From patchwork Thu Sep 11 20:15:00 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gert Doering X-Patchwork-Id: 4401 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7000:b149:b0:671:5a2c:6455 with SMTP id s9csp3390629maw; Thu, 11 Sep 2025 13:15:21 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCUZ/pNKFj5uz+bLT+C6aNBNpBug216U86gfWPBB8MbhTtOKo230Ksfp3CpeX+XZdq+TNm4CrTAxQzo=@openvpn.net X-Google-Smtp-Source: AGHT+IHx1mSLpjPiTZg4uJCu/AjCG5BNOdy0DmB7XIeq8FscZatSthLJF6qv3LlODQlk8qMLwy1C X-Received: by 2002:a05:6870:c195:b0:30b:9efd:caaf with SMTP id 586e51a60fabf-32e4cf9027cmr360302fac.19.1757621721670; Thu, 11 Sep 2025 13:15:21 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1757621721; cv=none; d=google.com; s=arc-20240605; b=WOSTgCBLTQErXsLu4m4F+Y0l6JQavyjAWYOd180uAAvFL+y1HcJskDXQNWkZifHF9F xTd7w2WzxFTNQ6LTyQZLgY9T/jLFQ2NXb5y3SU1YQJTQZ+PbOCWoOnS5VvREQSecsae4 z0IRDSzynsTwP5D5r40PMVT33OyvEyD8VmZ8gC6/qrXgc3bgi5TlIlSUQSgAzS0n/hxI sUQFY/N30d0xiBdw3A+AAtmZ/MItl55F18Ns5FjOtjUcgh77lY6N2EQ2OF3PxPPqrSL3 T2bo9HjtuGwzr8jQ9/0CVFfOEQ2aXUk6pXOMh3KuJgL2E9J2+R+R6+Kr7dhHDd/7qmnu muMQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=errors-to:content-transfer-encoding:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:references:in-reply-to:message-id:date:to:from :dkim-signature:dkim-signature:dkim-signature; bh=7X/LGKKjMaACl5LMTrV683C9LjHMkcXnZWNYAIgSIHU=; fh=4NbAC/LsuMLI0S0hprUlLSLCiHwg6SCAifhH718Jh0Q=; b=N06FPtK+aX4ugIxO0uZCFv2a9oRtZaHkVLGIc5DjDXxfMvfyOnYAzbNs5vayy/TAGr xUurmJ24dkMqdn4g2k15CgJCtvkiemuX2l39bNwbLQaSD2HRYcrZnIKWBJPj14ZPh7Rq /JX9Uic17yuCzrm+1Noe3G43dU8GLjXwKxsX3PmpKVXv2rQgGOGkZCi606AOmqOu6ng1 DTSFvdqitaUrmFcA1VotZsv8gTkQa+Yukg2GI5M32tAhlFzmCtW8EM+USuHEQkkGocv1 84skkAoZcyTqcUwNRuy7CPHLcsh6XLHFRt1QqAz+YVpr9ATyfBdwqzAPC0JETM3PlH+D rW2g==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@lists.sourceforge.net header.s=beta header.b=caklXr5r; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=fGfZGDZD; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=DLxBskZF; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=muc.de Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id 586e51a60fabf-32d32f47901si596148fac.53.2025.09.11.13.15.21 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Thu, 11 Sep 2025 13:15:21 -0700 (PDT) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=pass header.i=@lists.sourceforge.net header.s=beta header.b=caklXr5r; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=fGfZGDZD; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=DLxBskZF; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=muc.de DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.sourceforge.net; s=beta; h=Content-Transfer-Encoding:Content-Type: List-Subscribe:List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id: Subject:MIME-Version:References:In-Reply-To:Message-ID:Date:To:From:Sender: Reply-To:Cc:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=7X/LGKKjMaACl5LMTrV683C9LjHMkcXnZWNYAIgSIHU=; b=caklXr5ryRHveSQlfaGrTVym1r L9hMzodOZWMpnItReaQkmoVS4w5ZfA1wcqWnMF2VAUSa0k69jdQJz5Z97hvHo97t9Pg3vsF9CEEtP 0EELtHXoUPF8+AG1SnDt384N8Qe8XENNY0WkLG4FUn1dJiQniPUqjyRHKndYmmu9uymU=; Received: from [127.0.0.1] (helo=sfs-ml-4.v29.lw.sourceforge.com) by sfs-ml-4.