@@ -4926,11 +4926,43 @@
}
#endif
+/**
+ * Converts a str to a positive number if the string represents a postive
+ * integer number. Otherwise print a warning with msglevel and return 0
+ */
static int
-positive_atoi(const char *str)
+positive_atoi(const char *str, int msglevel)
{
- const int i = atoi(str);
- return i < 0 ? 0 : i;
+ char *endptr;
+ long long i = strtoll(str, &endptr, 10);
+
+ if (i < 0 || endptr || i > INT_MAX)
+ {
+ msg(msglevel, "Cannot parse argument '%s' as non-negative integer",
+ str);
+ i = 0;
+ }
+
+ return (int) i;
+}
+
+/**
+ * Converts a str to an integer if the string can be represented as an
+ * integer number. Otherwise print a warning with msglevel and return 0
+ */
+static int
+atoi_warn(const char *str, int msglevel)
+{
+ char *endptr;
+ long long i = strtoll(str, &endptr, 10);
+
+ if (i < INT_MIN || endptr || i > INT_MAX)
+ {
+ msg(msglevel, "Cannot parse argument '%s' as integer", str);
+ i = 0;
+ }
+
+ return (int) i;
}
#ifdef _WIN32 /* This function is only used when compiling on Windows */
@@ -5955,7 +5987,7 @@
int cache;
VERIFY_PERMISSION(OPT_P_GENERAL);
- cache = atoi(p[1]);
+ cache = atoi_warn(p[1], msglevel);
if (cache < 1)
{
msg(msglevel, "--management-log-cache parameter is out of range");
@@ -6250,7 +6282,7 @@
}
else
{
- options->resolve_retry_seconds = positive_atoi(p[1]);
+ options->resolve_retry_seconds = positive_atoi(p[1], msglevel);
}
}
else if ((streq(p[0], "preresolve") || streq(p[0], "ip-remote-hint")) && !p[2])
@@ -6267,7 +6299,7 @@
else if (streq(p[0], "connect-retry") && p[1] && !p[3])
{
VERIFY_PERMISSION(OPT_P_GENERAL|OPT_P_CONNECTION);
- options->ce.connect_retry_seconds = positive_atoi(p[1]);
+ options->ce.connect_retry_seconds = positive_atoi(p[1], msglevel);
/*
* Limit the base value of retry wait interval to 16 bits to avoid
* overflow when scaled up for exponential backoff
@@ -6282,19 +6314,19 @@
if (p[2])
{
options->ce.connect_retry_seconds_max =
- max_int(positive_atoi(p[2]), options->ce.connect_retry_seconds);
+ max_int(positive_atoi(p[2], msglevel), options->ce.connect_retry_seconds);
}
}
else if ((streq(p[0], "connect-timeout") || streq(p[0], "server-poll-timeout"))
&& p[1] && !p[2])
{
VERIFY_PERMISSION(OPT_P_GENERAL|OPT_P_CONNECTION);
- options->ce.connect_timeout = positive_atoi(p[1]);
+ options->ce.connect_timeout = positive_atoi(p[1], msglevel);
}
else if (streq(p[0], "connect-retry-max") && p[1] && !p[2])
{
VERIFY_PERMISSION(OPT_P_GENERAL|OPT_P_CONNECTION);
- options->connect_retry_max = positive_atoi(p[1]);
+ options->connect_retry_max = positive_atoi(p[1], msglevel);
}
else if (streq(p[0], "ipchange") && p[1])
{
@@ -6317,7 +6349,7 @@
else if (streq(p[0], "gremlin") && p[1] && !p[2])
{
VERIFY_PERMISSION(OPT_P_GENERAL);
- options->gremlin = positive_atoi(p[1]);
