diff options
| author | Nick Mathewson <nickm@torproject.org> | 2019-11-11 12:20:14 -0500 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2019-11-11 12:20:14 -0500 |
| commit | 7c3378fb8d37e1f22ae7f04012e3e57a16b7f2fc (patch) | |
| tree | a0cd68ca420872d26dc689d49ae1fbd6d71fc8ee /src/lib/confmgt | |
| parent | 01af3a55f41de991c0b59d5bf12c100c82829b47 (diff) | |
| parent | 42ba3997d64591822411fbbedd51a240dbbb5fab (diff) | |
| download | tor-7c3378fb8d37e1f22ae7f04012e3e57a16b7f2fc.tar.gz tor-7c3378fb8d37e1f22ae7f04012e3e57a16b7f2fc.zip | |
Merge remote-tracking branch 'tor-github/pr/1338'
Diffstat (limited to 'src/lib/confmgt')
| -rw-r--r-- | src/lib/confmgt/.may_include | 1 | ||||
| -rw-r--r-- | src/lib/confmgt/unitparse.c | 35 |
2 files changed, 32 insertions, 4 deletions
diff --git a/src/lib/confmgt/.may_include b/src/lib/confmgt/.may_include index 2564133917..5ff949f103 100644 --- a/src/lib/confmgt/.may_include +++ b/src/lib/confmgt/.may_include @@ -4,6 +4,7 @@ lib/conf/*.h lib/confmgt/*.h lib/container/*.h lib/encoding/*.h +lib/intmath/*.h lib/log/*.h lib/malloc/*.h lib/string/*.h diff --git a/src/lib/confmgt/unitparse.c b/src/lib/confmgt/unitparse.c index c3ed8285a4..8cbf9903e7 100644 --- a/src/lib/confmgt/unitparse.c +++ b/src/lib/confmgt/unitparse.c @@ -15,6 +15,7 @@ #include "lib/log/util_bug.h" #include "lib/string/parse_int.h" #include "lib/string/util_string.h" +#include "lib/intmath/muldiv.h" #include <string.h> @@ -109,6 +110,7 @@ const struct unit_table_t time_msec_units[] = { * table <b>u</b>, then multiply the number by the unit multiplier. * On success, set *<b>ok</b> to 1 and return this product. * Otherwise, set *<b>ok</b> to 0. + * Warns user when overflow or a negative value is detected. */ uint64_t config_parse_units(const char *val, const unit_table_t *u, int *ok) @@ -142,10 +144,35 @@ config_parse_units(const char *val, const unit_table_t *u, int *ok) for ( ;u->unit;++u) { if (!strcasecmp(u->unit, cp)) { - if (use_float) - v = (uint64_t)(u->multiplier * d); - else - v *= u->multiplier; + if (use_float) { + d = u->multiplier * d; + + if (d < 0) { + log_warn(LD_CONFIG, "Negative value arised when parsing %s %s", + val, u->unit); + *ok = 0; + goto done; + } + + // Some compilers may warn about casting a double to an unsigned type + // because they don't know if d is >= 0 + if (d >= 0 && (d > (double)INT64_MAX || (uint64_t)d > INT64_MAX)) { + log_warn(LD_CONFIG, "Overflow detected parsing %s %s", val, u->unit); + *ok = 0; + goto done; + } + + v = (uint64_t) d; + } else { + v = tor_mul_u64_nowrap(v, u->multiplier); + + if (v > INT64_MAX) { + log_warn(LD_CONFIG, "Overflow detected parsing %s %s", val, u->unit); + *ok = 0; + goto done; + } + } + *ok = 1; goto done; } |