Bug#386197: dpkg: strtol checks don't fail when given a null string

2009-03-23 Thread Raphael Hertzog 
On Mon, 23 Mar 2009, Guillem Jover wrote:
> > You added an unwanted "*" in the check. I'll commit it soon after tests.
> 
> Before closing this bug, I'd like to get all other instances of strto*
> in the source tree reviewed, for this kind of missing checks or other
> flacky usage.

Fortunately there aren't many such calls:

dpkg-deb/extract.c:  r = strtol(lintbuf, &endp, 10);

The content of lintbuf is copied from a set of non-null bytes. And the
length of data copied is never null.

dpkg-split/queue.c:  pq->info.maxpartlen= strtol(p,&q,16); if (q==p || *q++ != 
'.') return 0;
dpkg-split/queue.c:  p=q; pq->info.thispartn= (int)strtol(p,&q,16); if (q==p || 
*q++ != '.') return 0;
dpkg-split/queue.c:  p=q; pq->info.maxpartn= (int)strtol(p,&q,16); if (q==p || 
*q) return 0;

The check includes q==p so it's fine.

dpkg-split/main.c:  newpartsize= strtol(value,&endp,10);
dpkg-split/info.c:  r= strtoul(value,&endp,10);

Those two should be fixed as well.

lib/showpkg.c:  w=strtol(ws+1,&endptr,0);

This one is fine.

lib/parsehelp.c:epoch= strtoul(string,&eepochcolon,10);

This one is ok if we want to accept that ":1" == "0:1" as version number.

src/filesdb.c:  fso->uid=strtol(thisline + 1, &endptr, 10);
src/filesdb.c:  fso->gid=strtol(thisline + 1, &endptr, 10);
src/filesdb.c:fso->mode=strtol(thisline, &endptr, 8);

Those have to be fixed as well. It's particularly bad as what would look
like to a comment for any admin is in fact interpreted like a uid==0
by the code.

src/main.c:  f_debug= strtoul(value,&endp,8);
src/main.c:  v= strtoul(value,&ep,0);
src/main.c:  v= strtoul(value,&ep,0);

Must be fixed too.

src/main.c:  if ((infd= strtol(pipein, (char **)NULL, 10)) == -1)

Clearly wrong too.

utils/start-stop-daemon.c:  ul = strtoul(string, &ep, 10);
utils/start-stop-daemon.c:  *value_r = strtoul(string, NULL, 0);

One is ok, the other not.

I'll commit fixes for all these later.

Cheers,
-- 
Raphaël Hertzog

Contribuez à Debian et gagnez un cahier de l'admin Debian Lenny :
http://www.ouaza.com/wp/2009/03/02/contribuer-a-debian-gagner-un-livre/



--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#386197: dpkg: strtol checks don't fail when given a null string

2009-03-22 Thread Guillem Jover 
Hi!

On Sun, 2009-03-22 at 13:23:45 +0100, Raphael Hertzog wrote:
> On Fri, 20 Mar 2009, Bill Allombert wrote:
> > > This is easy to fix by checking (s==end), or by setting errno=0 before
> > > calling strto* functions, and checking (errno!=0) afterwards (see the
> > > recently-updated manpage example).  Given enough time, I will
> > > eventually provide a patch for this, but I don't know that I'll get to
> > > it anytime soon..
> > 
> > The attached patch should fix that and is conformant with man strtoul:
> > 
> >In particular, if *nptr is not '\0' but **endptr is '\0' on return, 
> > the
> >entire string is valid.
> 
> Your patch doesn't compile:
> ../../src/main.c: In function ‘setinteger’:
> ../../src/main.c:296: error: invalid type argument of ‘unary *’ (have ‘int’)
> make[3]: *** [main.o] Erreur 1
> 
> You added an unwanted "*" in the check. I'll commit it soon after tests.

Before closing this bug, I'd like to get all other instances of strto*
in the source tree reviewed, for this kind of missing checks or other
flacky usage.

regards,
guillem



--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#386197: dpkg: strtol checks don't fail when given a null string

2009-03-22 Thread Raphael Hertzog 
On Fri, 20 Mar 2009, Bill Allombert wrote:
> > This is easy to fix by checking (s==end), or by setting errno=0 before
> > calling strto* functions, and checking (errno!=0) afterwards (see the
> > recently-updated manpage example).  Given enough time, I will
> > eventually provide a patch for this, but I don't know that I'll get to
> > it anytime soon..
> 
> The attached patch should fix that and is conformant with man strtoul:
> 
>In particular, if *nptr is not '\0' but **endptr is '\0' on return, the
>entire string is valid.

Your patch doesn't compile:
../../src/main.c: In function ‘setinteger’:
../../src/main.c:296: error: invalid type argument of ‘unary *’ (have ‘int’)
make[3]: *** [main.o] Erreur 1

You added an unwanted "*" in the check. I'll commit it soon after tests.

Cheers,
-- 
Raphaël Hertzog

Contribuez à Debian et gagnez un cahier de l'admin Debian Lenny :
http://www.ouaza.com/wp/2009/03/02/contribuer-a-debian-gagner-un-livre/



--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#386197: dpkg: strtol checks don't fail when given a null string

2009-03-20 Thread Bill Allombert 
tags 386197 patch
quit
On Tue, Sep 05, 2006 at 03:30:56PM -0400, Justin Pryzby wrote:
> Package: dpkg
> Version: 1.13.21
> Severity: normal
> 
> $ sudo dpkg --abort-after '' -i /
> dpkg-split: error reading /: Is a directory
> dpkg: error processing / (--install):
>  subprocess dpkg-split returned error exit status 2
> dpkg: too many errors, stopping
> Errors were encountered while processing:
>  /
> Processing was halted because there were too many errors.
> 
> This is easy to fix by checking (s==end), or by setting errno=0 before
> calling strto* functions, and checking (errno!=0) afterwards (see the
> recently-updated manpage example).  Given enough time, I will
> eventually provide a patch for this, but I don't know that I'll get to
> it anytime soon..

The attached patch should fix that and is conformant with man strtoul:

   In particular, if *nptr is not '\0' but **endptr is '\0' on return, the
   entire string is valid.

Cheers,
-- 
Bill. 

Imagine a large red swirl here. 
diff --git a/src/main.c b/src/main.c
index c892af3..ca1ba25 100644
--- a/src/main.c
+++ b/src/main.c
@@ -293,7 +293,7 @@ static void setinteger(const struct cmdinfo *cip, const 
char *value) {
   char *ep;
 
   v= strtoul(value,&ep,0);
-  if (*ep || v > INT_MAX)
+  if (!*value || **ep || v > INT_MAX)
 badusage(_("invalid integer for --%s: `%.250s'"),cip->olong,value);
   *cip->iassignto= v;
 }

Bug#386197: dpkg: strtol checks don't fail when given a null string

2006-09-05 Thread Justin Pryzby 
Package: dpkg
Version: 1.13.21
Severity: normal

$ sudo dpkg --abort-after '' -i /
dpkg-split: error reading /: Is a directory
dpkg: error processing / (--install):
 subprocess dpkg-split returned error exit status 2
dpkg: too many errors, stopping
Errors were encountered while processing:
 /
Processing was halted because there were too many errors.

This is easy to fix by checking (s==end), or by setting errno=0 before
calling strto* functions, and checking (errno!=0) afterwards (see the
recently-updated manpage example).  Given enough time, I will
eventually provide a patch for this, but I don't know that I'll get to
it anytime soon..


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]