+ options->gremlin = positive_atoi(p[1], msglevel);
}
#endif
else if (streq(p[0], "chroot") && p[1] && !p[2])
@@ -6449,7 +6481,7 @@
else if (streq(p[0], "verb") && p[1] && !p[2])
{
VERIFY_PERMISSION(OPT_P_MESSAGES);
- options->verbosity = positive_atoi(p[1]);
+ options->verbosity = positive_atoi(p[1], msglevel);
if (options->verbosity >= (D_TLS_DEBUG_MED & M_DEBUG_LEVEL))
{
/* We pass this flag to the SSL library to avoid
@@ -6468,7 +6500,7 @@
else if (streq(p[0], "mute") && p[1] && !p[2])
{
VERIFY_PERMISSION(OPT_P_MESSAGES);
- options->mute = positive_atoi(p[1]);
+ options->mute = positive_atoi(p[1], msglevel);
}
else if (streq(p[0], "errors-to-stderr") && !p[1])
{
@@ -6481,7 +6513,7 @@
options->status_file = p[1];
if (p[2])
{
- options->status_file_update_freq = positive_atoi(p[2]);
+ options->status_file_update_freq = positive_atoi(p[2], msglevel);
}
}
else if (streq(p[0], "status-version") && p[1] && !p[2])
@@ -6489,7 +6521,7 @@
int version;
VERIFY_PERMISSION(OPT_P_GENERAL);
- version = atoi(p[1]);
+ version = atoi_warn(p[1], msglevel);
if (version < 1 || version > 3)
{
msg(msglevel, "--status-version must be 1 to 3");
@@ -6517,17 +6549,17 @@
else if ((streq(p[0], "link-mtu") || streq(p[0], "udp-mtu")) && p[1] && !p[2])
{
VERIFY_PERMISSION(OPT_P_MTU|OPT_P_CONNECTION);
- options->ce.link_mtu = positive_atoi(p[1]);
+ options->ce.link_mtu = positive_atoi(p[1], msglevel);
options->ce.link_mtu_defined = true;
}
else if (streq(p[0], "tun-mtu") && p[1] && !p[3])
{
VERIFY_PERMISSION(OPT_P_PUSH_MTU|OPT_P_CONNECTION);
- options->ce.tun_mtu = positive_atoi(p[1]);
+ options->ce.tun_mtu = positive_atoi(p[1], msglevel);
options->ce.tun_mtu_defined = true;
if (p[2])
{
- options->ce.occ_mtu = positive_atoi(p[2]);
+ options->ce.occ_mtu = positive_atoi(p[2], msglevel);
}
else
{
@@ -6537,7 +6569,7 @@
else if (streq(p[0], "tun-mtu-max") && p[1] && !p[3])
{
VERIFY_PERMISSION(OPT_P_MTU|OPT_P_CONNECTION);
- int max_mtu = positive_atoi(p[1]);
+ int max_mtu = positive_atoi(p[1], msglevel);
if (max_mtu < 68 || max_mtu > 65536)
{
msg(msglevel, "--tun-mtu-max value '%s' is invalid", p[1]);
@@ -6550,13 +6582,13 @@
else if (streq(p[0], "tun-mtu-extra") && p[1] && !p[2])
{
VERIFY_PERMISSION(OPT_P_MTU|OPT_P_CONNECTION);
- options->ce.tun_mtu_extra = positive_atoi(p[1]);
+ options->ce.tun_mtu_extra = positive_atoi(p[1], msglevel);
options->ce.tun_mtu_extra_defined = true;
}
else if (streq(p[0], "max-packet-size") && p[1] && !p[2])
{
VERIFY_PERMISSION(OPT_P_MTU|OPT_P_CONNECTION);
- int maxmtu = positive_atoi(p[1]);
+ int maxmtu = positive_atoi(p[1], msglevel);
options->ce.tls_mtu = constrain_int(maxmtu, TLS_CHANNEL_MTU_MIN, TLS_CHANNEL_BUF_SIZE);
if (maxmtu < TLS_CHANNEL_MTU_MIN || maxmtu > TLS_CHANNEL_BUF_SIZE)
@@ -6582,7 +6614,7 @@
else if (streq(p[0], "fragment") && p[1] && !p[3])
