.h | 2 +-
src/lxc/confile.c | 5 ++---
2 files changed, 3 insertions(+), 4 deletions(-)
diff --git a/src/lxc/conf.h b/src/lxc/conf.h
index df3dcd7..3f7bf87 100644
--- a/src/lxc/conf.h
+++ b/src/lxc/conf.h
@@ -293,7 +293,7 @@ struct saved_nic {
struct lxc_conf {
int is_execute;
char *fstab;
- int tty;
+ unsigned int tty;
unsigned int pts;
int reboot;
int need_utmp_watch;
diff --git a/src/lxc/confile.c b/src/lxc/confile.c
index 614baac..b6d5af0 100644
--- a/src/lxc/confile.c
+++ b/src/lxc/confile.c
@@ -1260,9 +1260,8 @@ static int config_environment(const char *key, const char *value,
static int config_tty(const char *key, const char *value,
struct lxc_conf *lxc_conf)
{
- int nbtty = atoi(value);
-
- lxc_conf->tty = nbtty;
+ if (lxc_safe_uint(value, &lxc_conf->tty) < 0)
+ return -1;
return 0;
}
From 986dca61805d2378e4d34717207f9a02d00b966f Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner at canonical.com>
Date: Fri, 28 Oct 2016 20:08:12 +0200
Subject: [PATCH 11/15] conf/ile: use lxc_safe_uint() in config_kmsg()
Signed-off-by: Christian Brauner <christian.brauner at canonical.com>
---
src/lxc/conf.h | 2 +-
src/lxc/confile.c | 6 ++++--
2 files changed, 5 insertions(+), 3 deletions(-)
diff --git a/src/lxc/conf.h b/src/lxc/conf.h
index 3f7bf87..90506e9 100644
--- a/src/lxc/conf.h
+++ b/src/lxc/conf.h
@@ -329,7 +329,7 @@ struct lxc_conf {
int haltsignal; // signal used to halt container
int rebootsignal; // signal used to reboot container
int stopsignal; // signal used to hard stop container
- int kmsg; // if 1, create /dev/kmsg symlink
+ unsigned int kmsg; // if 1, create /dev/kmsg symlink
char *rcfile; // Copy of the top level rcfile we read
// Logfile and logleve can be set in a container config file.
diff --git a/src/lxc/confile.c b/src/lxc/confile.c
index b6d5af0..a9f8a74 100644
--- a/src/lxc/confile.c
+++ b/src/lxc/confile.c
@@ -1275,9 +1275,11 @@ static int config_ttydir(const char *key, const char *value,
static int config_kmsg(const char *key, const char *value,
struct lxc_conf *lxc_conf)
{
- int v = atoi(value);
+ if (lxc_safe_uint(value, &lxc_conf->kmsg) < 0)
+ return -1;
- lxc_conf->kmsg = v;
+ if (lxc_conf->kmsg > 1)
+ return -1;
return 0;
}
From 3052f7cf2cb2394a56c7842ce5a8be710122b3ae Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner at canonical.com>
Date: Fri, 28 Oct 2016 20:10:25 +0200
Subject: [PATCH 12/15] conf/ile: avoid atoi in config_lsm_aa_incomplete()
Signed-off-by: Christian Brauner <christian.brauner at canonical.com>
---
src/lxc/conf.h | 2 +-
src/lxc/confile.c | 14 +++++++++-----
2 files changed, 10 insertions(+), 6 deletions(-)
diff --git a/src/lxc/conf.h b/src/lxc/conf.h
index 90506e9..4c1dc45 100644
--- a/src/lxc/conf.h
+++ b/src/lxc/conf.h
@@ -317,7 +317,7 @@ struct lxc_conf {
struct lxc_list hooks[NUM_LXC_HOOKS];
char *lsm_aa_profile;
- int lsm_aa_allow_incomplete;
+ unsigned int lsm_aa_allow_incomplete;
char *lsm_se_context;
int tmp_umount_proc;
char *seccomp; // filename with the seccomp rules
diff --git a/src/lxc/confile.c b/src/lxc/confile.c
index a9f8a74..4ea412f 100644
--- a/src/lxc/confile.c
+++ b/src/lxc/confile.c
@@ -1293,9 +1293,11 @@ static int config_lsm_aa_profile(const char *key, const char *value,
static int config_lsm_aa_incomplete(const char *key, const char *value,
struct lxc_conf *lxc_conf)
{
- int v = atoi(value);
+ if (lxc_safe_uint(value, &lxc_conf->lsm_aa_allow_incomplete) < 0)
+ return -1;
- lxc_conf->lsm_aa_allow_incomplete = v == 1 ? 1 : 0;
+ if (lxc_conf->lsm_aa_allow_incomplete > 1)
+ return -1;
return 0;
}
@@ -1327,10 +1329,12 @@ static int config_loglevel(const char *key, const char *value,
if (!value || strlen(value) == 0)
return 0;
- if (value[0] >= '0' && value[0] <= '9')
- newlevel = atoi(value);
- else
+ if (value[0] >= '0' && value[0] <= '9') {
+ if (lxc_safe_int(value, &newlevel) < 0)
+ return -1;
+ } else {
newlevel = lxc_log_priority_to_int(value);
+ }
// store these values in the lxc_conf, and then try to set for
// actual current logging.
