Most of the strtoul() functions called in lfs.c
did not check the range of the return value.
This patch fixes those issues.
Change-Id: If1eb64750507b5fa4e22abe710e475e2f0032b4d
Signed-off-by: Jian Yu <yujian@whamcloud.com>
Reviewed-on: https://review.whamcloud.com/41726
Tested-by: jenkins <devops@whamcloud.com>
Reviewed-by: John L. Hammond <jhammond@whamcloud.com>
Reviewed-by: Andreas Dilger <adilger@whamcloud.com>
Tested-by: Maloo <maloo@whamcloud.com>
Reviewed-by: Oleg Drokin <green@whamcloud.com>
case LFS_COMP_NO_VERIFY_OPT:
mirror_flags |= MF_NO_VERIFY;
break;
case LFS_COMP_NO_VERIFY_OPT:
mirror_flags |= MF_NO_VERIFY;
break;
- case LFS_MIRROR_ID_OPT:
- mirror_id = strtoul(optarg, &end, 0);
- if (*end != '\0' || mirror_id == 0) {
+ case LFS_MIRROR_ID_OPT: {
+ unsigned long int id;
+
+ errno = 0;
+ id = strtoul(optarg, &end, 0);
+ if (errno != 0 || *end != '\0' || id == 0 ||
+ id > UINT16_MAX) {
fprintf(stderr,
"%s %s: invalid mirror ID '%s'\n",
progname, argv[0], optarg);
goto usage_error;
}
fprintf(stderr,
"%s %s: invalid mirror ID '%s'\n",
progname, argv[0], optarg);
goto usage_error;
}
+
+ mirror_id = (__u16)id;
case LFS_LAYOUT_FLAGS_OPT: {
uint32_t neg_flags;
case LFS_LAYOUT_FLAGS_OPT: {
uint32_t neg_flags;
optarg);
return CMD_HELP;
}
optarg);
return CMD_HELP;
}
+ } else if (type >= UINT32_MAX) {
+ fprintf(stderr,
+ "%s %s: invalid foreign type '%s'\n",
+ progname, argv[0], optarg);
+ return CMD_HELP;
lsa.lsa_pattern = LLAPI_LAYOUT_OVERSTRIPING;
/* fall through */
case 'c':
lsa.lsa_pattern = LLAPI_LAYOUT_OVERSTRIPING;
/* fall through */
case 'c':
lsa.lsa_stripe_count = strtoul(optarg, &end, 0);
lsa.lsa_stripe_count = strtoul(optarg, &end, 0);
+ if (errno != 0 || *end != '\0'||
+ lsa.lsa_stripe_count < -1 ||
+ lsa.lsa_stripe_count > LOV_MAX_STRIPE_COUNT) {
fprintf(stderr,
"%s %s: invalid stripe count '%s'\n",
progname, argv[0], optarg);
fprintf(stderr,
"%s %s: invalid stripe count '%s'\n",
progname, argv[0], optarg);
}
mirror_count = 1;
if (optarg) {
}
mirror_count = 1;
if (optarg) {
mirror_count = strtoul(optarg, &end, 0);
mirror_count = strtoul(optarg, &end, 0);
- if (*end != '\0' || mirror_count == 0) {
+ if (errno != 0 || *end != '\0' ||
+ mirror_count == 0 ||
+ mirror_count > LUSTRE_MIRROR_COUNT_MAX) {
fprintf(stderr,
"error: %s: bad mirror count: %s\n",
progname, optarg);
fprintf(stderr,
"error: %s: bad mirror count: %s\n",
progname, optarg);
param.fp_comp_count = strtoul(optarg, &endptr, 0);
param.fp_comp_count = strtoul(optarg, &endptr, 0);
+ if (errno != 0 || *endptr != '\0' ||
+ param.fp_comp_count > UINT32_MAX) {
fprintf(stderr,
"error: bad component count '%s'\n",
optarg);
fprintf(stderr,
"error: bad component count '%s'\n",
optarg);
param.fp_stripe_count = strtoul(optarg, &endptr, 0);
param.fp_stripe_count = strtoul(optarg, &endptr, 0);
+ if (errno != 0 || *endptr != '\0' ||
+ param.fp_stripe_count > LOV_MAX_STRIPE_COUNT) {
fprintf(stderr,
"error: bad stripe_count '%s'\n",
optarg);
fprintf(stderr,
"error: bad stripe_count '%s'\n",
optarg);
optarg);
return CMD_HELP;
}
optarg);
return CMD_HELP;
}
+ } else if (type >= UINT32_MAX) {
+ fprintf(stderr,
+ "%s %s: invalid foreign type '%s'\n",
+ progname, argv[0], optarg);
+ return CMD_HELP;
}
}
param.fp_foreign_type = type;
}
}
param.fp_foreign_type = type;
param.fp_mirror_count = strtoul(optarg, &endptr, 0);
param.fp_mirror_count = strtoul(optarg, &endptr, 0);