{
VERIFY_PERMISSION(OPT_P_MTU|OPT_P_CONNECTION);
- options->ce.fragment = positive_atoi(p[1]);
+ options->ce.fragment = positive_atoi(p[1], msglevel);
if (options->ce.fragment < 68)
{
@@ -6613,23 +6645,23 @@
else if (streq(p[0], "nice") && p[1] && !p[2])
{
VERIFY_PERMISSION(OPT_P_NICE);
- options->nice = atoi(p[1]);
+ options->nice = atoi_warn(p[1], msglevel);
}
else if (streq(p[0], "rcvbuf") && p[1] && !p[2])
{
VERIFY_PERMISSION(OPT_P_SOCKBUF);
- options->rcvbuf = positive_atoi(p[1]);
+ options->rcvbuf = positive_atoi(p[1], msglevel);
}
else if (streq(p[0], "sndbuf") && p[1] && !p[2])
{
VERIFY_PERMISSION(OPT_P_SOCKBUF);
- options->sndbuf = positive_atoi(p[1]);
+ options->sndbuf = positive_atoi(p[1], msglevel);
}
else if (streq(p[0], "mark") && p[1] && !p[2])
{
#if defined(TARGET_LINUX) && HAVE_DECL_SO_MARK
VERIFY_PERMISSION(OPT_P_GENERAL);
- options->mark = atoi(p[1]);
+ options->mark = atoi_warn(p[1], msglevel);
#endif
}
else if (streq(p[0], "socket-flags"))
@@ -6659,7 +6691,7 @@
{
VERIFY_PERMISSION(OPT_P_GENERAL);
#ifdef TARGET_LINUX
- options->tuntap_options.txqueuelen = positive_atoi(p[1]);
+ options->tuntap_options.txqueuelen = positive_atoi(p[1], msglevel);
#else
msg(msglevel, "--txqueuelen not supported on this OS");
goto err;
@@ -6670,7 +6702,7 @@
int shaper;
VERIFY_PERMISSION(OPT_P_SHAPER);
- shaper = atoi(p[1]);
+ shaper = atoi_warn(p[1], msglevel);
if (shaper < SHAPER_MIN || shaper > SHAPER_MAX)
{
msg(msglevel, "Bad shaper value, must be between %d and %d",
@@ -6718,7 +6750,7 @@
else if (streq(p[0], "inactive") && p[1] && !p[3])
{
VERIFY_PERMISSION(OPT_P_TIMER);
- options->inactivity_timeout = positive_atoi(p[1]);
+ options->inactivity_timeout = positive_atoi(p[1], msglevel);
if (p[2])
{
int64_t val = atoll(p[2]);
@@ -6736,7 +6768,7 @@
else if (streq(p[0], "session-timeout") && p[1] && !p[2])
{
VERIFY_PERMISSION(OPT_P_TIMER);
- options->session_timeout = positive_atoi(p[1]);
+ options->session_timeout = positive_atoi(p[1], msglevel);
}
else if (streq(p[0], "proto") && p[1] && !p[2])
{
@@ -6903,24 +6935,24 @@
else if (streq(p[0], "keepalive") && p[1] && p[2] && !p[3])
{
VERIFY_PERMISSION(OPT_P_GENERAL);
- options->keepalive_ping = atoi(p[1]);
- options->keepalive_timeout = atoi(p[2]);
+ options->keepalive_ping = atoi_warn(p[1], msglevel);
+ options->keepalive_timeout = atoi_warn(p[1], msglevel);
}
else if (streq(p[0], "ping") && p[1] && !p[2])
{
VERIFY_PERMISSION(OPT_P_TIMER);
- options->ping_send_timeout = positive_atoi(p[1]);
+ options->ping_send_timeout = positive_atoi(p[1], msglevel);
}
else if (streq(p[0], "ping-exit") && p[1] && !p[2])
{
VERIFY_PERMISSION(OPT_P_TIMER);
- options->ping_rec_timeout = positive_atoi(p[1]);
+ options->ping_rec_timeout = positive_atoi(p[1], msglevel);
options->ping_rec_timeout_action = PING_EXIT;
