This patch adds functions to get int, uint, double value from string
with error checking and range specification.
These functions don't allow overflow and outside of the range values.

In addition, it adds parser_result cases "MALFORMED" and "OUT_OF_RANGE" to make
reason of parse error more clear.

Signed-off-by: Ken ICHIKAWA <***@jp.fujitsu.com>
---
config.c | 14 ++++++++------
config.h | 8 ++++++++
util.c | 44 ++++++++++++++++++++++++++++++++++++++++++++
util.h | 46 ++++++++++++++++++++++++++++++++++++++++++++++
4 files changed, 106 insertions(+), 6 deletions(-)

diff --git a/config.c b/config.c
index 734bd36..100f033 100644
--- a/config.c
+++ b/config.c
@@ -30,12 +30,6 @@ enum config_section {
UNKNOWN_SECTION,
};

-enum parser_result {
- PARSED_OK,
- NOT_PARSED,
- BAD_VALUE,
-};
-
static enum parser_result parse_section_line(char *s, enum config_section *section)
{
if (!strcasecmp(s, "[global]")) {
@@ -512,6 +506,14 @@ int config_read(char *name, struct config *cfg)
fprintf(stderr, "%s is a bad value for option %s at line %d\n",
value, option, line_num);
goto parse_error;
+ case MALFORMED:
+ fprintf(stderr, "%s is a malformed value for option %s at line %d\n",
+ value, option, line_num);
+ goto parse_error;
+ case OUT_OF_RANGE:
+ fprintf(stderr, "%s is an out of range value for option %s at line %d\n",
+ value, option, line_num);
+ goto parse_error;
}

break;
diff --git a/config.h b/config.h
index 901b50a..d4a58b3 100644
--- a/config.h
+++ b/config.h
@@ -46,6 +46,14 @@ struct interface {
#define CFG_IGNORE_USE_SYSLOG (1 << 5)
#define CFG_IGNORE_VERBOSE (1 << 6)

+enum parser_result {
+ PARSED_OK,
+ NOT_PARSED,
+ BAD_VALUE,
+ MALFORMED,
+ OUT_OF_RANGE,
+};
+
struct config {
/* configuration override */
int cfg_ignore;
diff --git a/util.c b/util.c
index 55ec49f..45cf5ba 100644
--- a/util.c
+++ b/util.c
@@ -16,7 +16,9 @@
* with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
+#include <errno.h>
#include <stdio.h>
+#include <stdlib.h>
#include <string.h>

#include "sk.h"
@@ -190,3 +192,45 @@ int leap_second_status(uint64_t ts, int leap_set, int *leap, int *utc_offset)

return leap_status;
}
+
+enum parser_result get_ranged_int(const char *str_val, int *result, int min, int max)
+{
+ long parsed_val;
+ char *endptr = NULL;
+ errno = 0;
+ parsed_val = strtol(str_val, &endptr, 0);
+ if (*endptr != '\0' || endptr == str_val)
+ return MALFORMED;
+ if (errno == ERANGE || parsed_val < min || parsed_val > max)
+ return OUT_OF_RANGE;
+ *result = parsed_val;
+ return PARSED_OK;
+}
+
+enum parser_result get_ranged_uint(const char *str_val, unsigned int *result, unsigned int min, unsigned int max)
+{
+ unsigned long parsed_val;
+ char *endptr = NULL;
+ errno = 0;
+ parsed_val = strtoul(str_val, &endptr, 0);
+ if (*endptr != '\0' || endptr == str_val)
+ return MALFORMED;
+ if (errno == ERANGE || parsed_val < min || parsed_val > max)
+ return OUT_OF_RANGE;
+ *result = parsed_val;
+ return PARSED_OK;
+}
+
+enum parser_result get_ranged_double(const char *str_val, double *result, double min, double max)
+{
+ double parsed_val;
+ char *endptr = NULL;
+ errno = 0;
+ parsed_val = strtod(str_val, &endptr);
+ if (*endptr != '\0' || endptr == str_val)
+ return MALFORMED;
+ if (errno == ERANGE || parsed_val < min || parsed_val > max)
+ return OUT_OF_RANGE;
+ *result = parsed_val;
+ return PARSED_OK;
+}
diff --git a/util.h b/util.h
index d2734d1..ea14d3b 100644
--- a/util.h
+++ b/util.h
@@ -20,6 +20,7 @@
#ifndef HAVE_UTIL_H
#define HAVE_UTIL_H

