On 06/04/2012 09:51 AM, Corey Bryant wrote:
>>> +
>>> + if (strstart(filename, "/dev/fd/",&p)) {
>>> + fd = atoi(p);
>>
>> atoi() is lousy - it has no error checking, and returns 0 if a mistake
>> was made. You really want to be using strtol (or even better, a
>> sensible wrapper around strtol that takes care of the subtleties of
>> calling it correctly), so that you don't end up dup'ing stdin when the
>> user passes a bad /dev/fd/ string.
>>
>
> It looks like strtol returns 0 on failure too. Do we need to support
> stdin/stdout/stderr?
But at least strtol lets you detect errors:
char *tmp;
errno = 0;
fd = strtol(p, &tmp, 10);
if (errno || tmp == p) {
/* raise your error here */
}
and if you get past that point, then someone really did pass in
/dev/fd/0 as the string they meant to be parsed (probably a user bug, as
getfd is unlikely to ever return 0 unless you start with stdin closed,
which itself is something that POSIX discourages, but not something we
need to specifically worry about). So I would argue that yes, we do
need to support fd 0, if only by not special casing it as compared to
any other valid fd.
--
Eric Blake ebl...@redhat.com +1-919-301-3266
Libvirt virtualization library http://libvirt.org
signature.asc
Description: OpenPGP digital signature