}
else if (streq(p[0], "ping-restart") && p[1] && !p[2])
{
VERIFY_PERMISSION(OPT_P_TIMER);
- options->ping_rec_timeout = positive_atoi(p[1]);
+ options->ping_rec_timeout = positive_atoi(p[1], msglevel);
options->ping_rec_timeout_action = PING_RESTART;
}
else if (streq(p[0], "ping-timer-rem") && !p[1])
@@ -6933,7 +6965,7 @@
VERIFY_PERMISSION(OPT_P_GENERAL|OPT_P_CONNECTION|OPT_P_EXPLICIT_NOTIFY);
if (p[1])
{
- options->ce.explicit_exit_notification = positive_atoi(p[1]);
+ options->ce.explicit_exit_notification = positive_atoi(p[1], msglevel);
}
else
{
@@ -7053,7 +7085,7 @@
else if (streq(p[0], "route-metric") && p[1] && !p[2])
{
VERIFY_PERMISSION(OPT_P_ROUTE);
- options->route_default_metric = positive_atoi(p[1]);
+ options->route_default_metric = positive_atoi(p[1], msglevel);
}
else if (streq(p[0], "route-delay") && !p[3])
{
@@ -7061,10 +7093,10 @@
options->route_delay_defined = true;
if (p[1])
{
- options->route_delay = positive_atoi(p[1]);
+ options->route_delay = positive_atoi(p[1], msglevel);
if (p[2])
{
- options->route_delay_window = positive_atoi(p[2]);
+ options->route_delay_window = positive_atoi(p[2], msglevel);
}
}
else
@@ -7229,7 +7261,7 @@
}
else if (streq(p[1], "SERVER_POLL_TIMEOUT") && p[2])
{
- options->ce.connect_timeout = positive_atoi(p[2]);
+ options->ce.connect_timeout = positive_atoi(p[2], msglevel);
}
else
{
@@ -7261,14 +7293,14 @@
else if (streq(p[0], "script-security") && p[1] && !p[2])
{
VERIFY_PERMISSION(OPT_P_GENERAL);
- script_security_set(atoi(p[1]));
+ script_security_set(atoi_warn(p[1], msglevel));
}
else if (streq(p[0], "mssfix") && !p[3])
{
VERIFY_PERMISSION(OPT_P_GENERAL|OPT_P_CONNECTION);
if (p[1])
{
- int mssfix = positive_atoi(p[1]);
+ int mssfix = positive_atoi(p[1], msglevel);
/* can be 0, but otherwise it needs to be high enough so we can
* substract room for headers. */
if (mssfix != 0
@@ -7451,7 +7483,7 @@
options->ifconfig_pool_persist_filename = p[1];
if (p[2])
{
- options->ifconfig_pool_persist_refresh_freq = positive_atoi(p[2]);
+ options->ifconfig_pool_persist_refresh_freq = positive_atoi(p[2], msglevel);
}
}
else if (streq(p[0], "ifconfig-ipv6-pool") && p[1] && !p[2])
@@ -7483,8 +7515,8 @@
int real, virtual;
VERIFY_PERMISSION(OPT_P_GENERAL);
- real = atoi(p[1]);
- virtual = atoi(p[2]);
+ real = atoi_warn(p[1], msglevel);
+ virtual = atoi_warn(p[1], msglevel);
if (real < 1 || virtual < 1)
{
msg(msglevel, "--hash-size sizes must be >= 1 (preferably a power of 2)");
@@ -7498,8 +7530,8 @@
int cf_max, cf_per;
VERIFY_PERMISSION(OPT_P_GENERAL);
- cf_max = atoi(p[1]);
- cf_per = atoi(p[2]);
+ cf_max = atoi_warn(p[1], msglevel);
+ cf_per = atoi_warn(p[1], msglevel);
if (cf_max < 0 || cf_per < 0)
{
msg(msglevel, "--connect-freq parms must be > 0");
@@ -7529,7 +7561,7 @@
int max_clients;
