From patchwork Tue Jan 21 12:03:06 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "plaisthos (Code Review)" X-Patchwork-Id: 4069 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7000:6166:b0:5e7:b9eb:58e8 with SMTP id t6csp7795mab; Tue, 21 Jan 2025 04:03:34 -0800 (PST) X-Forwarded-Encrypted: i=2; AJvYcCUNGvWLx945FDSJtbA5Sg2/IE8xeD8YvTxDKBe679AibNT44FQLWZk4I0WUH7UUj6LcbxQWZLVJPaM=@openvpn.net X-Google-Smtp-Source: AGHT+IFLx9WGh3qmrzs63NyRwMt0gRAgO5AM4LmOb2pnLeKhA6hrnCen5mUE3mB7IcCCPSA7nu3e X-Received: by 2002:a05:6830:488f:b0:71e:223c:1789 with SMTP id 46e09a7af769-7249da91b58mr11504286a34.16.1737461014313; Tue, 21 Jan 2025 04:03:34 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1737461014; cv=none; d=google.com; s=arc-20240605; b=HnwWTf39KHoBcktkeRiYc5dRo/7LY1apjQfnNag2HVJ5umMcR1mHzGGmkK1s5wuoR/ A/0sWj5tbvobvKku9APL2Cm9SIO3lXfuSUQ6SyyRig4KaS5S3EggIZuzP7ZU/JHG7UTH sAVHtma40b+dX42FSalkmcteOOw5ew37DmXRaS9Chz2lYU78kEWU5F+EEUbqsyYxkcZ0 a/eb3zfDYa5Kk6xYjTIZdzrIMhM5bWHGU4neBtjpDQavOD7wsX5L9gJkL/gADEH8XMjh JodgRkKmq9Gf9mz5jkwBNCoQa1Lv925i+G85h/ZzoPYGjbCx5ZScwiiLF3WCRWZvHPrt NXZw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=errors-to:cc:reply-to:list-subscribe:list-help:list-post :list-archive:list-unsubscribe:list-id:precedence:subject:user-agent :mime-version:message-id:references:auto-submitted:to:date:from :dkim-signature:dkim-signature:dkim-signature; bh=kX3ajqnEu2lUlMmr2p2GJ7MCF5mI9Tdtg07N7c/xgAo=; fh=lm0MLPW7DntlrDqRECIiC9JlE1uPxhepE0URYHIf+eE=; b=RPsJVATrtO4bwfNX46rIiIYTkdYxWFz8sjlHs3PXxE/xU3qmqBYVW7bzelT+kcKSwg HSBaAk41XnujaH3S+Ps8uKruBnw9dRcGFdCooi9IY+cCpdidREADuB7kTB0E3NBNs47h rOhyhOi77VKkuCILBbI8UvZsVDAtH4OrRVCXydq3Bs5tncyr4IgmFRuSdTy20qNKTWUk 4c13YH9m/6SzJThiV4pvTV+a9LRcsrwZd4f2pIzjHD3Zwm31TIjYKXnTgvzXofRhO49o gLoS/lA7VLJGDB0MKmc9p9GBNqI5hvgW6q3QIRbrBWaCSnuizLo3lNozZYfbmqBxZHD+ 4hsA==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=UHwCMFp8; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=Yb21FCdb; dkim=neutral (body hash did not verify) header.i=@openvpn.net header.s=google header.b=E2nf32+J; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=openvpn.net; dara=fail header.i=@openvpn.net Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id 006d021491bc7-5fa3611810dsi8222043eaf.80.2025.01.21.04.03.33 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Tue, 21 Jan 2025 04:03:34 -0800 (PST) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=UHwCMFp8; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=Yb21FCdb; dkim=neutral (body hash did not verify) header.i=@openvpn.net header.s=google header.b=E2nf32+J; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=openvpn.net; dara=fail header.i=@openvpn.net Received: from [127.0.0.1] (helo=sfs-ml-2.v29.lw.sourceforge.com) by sfs-ml-2.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1taCya-00008H-TL; Tue, 21 Jan 2025 12:03:24 +0000 Received: from [172.30.29.66] (helo=mx.sourceforge.net) by sfs-ml-2.