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1uwnhP-0002Ic-N8; Thu, 11 Sep 2025 20:15:19 +0000 Received: from [172.30.29.66] (helo=mx.sourceforge.net) by sfs-ml-4.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1uwnhO-0002IT-EH for openvpn-devel@lists.sourceforge.net; Thu, 11 Sep 2025 20:15:18 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-ID:Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=qLJGTzcX35P6+oI/T0A8guOwyp9gN4k2BTNaLXWcfJU=; b=fGfZGDZDC+Ge/Igi7UiuYxWLM1 VsfyP0DNPCaq712HiKNtdGaG5mg/pdIWjAifWuTQkjPPZz445kv9SZc2Jbjlx0HmjR8jhWN76EMzA KIdTq6ipTxGvEj4ID3X0NnrSXQNatVDonecAeLJwApzJbR0WCyL6h0NF73M46fugdA2w=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-ID: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=qLJGTzcX35P6+oI/T0A8guOwyp9gN4k2BTNaLXWcfJU=; b=DLxBskZFl1OnG/AmF12YIrsVfu zC6KtDAJuw4yYpWT8frfp+KjS8kvh483Z1o5rlMV7+YnJeFHycIqB/QsWRMOOKMP5+VDZ5A40GTQ6 b9mvE2oAQsqp8fHm8v/8HIU5Qlrx+IrJ7kmlL12BCfMDT5vjAKGGio7CYF6HiNgW2ST4=; Received: from [193.149.48.134] (helo=blue.greenie.muc.de) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95) id 1uwnhN-0003J1-Ij for openvpn-devel@lists.sourceforge.net; Thu, 11 Sep 2025 20:15:18 +0000 Received: from blue.greenie.muc.de (localhost [127.0.0.1]) by blue.greenie.muc.de (8.18.1/8.18.1) with ESMTP id 58BKF6LJ025600 for ; Thu, 11 Sep 2025 22:15:06 +0200 Received: (from gert@localhost) by blue.greenie.muc.de (8.18.1/8.18.1/Submit) id 58BKF6Ai025599 for openvpn-devel@lists.sourceforge.net; Thu, 11 Sep 2025 22:15:06 +0200 From: Gert Doering To: openvpn-devel@lists.sourceforge.net Date: Thu, 11 Sep 2025 22:15:00 +0200 Message-ID: <20250911201505.25582-1-gert@greenie.muc.de> X-Mailer: git-send-email 2.49.1 In-Reply-To: References: MIME-Version: 1.0 X-Spam-Score: 1.3 (+) X-Spam-Report: Spam detection software, running on the system "sfi-spamd-1.hosts.colo.sdot.me", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: From: Frank Lichtenheld This covers the cases where we actually want to allow numbers > 2^31 Change-Id: I454126b3f8fa9d14501f6c4b1ed9ce7b2904be61 Signed-off-by: Frank Lichtenheld Acked-by: MaxF --- Content analysis details: (1.3 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 1.3 RDNS_NONE Delivered to internal network by a host with no rDNS X-Headers-End: 1uwnhN-0003J1-Ij Subject: [Openvpn-devel] [PATCH v4] options: Factor out usages of strtoll and atoll X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1842999954652747713?= X-GMAIL-MSGID: =?utf-8?q?1842999954652747713?= From: Frank Lichtenheld This covers the cases where we actually want to allow numbers > 2^31 Change-Id: I454126b3f8fa9d14501f6c4b1ed9ce7b2904be61 Signed-off-by: Frank Lichtenheld Acked-by: MaxF --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1154 This mail reflects revision 4 of this Change. Acked-by according to Gerrit (reflected above): MaxF diff --git a/src/openvpn/options.c b/src/openvpn/options.c index 7c2b3c8..4068a9a 100644 --- a/src/openvpn/options.c +++ b/src/openvpn/options.c @@ -7185,8 +7185,7 @@ options->inactivity_timeout = positive_atoi(p[1], msglevel); if (p[2]) { - int64_t val = atoll(p[2]); - options->inactivity_minimum_bytes = (val < 0) ? 0 : val; + positive_atoll(p[2], &options->inactivity_minimum_bytes, p[0], msglevel); if (options->inactivity_minimum_bytes > INT_MAX) { msg(M_WARN, @@ -9541,26 +9540,18 @@ else if (streq(p[0], "reneg-bytes") && p[1] && !p[2]) { VERIFY_PERMISSION(OPT_P_TLS_PARMS); - char *end; - long long reneg_bytes = strtoll(p[1], &end, 10); - if (*end != '\0' || reneg_bytes < 0) + if (!positive_atoll(p[1], &options->renegotiate_bytes, p[0], msglevel)) { - msg(msglevel, "--reneg-bytes parameter must be an integer and >= 0"); goto err; } - options->renegotiate_bytes = reneg_bytes; } else if (streq(p[0], "reneg-pkts") && p[1] && !p[2]) { VERIFY_PERMISSION(OPT_P_TLS_PARMS); - char *end; - long long pkt_max = strtoll(p[1], &end, 10); - if (*end != '\0' || pkt_max < 0) + if (!positive_atoll(p[1], &options->renegotiate_packets, p[0], msglevel)) { - msg(msglevel, "--reneg-pkts parameter must be an integer and >= 0"); goto err; } - options->renegotiate_packets = pkt_max; } else if (streq(p[0], "reneg-sec") && p[1] && !p[3]) { diff --git a/src/openvpn/options_util.c b/src/openvpn/options_util.c index 69d88ae..1231fd4 100644 --- a/src/openvpn/options_util.c +++ b/src/openvpn/options_util.c @@ -131,6 +131,22 @@ return (int)i; } +bool +positive_atoll(const char *str, int64_t *value, const char *name, int msglevel) +{ + char *endptr; + long long ll = strtoll(str, &endptr, 10); + + if (ll < 0 || *endptr != '\0') + { + msg(msglevel, "%s: Cannot parse '%s' as non-negative integer", name, str); + return false; + } + + *value = (int64_t)ll; + return true; +} + int atoi_warn(const char *str, int msglevel) { diff --git a/src/openvpn/options_util.h b/src/openvpn/options_util.h index 0810f61..cd81bca 100644 --- a/src/openvpn/options_util.h +++ b/src/openvpn/options_util.h @@ -41,6 +41,17 @@ /** * Converts a str to an integer if the string can be represented as an + * integer number and is >= 0. + * The integer is stored in \p value. + * On error, print a warning with \p msglevel using \p name. \p value is + * not changed on error. + * + * @return \c true if the integer has been parsed and stored in value, \c false otherwise + */ +bool positive_atoll(const char *str, int64_t *value, const char *name, int msglevel); + +/** + * Converts a str to an integer if the string can be represented as an * integer number. Otherwise print a warning with \p msglevel and return 0 */ int atoi_warn(const char *str, int msglevel); diff --git a/tests/unit_tests/openvpn/test_misc.c b/tests/unit_tests/openvpn/test_misc.c index 3e30dae..f515a02 100644 --- a/tests/unit_tests/openvpn/test_misc.c +++ b/tests/unit_tests/openvpn/test_misc.c @@ -359,6 +359,17 @@ assert_true(atoi_constrained("-1194", ¶meter, "test", INT_MIN, INT_MAX, msglevel)); assert_int_equal(parameter, -1194); + int64_t parameter64 = 0; + assert_true(positive_atoll("1234", ¶meter64, "test", msglevel)); + assert_int_equal(parameter64, 1234); + assert_true(positive_atoll("0", ¶meter64, "test", msglevel)); + assert_int_equal(parameter64, 0); + assert_true(positive_atoll("2147483653", ¶meter64, "test", msglevel)); + assert_int_equal(parameter64, 2147483653); + /* overflow gets capped to LLONG_MAX */ + assert_true(positive_atoll("9223372036854775810", ¶meter64, "test", msglevel)); + assert_int_equal(parameter64, 9223372036854775807); + CLEAR(mock_msg_buf); assert_int_equal(positive_atoi("-1234", msglevel), 0); assert_string_equal(mock_msg_buf, "Cannot parse argument '-1234' as non-negative integer");