VERIFY_PERMISSION(OPT_P_GENERAL);
- max_clients = atoi(p[1]);
+ max_clients = atoi_warn(p[1], msglevel);
if (max_clients < 0)
{
msg(msglevel, "--max-clients must be at least 1");
@@ -7545,7 +7577,7 @@
else if (streq(p[0], "max-routes-per-client") && p[1] && !p[2])
{
VERIFY_PERMISSION(OPT_P_INHERIT);
- options->max_routes_per_client = max_int(atoi(p[1]), 1);
+ options->max_routes_per_client = max_int(positive_atoi(p[1], msglevel), 1);
}
else if (streq(p[0], "client-cert-not-required") && !p[1])
{
@@ -7629,14 +7661,14 @@
{
VERIFY_PERMISSION(OPT_P_GENERAL);
options->auth_token_generate = true;
- options->auth_token_lifetime = p[1] ? positive_atoi(p[1]) : 0;
+ options->auth_token_lifetime = p[1] ? positive_atoi(p[1], msglevel) : 0;
for (int i = 2; i < MAX_PARMS && p[i] != NULL; i++)
{
/* the second parameter can be the renewal time */
- if (i == 2 && positive_atoi(p[i]))
+ if (i == 2 && positive_atoi(p[i], msglevel))
{
- options->auth_token_renewal = positive_atoi(p[i]);
+ options->auth_token_renewal = positive_atoi(p[i], msglevel);
}
else if (streq(p[i], "external-auth"))
{
@@ -7716,7 +7748,7 @@
int n_bcast_buf;
VERIFY_PERMISSION(OPT_P_GENERAL);
- n_bcast_buf = atoi(p[1]);
+ n_bcast_buf = atoi_warn(p[1], msglevel);
if (n_bcast_buf < 1)
{
msg(msglevel, "--bcast-buffers parameter must be > 0");
@@ -7728,7 +7760,7 @@
int tcp_queue_limit;
VERIFY_PERMISSION(OPT_P_GENERAL);
- tcp_queue_limit = atoi(p[1]);
+ tcp_queue_limit = atoi_warn(p[1], msglevel);
if (tcp_queue_limit < 1)
{
msg(msglevel, "--tcp-queue-limit parameter must be > 0");
@@ -7876,10 +7908,10 @@
int ageing_time, check_interval;
VERIFY_PERMISSION(OPT_P_GENERAL);
- ageing_time = atoi(p[1]);
+ ageing_time = atoi_warn(p[1], msglevel);
if (p[2])
{
- check_interval = atoi(p[2]);
+ check_interval = atoi_warn(p[1], msglevel);
}
else
{
@@ -7908,7 +7940,7 @@
else if (streq(p[0], "push-continuation") && p[1] && !p[2])
{
VERIFY_PERMISSION(OPT_P_PULL_MODE);
- options->push_continuation = atoi(p[1]);
+ options->push_continuation = atoi_warn(p[1], msglevel);
}
else if (streq(p[0], "auth-user-pass") && !p[2])
{
@@ -7933,7 +7965,7 @@
{
VERIFY_PERMISSION(OPT_P_GENERAL);
options->sc_info.challenge_text = p[1];
- if (atoi(p[2]))
+ if (atoi_warn(p[1], msglevel))
{
options->sc_info.flags |= SC_ECHO;
}
@@ -8029,7 +8061,7 @@
{
if (!streq(p[2], "default"))
{
- int offset = atoi(p[2]);
+ int offset = options_atoi(p[1], msglevel);
if (!(offset > -256 && offset < 256))
{
@@ -8045,7 +8077,7 @@
{
const int min_lease = 30;
int lease_time;
- lease_time = atoi(p[3]);
+ lease_time = options_atoi(p[1], msglevel);
if (lease_time < min_lease)
{
msg(msglevel, "--ip-win32 dynamic [offset] [lease-time]: lease time parameter (%d) must be at least %d seconds", lease_time, min_lease);
@@ -8169,7 +8201,7 @@
else if (streq(p[1], "NBT") && p[2] && !p[3])