+#include "config.h"
#include "ddt.h"

/**
@@ -114,4 +115,49 @@ int is_utc_ambiguous(uint64_t ts);
* inserted, -1 if leap second will be deleted.
*/
int leap_second_status(uint64_t ts, int leap_set, int *leap, int *utc_offset);
+
+/**
+ * Get an integer value from string with error checking and range
+ * specification.
+ *
+ * @param str_val String which contains an integer value.
+ * @param result Parsed value is stored in here.
+ * @param min Lower limit. Return OUT_OF_RANGE if parsed value
+ * is less than min.
+ * @param max Upper Limit. Return OUT_OF_RANGE if parsed value
+ * is bigger than max.
+ * @return PARSED_OK on success, MALFORMED if str_val is malformed,
+ * OUT_OF_RANGE if str_val is out of range.
+ */
+enum parser_result get_ranged_int(const char *str_val, int *result, int min, int max);
+
+/**
+ * Get an unsigned integer value from string with error checking and range
+ * specification.
+ *
+ * @param str_val String which contains an unsigned integer value.
+ * @param result Parsed value is stored in here.
+ * @param min Lower limit. Return OUT_OF_RANGE if parsed value
+ * is less than min.
+ * @param max Upper Limit. Return OUT_OF_RANGE if parsed value
+ * is bigger than max.
+ * @return PARSED_OK on success, MALFORMED if str_val is malformed,
+ * OUT_OF_RANGE if str_val is out of range.
+ */
+enum parser_result get_ranged_uint(const char *str_val, unsigned int *result, unsigned int min, unsigned int max);
+
+/**
+ * Get a double value from string with error checking and range
+ * specification.
+ *
+ * @param str_val String which contains a double value.
+ * @param result Parsed value is stored in here.
+ * @param min Lower limit. Return OUT_OF_RANGE if parsed value
+ * is less than min.
+ * @param max Upper Limit. Return OUT_OF_RANGE if parsed value
+ * is bigger than max.
+ * @return PARSED_OK on success, MALFORMED if str_val is malformed,
+ * OUT_OF_RANGE if str_val is out of range.
+ */
+enum parser_result get_ranged_double(const char *str_val, double *result, double min, double max);
#endif

Signed-off-by: Ken ICHIKAWA <***@jp.fujitsu.com>
---
config.c | 7 ++++---
1 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/config.c b/config.c
index 100f033..cf15fcb 100644
--- a/config.c
+++ b/config.c
@@ -309,9 +309,10 @@ static enum parser_result parse_global_setting(const char *option,
*cfg->udp6_scope = u8;

} else if (!strcmp(option, "logging_level")) {
- if (1 != sscanf(value, "%d", &val) ||
- val < PRINT_LEVEL_MIN || val > PRINT_LEVEL_MAX)
- return BAD_VALUE;
+ r = get_ranged_int(value, &val,
+ PRINT_LEVEL_MIN, PRINT_LEVEL_MAX);
+ if (r != PARSED_OK)
+ return r;
if (!(cfg_ignore & CFG_IGNORE_PRINT_LEVEL)) {
cfg->print_level = val;
}

Signed-off-by: Ken ICHIKAWA <***@jp.fujitsu.com>
---
util.c | 54 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
util.h | 37 +++++++++++++++++++++++++++++++++++++
2 files changed, 91 insertions(+), 0 deletions(-)