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1taCyZ-000085-QI for openvpn-devel@lists.sourceforge.net; Tue, 21 Jan 2025 12:03:23 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Type:Content-Transfer-Encoding:MIME-Version :Message-ID:Reply-To:References:Subject:List-Unsubscribe:List-Id:Cc:To:Date: From:Sender:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:List-Help: List-Subscribe:List-Post:List-Owner:List-Archive; bh=BjOczYRYYzUv7f/CyNATdFawxMzx29hFmcCv7TQ4MlU=; b=UHwCMFp8SuLP47eP3wi8DCq4JR v7VGcb+oxWmM2zb2CXt1Wmzw/Noi6jPLu4tZyGxXcZHV3EXO8Klf/f16HDdannB94dTiv6Si4Ta1V /POUN/zxsAnicwzWajOAaOOT22UVdn48/yk6pcIfx6WqIVfWjnaeC2eapxRCbH4MZfwQ=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Type:Content-Transfer-Encoding:MIME-Version:Message-ID:Reply-To: References:Subject:List-Unsubscribe:List-Id:Cc:To:Date:From:Sender:Content-ID :Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To: Resent-Cc:Resent-Message-ID:In-Reply-To:List-Help:List-Subscribe:List-Post: List-Owner:List-Archive; bh=BjOczYRYYzUv7f/CyNATdFawxMzx29hFmcCv7TQ4MlU=; b=Y b21FCdbKnpfyZhyxh2wyoqdf8mFH0CFOy1t7rmbQIPs6s8mU5x0jpc5D9R3xhXwHsAzDhaYAC55vB WOR8o5TAzLAfOuTE8W7vJkwcnQbnNfP//u3m7eehO1tZHtygGI6U5IINoqnUsgYHPtyQKw9u/qt16 6O5Nwf2Eb025Bp3Q=; Received: from mail-wr1-f50.google.com ([209.85.221.50]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.95) id 1taCyW-00063C-CP for openvpn-devel@lists.sourceforge.net; Tue, 21 Jan 2025 12:03:23 +0000 Received: by mail-wr1-f50.google.com with SMTP id ffacd0b85a97d-38633b5dbcfso6086248f8f.2 for ; Tue, 21 Jan 2025 04:03:20 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=openvpn.net; s=google; t=1737460988; x=1738065788; darn=lists.sourceforge.net; h=user-agent:content-disposition:content-transfer-encoding :mime-version:message-id:reply-to:references:subject :list-unsubscribe:list-id:auto-submitted:cc:to:date:from:from:to:cc :subject:date:message-id:reply-to; bh=BjOczYRYYzUv7f/CyNATdFawxMzx29hFmcCv7TQ4MlU=; b=E2nf32+JoB/pOCiEkMFoGGK+4mrkmZKIsNvRejwnfZArkgSSq37JUd21k/ci8v/w92 V0kbPHtPR31/e7hBji8z4Z593BuVhkYZgzWXz55V0qb6Ywk0Bt0sqXp0X6IyozKrtX/P Pxzh79cM8jxzDcbbdZVXNBITNEt3vp1IEKkfIzWEtb90b3ApbUXLFDf5Ih7/4yy7Jx88 aIX7T23ACYlsNFOtZ/ZEiwNlyaNIWf5q4dfA4Di29BA1eEzp/6FSai6NqvZILvPXKb5u hRDI9mE8E/+wdhZk17x+3o53aiStZBb3P3vR4KsUtwC266FCD4cD3ZbGakYm6dw6RrBY LnGw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1737460988; x=1738065788; h=user-agent:content-disposition:content-transfer-encoding :mime-version:message-id:reply-to:references:subject :list-unsubscribe:list-id:auto-submitted:cc:to:date:from :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=BjOczYRYYzUv7f/CyNATdFawxMzx29hFmcCv7TQ4MlU=; b=Xq7THyTlmHreIIXen/F5lI/2/nz2sHWCy+yM0VBYEs6da0tCQzmBpQ1UWuHPBs+OiP noBTQGAxuYaq9TAGgYsnZ8lWA1g+K0BL/3VgfC9svGG1VOeTx/DY0EthviIzo/vWaQAn qpXKk2HZBv2/n7Tco2b8p/6JssUFFrjPL5C35v+HNMBCqAehKRPH1QhZFRUVTLDer6jJ fRiyDohISGxTZwRBHipFi3xunLhb6LF/+8AKJWejVn3/MURMyp8EO2PMy96xwfRPEsxP wpMBSD4sWBpKMHaMtBEtc2ogkR5N2kzafM4vK+MNKDVZ+7s98N7O+HKW7NDQVpQ/ws7/ 08bg== X-Gm-Message-State: AOJu0YxyBXFjJixUie5A+kFdyxC8OSu7aBz9RMNane0VSZRMDM4Q2Q1U ZxGzVNT7mS8jzqkwFlsRO2VqyuPQDj7Jt86oFjTiTzgyHAxPLAooCx6kwqWmDZhI+Q5EAFuoGXE j X-Gm-Gg: ASbGncsmrC3BoxCpJN9LbSc06nAJ5rhhXdsWuixfW977zPgqTLI55EXudPd4MH5hmgD H6LcACSta/9VN0a9KRB/O/cA66m/t7OOfnuSDIYGiNyNTDqf+QjCVaNyYDtusyBZgLAeFxLt1jl t2H58OmJSAWpgQVW4zHTbr99HTRbs1XtL/bPvOmbm162sPTX3d3+ClMgQ2O6xCvZij+2ufY2gOP 0v+rgBWxw1+breccETORICkXtmso2m2sTqtsYXafk/eQ5/6d0d0HbnV+GaAr9nZgo3CAB0AF+aJ YjAJz9/+ObZ9vg1pXlK0qG+uRh54D2LbfPsoEFxQBKJcZGTmEtI0W9BRx9ri9g== X-Received: by 2002:a5d:64ed:0:b0:38b:ed18:3979 with SMTP id ffacd0b85a97d-38bf566b28cmr16989473f8f.31.1737460987941; Tue, 21 Jan 2025 04:03:07 -0800 (PST) Received: from gerrit.openvpn.in (ec2-18-159-0-78.eu-central-1.compute.amazonaws.com. [18.159.0.78]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-38bf322236csm13312443f8f.39.2025.01.21.04.03.07 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 21 Jan 2025 04:03:07 -0800 (PST) From: "plaisthos (Code Review)" X-Google-Original-From: "plaisthos (Code Review)" X-Gerrit-PatchSet: 1 Date: Tue, 21 Jan 2025 12:03:06 +0000 To: flichtenheld Auto-Submitted: auto-generated X-Gerrit-MessageType: newchange X-Gerrit-Change-Id: Ie1e2eb54d516b3ae87c5ca56fe8edd77ee2be4de X-Gerrit-Change-Number: 873 X-Gerrit-Project: openvpn X-Gerrit-ChangeURL: X-Gerrit-Commit: bc116a607afc9e8dcfe1a9882cfc592b889c4454 References: Message-ID: <3d5210d7256fd4be6341d896ac7e972a62fd6455-HTML@gerrit.openvpn.net> MIME-Version: 1.0 User-Agent: Gerrit/3.8.2 X-Spam-Score: -0.3 (/) X-Spam-Report: Spam detection software, running on the system "util-spamd-2.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Attention is currently required from: flichtenheld. Hello flichtenheld, I'd like you to do a code review. Please visit Content analysis details: (-0.3 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [209.85.221.50 listed in list.dnswl.org] 0.0 RCVD_IN_VALIDITY_CERTIFIED_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. [209.85.221.50 listed in sa-accredit.habeas.com] 0.0 RCVD_IN_VALIDITY_RPBL_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. [209.85.221.50 listed in bl.score.senderscore.com] -0.1 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2) [209.85.221.50 listed in wl.mailspike.net] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.0 WEIRD_PORT URI: Uses non-standard port number for HTTP 0.0 HTML_MESSAGE BODY: HTML included in message -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain 0.0 T_KAM_HTML_FONT_INVALID Test for Invalidly Named or Formatted Colors in HTML X-Headers-End: 1taCyW-00063C-CP Subject: [Openvpn-devel] [M] Change in openvpn[master]: Print warnings/errors when numerical parameters cannot be parsed X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: arne-openvpn@rfc2549.org, openvpn-devel@lists.sourceforge.net, frank@lichtenheld.com Cc: openvpn-devel Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1821859920526025721?