+ if (errno != 0 || *endptr != '\0' ||
+ param.fp_mirror_count > LUSTRE_MIRROR_COUNT_MAX) {
fprintf(stderr,
"error: bad mirror count '%s'\n",
optarg);
fprintf(stderr,
"error: bad mirror count '%s'\n",
optarg);
param.fp_mdt_count = strtoul(optarg, &endptr, 0);
param.fp_mdt_count = strtoul(optarg, &endptr, 0);
+ if (errno != 0 || *endptr != '\0' ||
+ param.fp_mdt_count >= UINT32_MAX) {
fprintf(stderr, "error: bad mdt_count '%s'\n",
optarg);
ret = -1;
fprintf(stderr, "error: bad mdt_count '%s'\n",
optarg);
ret = -1;
param->fp_max_depth = 0;
}
break;
param->fp_max_depth = 0;
}
break;
- case LFS_MIRROR_INDEX_OPT:
+ case LFS_MIRROR_INDEX_OPT: {
+ unsigned long int mirror_index;
+
if (optarg[0] == '+') {
param->fp_mirror_index_sign = -1;
optarg++;
if (optarg[0] == '+') {
param->fp_mirror_index_sign = -1;
optarg++;
- param->fp_mirror_index = strtoul(optarg, &end, 0);
- if (*end != '\0' || (param->fp_mirror_index == 0 &&
+ errno = 0;
+ mirror_index = strtoul(optarg, &end, 0);
+ if (errno != 0 || *end != '\0' ||
+ mirror_index > UINT16_MAX || (mirror_index == 0 &&
param->fp_mirror_index_sign == 0 && neg_opt == 0)) {
fprintf(stderr,
"%s %s: invalid mirror index '%s'\n",
progname, argv[0], optarg);
return CMD_HELP;
}
param->fp_mirror_index_sign == 0 && neg_opt == 0)) {
fprintf(stderr,
"%s %s: invalid mirror index '%s'\n",
progname, argv[0], optarg);
return CMD_HELP;
}
+
+ param->fp_mirror_index = (__u16)mirror_index;
+
if (param->fp_mirror_id != 0) {
fprintf(stderr,
"%s %s: can't specify both mirror index and mirror ID\n",
if (param->fp_mirror_id != 0) {
fprintf(stderr,
"%s %s: can't specify both mirror index and mirror ID\n",
param->fp_check_mirror_index = 1;
param->fp_exclude_mirror_index = !!neg_opt;
break;
param->fp_check_mirror_index = 1;
param->fp_exclude_mirror_index = !!neg_opt;
break;
- case LFS_MIRROR_ID_OPT:
+ }
+ case LFS_MIRROR_ID_OPT: {
+ unsigned long int mirror_id;
+
if (optarg[0] == '+') {
param->fp_mirror_id_sign = -1;
optarg++;
if (optarg[0] == '+') {
param->fp_mirror_id_sign = -1;
optarg++;
- param->fp_mirror_id = strtoul(optarg, &end, 0);
- if (*end != '\0' || (param->fp_mirror_id == 0 &&
+ errno = 0;
+ mirror_id = strtoul(optarg, &end, 0);
+ if (errno != 0 || *end != '\0' ||
+ mirror_id > UINT16_MAX || (mirror_id == 0 &&
param->fp_mirror_id_sign == 0 && neg_opt == 0)) {
fprintf(stderr,
"%s %s: invalid mirror ID '%s'\n",
progname, argv[0], optarg);
return CMD_HELP;
}
param->fp_mirror_id_sign == 0 && neg_opt == 0)) {
fprintf(stderr,
"%s %s: invalid mirror ID '%s'\n",
progname, argv[0], optarg);
return CMD_HELP;
}
+
+ param->fp_mirror_id = (__u16)mirror_id;
+
if (param->fp_mirror_index != 0) {
fprintf(stderr,
"%s %s: can't specify both mirror index and mirror ID\n",
if (param->fp_mirror_index != 0) {
fprintf(stderr,
"%s %s: can't specify both mirror index and mirror ID\n",
param->fp_check_mirror_id = 1;
param->fp_exclude_mirror_id = !!neg_opt;
break;
param->fp_check_mirror_id = 1;
param->fp_exclude_mirror_id = !!neg_opt;
break;
case 'd':
param->fp_max_depth = 0;
break;
case 'd':
param->fp_max_depth = 0;
break;
break;
case 'c':
case 'T':
break;
case 'c':
case 'T':
lsa.lsa_stripe_count = strtoul(optarg, &end, 0);
lsa.lsa_stripe_count = strtoul(optarg, &end, 0);
+ if (errno != 0 || *end != '\0' ||
+ lsa.lsa_stripe_count < -1 ||
+ lsa.lsa_stripe_count > LOV_MAX_STRIPE_COUNT) {
fprintf(stderr,