diff --git a/util.c b/util.c
index 45cf5ba..8e8d5a5 100644
--- a/util.c
+++ b/util.c
@@ -234,3 +234,57 @@ enum parser_result get_ranged_double(const char *str_val, double *result, double
*result = parsed_val;
return PARSED_OK;
}
+
+int get_arg_val_i(int op, const char *optarg, int *val, int min, int max)
+{
+ enum parser_result r;
+ r = get_ranged_int(optarg, val, min, max);
+ if (r == MALFORMED) {
+ fprintf(stderr,
+ "-%c: %s is a malformed value\n", op, optarg);
+ return -1;
+ }
+ if (r == OUT_OF_RANGE) {
+ fprintf(stderr,
+ "-%c: %s is out of range. Must be in the range %d to %d\n",
+ op, optarg, min, max);
+ return -1;
+ }
+ return 0;
+}
+
+int get_arg_val_ui(int op, const char *optarg, unsigned int *val, unsigned int min, unsigned int max)
+{
+ enum parser_result r;
+ r = get_ranged_uint(optarg, val, min, max);
+ if (r == MALFORMED) {
+ fprintf(stderr,
+ "-%c: %s is a malformed value\n", op, optarg);
+ return -1;
+ }
+ if (r == OUT_OF_RANGE) {
+ fprintf(stderr,
+ "-%c: %s is out of range. Must be in the range %u to %u\n",
+ op, optarg, min, max);
+ return -1;
+ }
+ return 0;
+}
+
+int get_arg_val_d(int op, const char *optarg, double *val, double min, double max)
+{
+ enum parser_result r;
+ r = get_ranged_double(optarg, val, min, max);
+ if (r == MALFORMED) {
+ fprintf(stderr,
+ "-%c: %s is a malformed value\n", op, optarg);
+ return -1;
+ }
+ if (r == OUT_OF_RANGE) {
+ fprintf(stderr,
+ "-%c: %s is out of range. Must be in the range %e to %e\n",
+ op, optarg, min, max);
+ return -1;
+ }
+ return 0;
+}
diff --git a/util.h b/util.h
index ea14d3b..62a56de 100644
--- a/util.h
+++ b/util.h
@@ -160,4 +160,41 @@ enum parser_result get_ranged_uint(const char *str_val, unsigned int *result, un
* OUT_OF_RANGE if str_val is out of range.
*/
enum parser_result get_ranged_double(const char *str_val, double *result, double min, double max);
+
+/**
+ * Common procedure to get an int value from argument for ptp4l and phc2sys.
+ *
+ * @param op Character code of an option.
+ * @param optarg Option argument string.
+ * @param val Parsed value is stored in here.
+ * @param min Lower limit. Return -1 if parsed value is less than min.
+ * @param max Upper limit. Return -1 if parsed value is bigger than max.
+ * @return 0 on success, -1 if some error occurs.
+ */
+int get_arg_val_i(int op, const char *optarg, int *val, int min, int max);
+
+/**
+ * Common procedure to get an unsigned int value from argument for ptp4l
+ * and phc2sys.
+ *
+ * @param op Character code of an option.
+ * @param optarg Option argument string.
+ * @param val Parsed value is stored in here.
+ * @param min Lower limit. Return -1 if parsed value is less than min.
+ * @param max Upper limit. Return -1 if parsed value is bigger than max.
+ * @return 0 on success, -1 if some error occurs.
+ */
+int get_arg_val_ui(int op, const char *optarg, unsigned int *val, unsigned int min, unsigned int max);
+
+/**
+ * Common procedure to get a double value from argument for ptp4l and phc2sys.
+ *
+ * @param op Character code of an option.
+ * @param optarg Option argument string.
+ * @param val Parsed value is stored in here.
+ * @param min Lower limit. Return -1 if parsed value is less than min.
+ * @param max Upper limit. Return -1 if parsed value is bigger than max.
+ * @return 0 on success, -1 if some error occurs.
+ */
+int get_arg_val_d(int op, const char *optarg, double *val, double min, double max);
#endif

Signed-off-by: Ken ICHIKAWA <***@jp.fujitsu.com>
---
phc2sys.c | 48 +++++++++++++++++++++++++++++++++++++-----------
ptp4l.c | 4 +++-
2 files changed, 40 insertions(+), 12 deletions(-)

diff --git a/phc2sys.c b/phc2sys.c
index 309ee6c..d4c9b65 100644
--- a/phc2sys.c
+++ b/phc2sys.c
@@ -19,6 +19,9 @@
*/
#include <errno.h>
#include <fcntl.h>
+#include <float.h>
+#include <inttypes.h>
+#include <limits.h>
#include <poll.h>
#include <stdint.h>
#include <stdio.h>
@@ -28,7 +31,6 @@
#include <sys/stat.h>
#include <sys/types.h>
#include <unistd.h>
-#include <inttypes.h>

