[Libvir] diagnose invalid domain ID numbers (and invalid integers, in general)

Jim Meyering jim at meyering.net
Fri Nov 9 21:30:15 UTC 2007 

Jim Meyering <jim at meyering.net> wrote:
> There are over 30 uses of strtol in libvirt, and they all can silently
> accept invalid input.  The invalid string might range from an outlandish
> domain ID like 4294967298 to strings of digits followed by bogus alpha.
> Maybe not worth worrying about, you say?  But what if they indicate user
> confusion, e.g., 1,000 vs 1000?  Silently interpreting "1,000" as "1"
> would leave the poor user even more confused :-)  IMHO, they should all
> be diagnosed.
...
> Patch attached below.
> If you apply it with plain-old-patch, remember to run this:
>
> chmod a+x tests/int-overflow
>
> Thu Nov  8 09:59:43 CET 2007 Jim Meyering  <meyering at redhat.com>
>
> 	Diagnose an invalid domain ID number.
>
> 	* src/virsh.c: Include "xstrtol.h"
> 	(vshCommandOptDomainBy): Detect integer overflow in domain ID number.
> 	* tests/int-overflow: New script. Test for the above-fixed bug.
> 	* tests/Makefile.am (TESTS): Add int-overflow.
> 	(TESTS_ENVIRONMENT): Define, to propagate $abs_top_* variables
> 	into the int-overflow script.
> 	(valgrind): Adapt rule not to clobber new TESTS_ENVIRONMENT.
> 	* src/xstrtol.h, src/xstrtol.c: New files.
> 	* src/Makefile.am (virsh_SOURCES): Add xstrtol.c and xstrtol.h.

Daniel Veillard suggested to put the definition of xstrtol_i in a header
file, so that it can be used both by virsh.c and by the library itself,
so now it's in src/internal.h.  I've added a fix for one strtol use in
the library, in xend_internal.c.  Finally, I've adjusted the ChangeLog
to more closely match Daniel's preference.

Thu Nov  8 09:59:43 CET 2007 Jim Meyering  <meyering at redhat.com>

	Begin fixing uses of strtol: parse integers more carefully.
	* src/internal.h: Include <errno.h>.
	Define new static inline function, xstrtol_i.
	* src/virsh.c: Detect integer overflow in domain ID number
        in vshCommandOptDomainBy.
        Detect overflow and invalid port number suffix in cmdVNCDisplay.
	* src/xend_internal.c: Parse CPU number more carefully in
        xenDaemonDomainGetVcpus.
	* tests/int-overflow: New script. Test for the above-fixed bug.
	* tests/Makefile.am: Add int-overflow to TESTS.
	Define TESTS_ENVIRONMENT, to propagate $abs_top_* variables
	into the int-overflow script.
	Adapt the "valgrind" rule not to clobber new TESTS_ENVIRONMENT.

-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: parse-integers-carefully
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20071109/f802e07b/attachment-0001.ksh>

More information about the libvir-list mailing list