"%s %s: invalid stripe count '%s'\n",
progname, argv[0], optarg);
fprintf(stderr,
"%s %s: invalid stripe count '%s'\n",
progname, argv[0], optarg);
optarg);
return CMD_HELP;
}
optarg);
return CMD_HELP;
}
+ } else if (type >= UINT32_MAX) {
+ fprintf(stderr,
+ "%s %s: invalid foreign type '%s'\n",
+ progname, argv[0], optarg);
+ return CMD_HELP;
"warning: '-M' deprecated, use '--mdt-index' or '-m' instead\n");
#endif
case 'm':
"warning: '-M' deprecated, use '--mdt-index' or '-m' instead\n");
#endif
case 'm':
lmu.lum_stripe_offset = strtoul(optarg, &end, 0);
lmu.lum_stripe_offset = strtoul(optarg, &end, 0);
+ if (errno != 0 || *end != '\0' ||
+ lmu.lum_stripe_offset >= UINT32_MAX) {
fprintf(stderr, "%s mv: bad MDT index '%s'\n",
progname, optarg);
return CMD_HELP;
fprintf(stderr, "%s mv: bad MDT index '%s'\n",
progname, optarg);
return CMD_HELP;
- case 'N':
- mirror_id = strtoul(optarg, &end, 0);
- if (*end != '\0' || mirror_id == 0) {
+ case 'N': {
+ unsigned long int id;
+
+ errno = 0;
+ id = strtoul(optarg, &end, 0);
+ if (errno != 0 || *end != '\0' || id == 0 ||
+ id > UINT16_MAX) {
fprintf(stderr,
"%s %s: invalid mirror ID '%s'\n",
progname, argv[0], optarg);
return rc;
}
fprintf(stderr,
"%s %s: invalid mirror ID '%s'\n",
progname, argv[0], optarg);
return rc;
}
+
+ mirror_id = (__u16)id;
case 'o':
outfile = optarg;
break;
case 'o':
outfile = optarg;
break;
- case 'N':
- mirror_id = strtoul(optarg, &end, 0);
- if (*end != '\0' || mirror_id == 0) {
+ case 'N': {
+ unsigned long int id;
+
+ errno = 0;
+ id = strtoul(optarg, &end, 0);
+ if (errno != 0 || *end != '\0' || id == 0 ||
+ id > UINT16_MAX) {
fprintf(stderr,
"%s %s: invalid mirror ID '%s'\n",
progname, argv[0], optarg);
return rc;
}
fprintf(stderr,
"%s %s: invalid mirror ID '%s'\n",
progname, argv[0], optarg);
return rc;
}
+
+ mirror_id = (__u16)id;
case 'i':
inputfile = optarg;
break;
case 'i':
inputfile = optarg;
break;
- case 'i':
- read_mirror_id = strtoul(optarg, &end, 0);
- if (*end != '\0' || read_mirror_id == 0) {
+ case 'i': {
+ unsigned long int id;
+
+ errno = 0;
+ id = strtoul(optarg, &end, 0);
+ if (errno != 0 || *end != '\0' || id == 0 ||
+ id > UINT16_MAX) {
fprintf(stderr,
"%s %s: invalid read mirror ID '%s'\n",
progname, argv[0], optarg);
return rc;
}
fprintf(stderr,
"%s %s: invalid read mirror ID '%s'\n",
progname, argv[0], optarg);
return rc;
}
+
+ read_mirror_id = (__u16)id;
case 'o':
if (!strcmp(optarg, "-1")) {
/* specify all other mirrors */
case 'o':
if (!strcmp(optarg, "-1")) {
/* specify all other mirrors */
long_opts, NULL)) != -1) {
switch (c) {
case 'i':
long_opts, NULL)) != -1) {
switch (c) {
case 'i':
archive_id = strtoul(optarg, &end, 0);
archive_id = strtoul(optarg, &end, 0);
- if (*end != '\0' || archive_id == 0) {
+ if (errno != 0 || *end != '\0' ||
+ archive_id == 0 || archive_id > UINT32_MAX) {
fprintf(stderr,
"error: %s: bad archive ID '%s'\n",
argv[0], optarg);
fprintf(stderr,
"error: %s: bad archive ID '%s'\n",
argv[0], optarg);
long_opts, NULL)) != -1) {
switch (c) {
case 'i':
long_opts, NULL)) != -1) {
switch (c) {
case 'i':
archive_id = strtoul(optarg, &end, 0);
archive_id = strtoul(optarg, &end, 0);
+ if (errno != 0 || *end != '\0' ||
+ archive_id > UINT32_MAX) {
fprintf(stderr,
"error: %s: bad archive ID '%s'\n",
argv[0], optarg);
fprintf(stderr,
"error: %s: bad archive ID '%s'\n",
argv[0], optarg);