#include <linux/pps.h>
#include <linux/ptp_clock.h>
@@ -576,7 +578,7 @@ int main(int argc, char *argv[])
int c, domain_number = 0, phc_readings = 5, pps_fd = -1;
int max_ppb, r, wait_sync = 0, forced_sync_offset = 0;
int print_level = LOG_INFO, use_syslog = 1, verbose = 0;
- double ppb, phc_interval = 1.0;
+ double ppb, phc_interval = 1.0, phc_rate;
struct timespec phc_interval_tp;
struct clock dst_clock = {
.clkid = CLOCK_REALTIME,
@@ -611,39 +613,63 @@ int main(int argc, char *argv[])
src = clock_open(optarg);
break;
case 'P':
- configured_pi_kp = atof(optarg);
+ if (get_arg_val_d(c, optarg, &configured_pi_kp,
+ 0.0, DBL_MAX))
+ return -1;
break;
case 'I':
- configured_pi_ki = atof(optarg);
+ if (get_arg_val_d(c, optarg, &configured_pi_ki,
+ 0.0, DBL_MAX))
+ return -1;
break;
case 'S':
- configured_pi_offset = atof(optarg);
+ if (get_arg_val_d(c, optarg, &configured_pi_offset,
+ 0.0, DBL_MAX))
+ return -1;
break;
case 'R':
- phc_interval = 1.0 / atof(optarg);
+ if (get_arg_val_d(c, optarg, &phc_rate, 0.0, DBL_MAX))
+ return -1;
+ phc_interval = 1.0 / phc_rate;
+ /* phc_interval will be assigned to a time_t variable. */
+ /* check if that occurs overflow. */
+ if ((sizeof(time_t) == 8 && phc_interval > INT64_MAX) ||
+ (sizeof(time_t) == 4 && phc_interval > INT32_MAX)) {
+ fprintf(stderr,
+ "-R: %s is too small\n", optarg);
+ return -1;
+ }
break;
case 'N':
- phc_readings = atoi(optarg);
+ if (get_arg_val_i(c, optarg, &phc_readings, 1, INT_MAX))
+ return -1;
break;
case 'O':
- dst_clock.sync_offset = atoi(optarg);
+ if (get_arg_val_i(c, optarg, &dst_clock.sync_offset,
+ INT_MIN, INT_MAX))
+ return -1;
dst_clock.sync_offset_direction = -1;
forced_sync_offset = 1;
break;
case 'u':
- dst_clock.stats_max_count = atoi(optarg);
+ if (get_arg_val_ui(c, optarg, &dst_clock.stats_max_count,
+ 0, UINT_MAX))
+ return -1;
break;
case 'w':
wait_sync = 1;
break;
case 'n':
- domain_number = atoi(optarg);
+ if (get_arg_val_i(c, optarg, &domain_number, 0, 255))
+ return -1;
break;
case 'x':
dst_clock.kernel_leap = 0;
break;
case 'l':
- print_level = atoi(optarg);
+ if (get_arg_val_i(c, optarg, &print_level,
+ PRINT_LEVEL_MIN, PRINT_LEVEL_MAX))
+ return -1;
break;
case 'm':
verbose = 1;
diff --git a/ptp4l.c b/ptp4l.c
index ecaf9ed..8ad58bf 100644
--- a/ptp4l.c
+++ b/ptp4l.c
@@ -237,7 +237,9 @@ int main(int argc, char *argv[])
*cfg_ignore |= CFG_IGNORE_SLAVEONLY;
break;
case 'l':
- cfg_settings.print_level = atoi(optarg);
+ if (get_arg_val_i(c, optarg, &cfg_settings.print_level,
+ PRINT_LEVEL_MIN, PRINT_LEVEL_MAX))
+ return -1;
*cfg_ignore |= CFG_IGNORE_PRINT_LEVEL;
break;
case 'm':

Series applied.

Thanks,
Richard