{
int t;
- t = atoi(p[2]);
+ t = options_atoi(p[1], msglevel);
if (!(t == 1 || t == 2 || t == 4 || t == 8))
{
msg(msglevel, "--dhcp-option NBT: parameter (%d) must be 1, 2, 4, or 8", t);
@@ -8227,7 +8259,7 @@
#if defined(TARGET_ANDROID)
else if (streq(p[1], "PROXY_HTTP") && p[3] && !p[4])
{
- o->http_proxy_port = atoi(p[3]);
+ o->http_proxy_port = options_atoi(p[1], msglevel);
o->http_proxy = p[2];
}
#endif
@@ -8261,7 +8293,7 @@
{
int s;
VERIFY_PERMISSION(OPT_P_DHCPDNS);
- s = atoi(p[1]);
+ s = options_atoi(p[1], msglevel);
if (s < 0 || s >= 256)
{
msg(msglevel, "--tap-sleep parameter must be between 0 and 255");
@@ -8344,7 +8376,7 @@
options->exit_event_name = p[1];
if (p[2])
{
- options->exit_event_initial_state = (atoi(p[2]) != 0);
+ options->exit_event_initial_state = (options_atoi(p[1], msglevel) != 0);
}
}
else if (streq(p[0], "allow-nonadmin") && !p[2])
@@ -8711,7 +8743,7 @@
{
int replay_window;
- replay_window = atoi(p[1]);
+ replay_window = atoi_warn(p[1], msglevel);
if (!(MIN_SEQ_BACKTRACK <= replay_window && replay_window <= MAX_SEQ_BACKTRACK))
{
msg(msglevel, "replay-window window size parameter (%d) must be between %d and %d",
@@ -8726,7 +8758,7 @@
{
int replay_time;
- replay_time = atoi(p[2]);
+ replay_time = atoi_warn(p[1], msglevel);
if (!(MIN_TIME_BACKTRACK <= replay_time && replay_time <= MAX_TIME_BACKTRACK))
{
msg(msglevel, "replay-window time window parameter (%d) must be between %d and %d",
@@ -9168,7 +9200,7 @@
else if (streq(p[0], "tls-timeout") && p[1] && !p[2])
{
VERIFY_PERMISSION(OPT_P_TLS_PARMS);
- options->tls_timeout = positive_atoi(p[1]);
+ options->tls_timeout = positive_atoi(p[1], msglevel);
}
else if (streq(p[0], "reneg-bytes") && p[1] && !p[2])
{
@@ -9197,21 +9229,21 @@
else if (streq(p[0], "reneg-sec") && p[1] && !p[3])
{
VERIFY_PERMISSION(OPT_P_TLS_PARMS);
- options->renegotiate_seconds = positive_atoi(p[1]);
+ options->renegotiate_seconds = positive_atoi(p[1], msglevel);
if (p[2])
{
- options->renegotiate_seconds_min = positive_atoi(p[2]);
+ options->renegotiate_seconds_min = positive_atoi(p[2], msglevel);
}
}
else if (streq(p[0], "hand-window") && p[1] && !p[2])
{
VERIFY_PERMISSION(OPT_P_TLS_PARMS);
- options->handshake_window = positive_atoi(p[1]);
+ options->handshake_window = positive_atoi(p[1], msglevel);
}
else if (streq(p[0], "tran-window") && p[1] && !p[2])
{
VERIFY_PERMISSION(OPT_P_TLS_PARMS);
- options->transition_window = positive_atoi(p[1]);
+ options->transition_window = positive_atoi(p[1], msglevel);
}
else if (streq(p[0], "tls-auth") && p[1] && !p[3])
{
@@ -9348,7 +9380,7 @@
else if (streq(p[0], "show-pkcs11-ids") && !p[3])
{
char *provider = p[1];
- bool cert_private = (p[2] == NULL ? false : ( atoi(p[2]) != 0 ));
+ bool cert_private = (p[2] == NULL ? false : (atoi_warn(p[1], msglevel) != 0 ));
