[SSSD] [sssd PR#5827][comment] A number of fixes around `strto*()` usage

Mon, 18 Oct 2021 12:56:55 -0700 

  URL: https://github.com/SSSD/sssd/pull/5827
Title: #5827: A number of fixes around `strto*()` usage

alexey-tikhonov commented:
"""
> There are few more places where `strtouint*()` is called with 2nd parameter 
> set to NULL:

I don't have very strong justification but will try my best to explain why I 
missed those.

> src/sbus/sbus_errors.c                                                        
>   
> 74:        ret = strtouint32(error->message, NULL, 10); 

This is a case `dbus_error_has_name(error, SBUS_ERROR_ERRNO)`, i.e. (IIUC) 
`error->message` is set by another SSSD process, i.e. can be treated as a more 
or less "safe" source.
But imagine we want to be prudent and catch a case "123abc". How are we going 
to handle this?
This is a helper function that translates `error` to error code. So instead of 
`123` in this case of malformed error text we can return, for example, 
`ERR_INTERNAL`. Does it make some sense? Perhaps. Much sense? Imo, no.
                 
> src/responder/kcm/kcmsrv_ccache_secdb.c                                       
>      
> 846:        uid = strtouint32(uid_list[i], NULL, 10);      

`uid_list` originates from sssd-kcm ccache DB, so again, more or less reliable.
                        
> src/tests/cwrap/test_server.c                                                 
>      
> 79:    tmp = strtouint32(buf, NULL, 10);                                      
>      

That's a test. It's not that I don't care at all, but it really can be not as 
strict.

> src/providers/ldap/ldap_id_services.c                                         
>      
> 266:            port = strtouint16(state->name, NULL, 10);                    
>      

Again, internal stuff. But ok, to be consistent I will add checks here...

>                                                                               
>      
> src/providers/ldap/sdap_access.c                                              
>      
> 1859:            duration = strtouint32(pwdAccountLockedDurationTime, NULL, 
> 0);

This value is from LDAP - "pwdLockoutDuration" . I just wasn't sure what weird 
format it might have...
But it looks https://ldapwiki.com/wiki/PwdLockoutDuration says "Integer" so ok, 
I will update this as well.

"""

See the full comment at 
https://github.com/SSSD/sssd/pull/5827#issuecomment-946114494

_______________________________________________
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Reply via email to