lxc_conf->loglevel = newlevel;
From 0bf04259e05800b2b927f0c896ffe7262229dc96 Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner at canonical.com>
Date: Fri, 28 Oct 2016 20:22:35 +0200
Subject: [PATCH 13/15] conf/ile: use lxc_safe_uint() in config_autodev()
Signed-off-by: Christian Brauner <christian.brauner at canonical.com>
---
src/lxc/conf.h | 2 +-
src/lxc/confile.c | 6 ++++--
2 files changed, 5 insertions(+), 3 deletions(-)
diff --git a/src/lxc/conf.h b/src/lxc/conf.h
index 4c1dc45..c8c3508 100644
--- a/src/lxc/conf.h
+++ b/src/lxc/conf.h
@@ -325,7 +325,7 @@ struct lxc_conf {
scmp_filter_ctx seccomp_ctx;
#endif
int maincmd_fd;
- int autodev; // if 1, mount and fill a /dev at start
+ unsigned int autodev; // if 1, mount and fill a /dev at start
int haltsignal; // signal used to halt container
int rebootsignal; // signal used to reboot container
int stopsignal; // signal used to hard stop container
diff --git a/src/lxc/confile.c b/src/lxc/confile.c
index 4ea412f..371dda7 100644
--- a/src/lxc/confile.c
+++ b/src/lxc/confile.c
@@ -1344,9 +1344,11 @@ static int config_loglevel(const char *key, const char *value,
static int config_autodev(const char *key, const char *value,
struct lxc_conf *lxc_conf)
{
- int v = atoi(value);
+ if (lxc_safe_uint(value, &lxc_conf->autodev) < 0)
+ return -1;
- lxc_conf->autodev = v;
+ if (lxc_conf->autodev > 1)
+ return -1;
return 0;
}
From 47ea2abae037b571c41ded756e2e7f7053cc7c19 Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner at canonical.com>
Date: Fri, 28 Oct 2016 20:24:17 +0200
Subject: [PATCH 14/15] conf/ile: avoid atoi() in config_ephemeral()
Signed-off-by: Christian Brauner <christian.brauner at canonical.com>
---
src/lxc/conf.h | 2 +-
src/lxc/confile.c | 9 +++------
2 files changed, 4 insertions(+), 7 deletions(-)
diff --git a/src/lxc/conf.h b/src/lxc/conf.h
index c8c3508..c59227a 100644
--- a/src/lxc/conf.h
+++ b/src/lxc/conf.h
@@ -377,7 +377,7 @@ struct lxc_conf {
gid_t init_gid;
/* indicator if the container will be destroyed on shutdown */
- int ephemeral;
+ unsigned int ephemeral;
/* The facility to pass to syslog. Let's users establish as what type of
* program liblxc is supposed to write to the syslog. */
diff --git a/src/lxc/confile.c b/src/lxc/confile.c
index 371dda7..8b17eca 100644
--- a/src/lxc/confile.c
+++ b/src/lxc/confile.c
@@ -2960,14 +2960,11 @@ bool network_new_hwaddrs(struct lxc_conf *conf)
static int config_ephemeral(const char *key, const char *value,
struct lxc_conf *lxc_conf)
{
- int v = atoi(value);
+ if (lxc_safe_uint(value, &lxc_conf->ephemeral) < 0)
+ return -1;
- if (v != 0 && v != 1) {
+ if (lxc_conf->ephemeral > 1)
ERROR("Wrong value for lxc.ephemeral. Can only be set to 0 or 1");
- return -1;
- } else {
- lxc_conf->ephemeral = v;
- }
return 0;
}
From 1385a7d9387acd6845215903912cea91e027cd65 Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner at canonical.com>
Date: Fri, 28 Oct 2016 20:26:51 +0200
Subject: [PATCH 15/15] conf/ile: avoid atoi() in config_no_new_privs()
Signed-off-by: Christian Brauner <christian.brauner at canonical.com>
---
src/lxc/confile.c | 10 ++++++----
1 file changed, 6 insertions(+), 4 deletions(-)
diff --git a/src/lxc/confile.c b/src/lxc/confile.c
index 8b17eca..c8ea922 100644
--- a/src/lxc/confile.c
+++ b/src/lxc/confile.c
@@ -2986,12 +2986,14 @@ static int config_syslog(const char *key, const char *value,
static int config_no_new_privs(const char *key, const char *value,
struct lxc_conf *lxc_conf)
{
- int v = atoi(value);
+ unsigned int v;
- if (v != 0 && v != 1) {
- ERROR("Wrong value for lxc.no_new_privs. Can only be set to 0 or 1");
+ if (lxc_safe_uint(value, &v) < 0)
return -1;
- }
+
+ if (v > 1)
+ ERROR("Wrong value for lxc.no_new_privs. Can only be set to 0 or 1");
+
lxc_conf->no_new_privs = v ? true : false;
return 0;
More information about the lxc-devel
mailing list