#ifdef DEFAULT_PKCS11_MODULE
if (!provider)
@@ -9400,7 +9432,7 @@
for (j = 1; j < MAX_PARMS && p[j] != NULL; ++j)
{
- options->pkcs11_protected_authentication[j-1] = atoi(p[j]) != 0 ? 1 : 0;
+ options->pkcs11_protected_authentication[j-1] = atoi_warn(p[j], msglevel) != 0 ? 1 : 0;
}
}
else if (streq(p[0], "pkcs11-private-mode") && p[1])
@@ -9422,13 +9454,13 @@
for (j = 1; j < MAX_PARMS && p[j] != NULL; ++j)
{
- options->pkcs11_cert_private[j-1] = atoi(p[j]) != 0 ? 1 : 0;
+ options->pkcs11_cert_private[j-1] = atoi_warn(p[j], msglevel) != 0 ? 1 : 0;
}
}
else if (streq(p[0], "pkcs11-pin-cache") && p[1] && !p[2])
{
VERIFY_PERMISSION(OPT_P_GENERAL);
- options->pkcs11_pin_cache_period = atoi(p[1]);
+ options->pkcs11_pin_cache_period = atoi_warn(p[1], msglevel);
}
else if (streq(p[0], "pkcs11-id") && p[1] && !p[2])
{
@@ -9457,12 +9489,12 @@
{
VERIFY_PERMISSION(OPT_P_PEER_ID);
options->use_peer_id = true;
- options->peer_id = atoi(p[1]);
+ options->peer_id = atoi_warn(p[1], msglevel);
}
#ifdef HAVE_EXPORT_KEYING_MATERIAL
else if (streq(p[0], "keying-material-exporter") && p[1] && p[2])
{
- int ekm_length = positive_atoi(p[2]);
+ int ekm_length = positive_atoi(p[2], msglevel);
VERIFY_PERMISSION(OPT_P_GENERAL);
@@ -9521,7 +9553,7 @@
else if (streq(p[0], "vlan-pvid") && p[1] && !p[2])
{
VERIFY_PERMISSION(OPT_P_GENERAL|OPT_P_INSTANCE);
- options->vlan_pvid = positive_atoi(p[1]);
+ options->vlan_pvid = positive_atoi(p[1], msglevel);
if (options->vlan_pvid < OPENVPN_8021Q_MIN_VID
|| options->vlan_pvid > OPENVPN_8021Q_MAX_VID)
{
Attention is currently required from: flichtenheld. Hello flichtenheld, I'd like you to do a code review. Please visit http://gerrit.openvpn.net/c/openvpn/+/873?usp=email to review the following change. Change subject: Print warnings/errors when numerical parameters cannot be parsed ...................................................................... Print warnings/errors when numerical parameters cannot be parsed Using the atoi method is a best effort method that parses as much of the input string as possible as integer and ignores the rest or return 0 if the string cannot be parsed. This is lead to unexpected results. Change the behaviour by printing a warning in these cases instead. When parsing a configuration, these warnings will error out since the msglevel is M_USAGE in this case. Example: ./src/openvpn/openvpn --resolv-retry 198jj Options error: Cannot parse argument '198jj' as non-negative integer Reported-By: Anqi Chen <chen.anqi3@northeastern.edu> Reported-By: Cristina Nita-Rotaru <c.nitarotaru@northeastern.edu> Change-Id: Ie1e2eb54d516b3ae87c5ca56fe8edd77ee2be4de --- M src/openvpn/options.c 1 file changed, 109 insertions(+), 77 deletions(-) git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/73/873/1