= X-GMAIL-MSGID: =?utf-8?q?1821859920526025721?= X-getmail-filter-classifier: gerrit message type newchange Attention is currently required from: flichtenheld. Hello flichtenheld, I'd like you to do a code review. Please visit http://gerrit.openvpn.net/c/openvpn/+/873?usp=email to review the following change. Change subject: Print warnings/errors when numerical parameters cannot be parsed ...................................................................... Print warnings/errors when numerical parameters cannot be parsed Using the atoi method is a best effort method that parses as much of the input string as possible as integer and ignores the rest or return 0 if the string cannot be parsed. This is lead to unexpected results. Change the behaviour by printing a warning in these cases instead. When parsing a configuration, these warnings will error out since the msglevel is M_USAGE in this case. Example: ./src/openvpn/openvpn --resolv-retry 198jj Options error: Cannot parse argument '198jj' as non-negative integer Reported-By: Anqi Chen Reported-By: Cristina Nita-Rotaru Change-Id: Ie1e2eb54d516b3ae87c5ca56fe8edd77ee2be4de --- M src/openvpn/options.c 1 file changed, 109 insertions(+), 77 deletions(-) git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/73/873/1 diff --git a/src/openvpn/options.c b/src/openvpn/options.c index 93b8417..6b9f204 100644 --- a/src/openvpn/options.c +++ b/src/openvpn/options.c @@ -4926,11 +4926,43 @@ } #endif +/** + * Converts a str to a positive number if the string represents a postive + * integer number. Otherwise print a warning with msglevel and return 0 + */ static int -positive_atoi(const char *str) +positive_atoi(const char *str, int msglevel) { - const int i = atoi(str); - return i < 0 ? 0 : i; + char *endptr; + long long i = strtoll(str, &endptr, 10); + + if (i < 0 || endptr || i > INT_MAX) + { + msg(msglevel, "Cannot parse argument '%s' as non-negative integer", + str); + i = 0; + } + + return (int) i; +} + +/** + * Converts a str to an integer if the string can be represented as an + * integer number. Otherwise print a warning with msglevel and return 0 + */ +static int +atoi_warn(const char *str, int msglevel) +{ + char *endptr; + long long i = strtoll(str, &endptr, 10); + + if (i < INT_MIN || endptr || i > INT_MAX) + { + msg(msglevel, "Cannot parse argument '%s' as integer", str); + i = 0; + } + + return (int) i; } #ifdef _WIN32 /* This function is only used when compiling on Windows */ @@ -5955,7 +5987,7 @@ int cache; VERIFY_PERMISSION(OPT_P_GENERAL); - cache = atoi(p[1]); + cache = atoi_warn(p[1], msglevel); if (cache < 1) { msg(msglevel, "--management-log-cache parameter is out of range"); @@ -6250,7 +6282,7 @@ } else { - options->resolve_retry_seconds = positive_atoi(p[1]); + options->resolve_retry_seconds = positive_atoi(p[1], msglevel); } } else if ((streq(p[0], "preresolve") || streq(p[0], "ip-remote-hint")) && !p[2]) @@ -6267,7 +6299,7 @@ else if (streq(p[0], "connect-retry") && p[1] && !p[3]) { VERIFY_PERMISSION(OPT_P_GENERAL|OPT_P_CONNECTION); - options->ce.connect_retry_seconds = positive_atoi(p[1]); + options->ce.connect_retry_seconds = positive_atoi(p[1], msglevel); /* * Limit the base value of retry wait interval to 16 bits to avoid * overflow when scaled up for exponential backoff @@ -6282,19 +6314,19 @@ if (p[2]) { options->ce.connect_retry_seconds_max = - max_int(positive_atoi(p[2]), options->ce.connect_retry_seconds); + max_int(positive_atoi(p[2], msglevel), options->ce.connect_retry_seconds); } } else if ((streq(p[0], "connect-timeout") || streq(p[0], "server-poll-timeout")) && p[1] && !p[2]) { VERIFY_PERMISSION(OPT_P_GENERAL|OPT_P_CONNECTION); - options->ce.connect_timeout = positive_atoi(p[1]); + options->ce.connect_timeout = positive_atoi(p[1], msglevel); } else if (streq(p[0], "connect-retry-max") && p[1] && !p[2]) { VERIFY_PERMISSION(OPT_P_GENERAL|OPT_P_CONNECTION); - options->connect_retry_max = positive_atoi(p[1]); + options->connect_retry_max = positive_atoi(p[1], msglevel); } else if (streq(p[0], "ipchange") && p[1]) { @@ -6317,7 +6349,7 @@ else if (streq(p[0], "gremlin") && p[1] && !p[2]) { VERIFY_PERMISSION(OPT_P_GENERAL); - options->gremlin = positive_atoi(p[1]); + options->gremlin = positive_atoi(p[1], msglevel); } #endif else if (streq(p[0], "chroot") && p[1] && !p[2]) @@ -6449,7 +6481,7 @@ else if (streq(p[0], "verb") && p[1] && !p[2]) { VERIFY_PERMISSION(OPT_P_MESSAGES); - options->verbosity = positive_atoi(p[1]); + options->verbosity = positive_atoi(p[1], msglevel); if (options->verbosity >= (D_TLS_DEBUG_MED & M_DEBUG_LEVEL)) { /* We pass this flag to the SSL library to avoid @@ -6468,7 +6500,7 @@ else if (streq(p[0], "mute") && p[1] && !p[2]) { VERIFY_PERMISSION(OPT_P_MESSAGES); - options->mute = positive_atoi(p[1]); + options->mute = positive_atoi(p[1], msglevel); } else if (streq(p[0], "errors-to-stderr") && !p[1]) { @@ -6481,7 +6513,7 @@ options->status_file = p[1]; if (p[2]) { - options->status_file_update_freq = positive_atoi(p[2]); + options->status_file_update_freq = positive_atoi(p[2], msglevel); } } else if (streq(p[0], "status-version") && p[1] && !p[2]) @@ -6489,7 +6521,7 @@ int version; VERIFY_PERMISSION(OPT_P_GENERAL); - version = atoi(p[1]); + version = atoi_warn(p[1], msglevel); if (version < 1 || version > 3) { msg(msglevel, "--status-version must be 1 to 3"); @@ -6517,17 +6549,17 @@ else if ((streq(p[0], "link-mtu") || streq(p[0], "udp-mtu")) && p[1] && !p[2]) { VERIFY_PERMISSION(OPT_P_MTU|OPT_P_CONNECTION); - options->ce.link_mtu = positive_atoi(p[1]); + options->ce.link_mtu = positive_atoi(p[1], msglevel); options->ce.link_mtu_defined = true; } else if (streq(p[0], "tun-mtu") && p[1] && !p[3]) { VERIFY_PERMISSION(OPT_P_PUSH_MTU|OPT_P_CONNECTION); - options->ce.tun_mtu = positive_atoi(p[1]); + options->ce.tun_mtu = positive_atoi(p[1], msglevel); options->ce.tun_mtu_defined = true; if (p[2]) { - options->ce.occ_mtu = positive_atoi(p[2]); + options->ce.occ_mtu = positive_atoi(p[2], msglevel); } else { @@ -6537,7 +6569,7 @@ else if (streq(p[0], "tun-mtu-max") && p[1] && !p[3]) { VERIFY_PERMISSION(OPT_P_MTU|OPT_P_CONNECTION); - int max_mtu = positive_atoi(p[1]); + int max_mtu = positive_atoi(p[1], msglevel); if (max_mtu < 68 || max_mtu > 65536) { msg(msglevel, "--tun-mtu-max value '%s' is invalid", p[1]); @@ -6550,13 +6582,13 @@ else if (streq(p[0], "tun-mtu-extra") && p[1] && !p[2]) { VERIFY_PERMISSION(OPT_P_MTU|OPT_P_CONNECTION); - options->ce.tun_mtu_extra = positive_atoi(p[1]); + options->ce.tun_mtu_extra = positive_atoi(p[1], msglevel); options->ce.tun_mtu_extra_defined = true; } else if (streq(p[0], "max-packet-size") && p[1] && !p[2]) { VERIFY_PERMISSION(OPT_P_MTU|OPT_P_CONNECTION); - int maxmtu = positive_atoi(p[1]); + int maxmtu = positive_atoi(p[1], msglevel); options->ce.tls_mtu = constrain_int(maxmtu, TLS_CHANNEL_MTU_MIN, TLS_CHANNEL_BUF_SIZE); if (maxmtu < TLS_CHANNEL_MTU_MIN || maxmtu > TLS_CHANNEL_BUF_SIZE) @@ -6582,7 +6614,7 @@ else if (streq(p[0], "fragment") && p[1] && !p[3]) { VERIFY_PERMISSION(OPT_P_MTU|OPT_P_CONNECTION); - options->ce.fragment = positive_atoi(p[1]); + options->ce.fragment = positive_atoi(p[1], msglevel); if (options->ce.fragment < 68) { @@ -6613,23 +6645,23 @@ else if (streq(p[0], "nice") && p[1] && !p[2]) { VERIFY_PERMISSION(OPT_P_NICE); - options->nice = atoi(p[1]); + options->nice = atoi_warn(p[1], msglevel); } else if (streq(p[0], "rcvbuf") && p[1] && !p[2]) { VERIFY_PERMISSION(OPT_P_SOCKBUF); - options->rcvbuf = positive_atoi(p[1]); + options->rcvbuf = positive_atoi(p[1], msglevel); } else if (streq(p[0], "sndbuf") && p[1] && !p[2]) { VERIFY_PERMISSION(OPT_P_SOCKBUF); - options->sndbuf = positive_atoi(p[1]); + options->sndbuf = positive_atoi(p[1], msglevel); } else if (streq(p[0], "mark") && p[1] && !p[2]) { #if defined(TARGET_LINUX) && HAVE_DECL_SO_MARK VERIFY_PERMISSION(OPT_P_GENERAL); - options->mark = atoi(p[1]); + options->mark = atoi_warn(p[1], msglevel); #endif } else if (streq(p[0], "socket-flags")) @@ -6659,7 +6691,7 @@ { VERIFY_PERMISSION(OPT_P_GENERAL); #ifdef TARGET_LINUX - options->tuntap_options.txqueuelen = positive_atoi(p[1]); + options->tuntap_options.txqueuelen = positive_atoi(p[1], msglevel); #else msg(msglevel, "--txqueuelen not supported on this OS"); goto err; @@ -6670,7 +6702,7 @@ int shaper; VERIFY_PERMISSION(OPT_P_SHAPER); - shaper = atoi(p[1]); + shaper = atoi_warn(p[1], msglevel); if (shaper < SHAPER_MIN || shaper > SHAPER_MAX) { msg(msglevel, "Bad shaper value, must be between %d and %d", @@ -6718,7 +6750,7 @@ else if (streq(p[0], "inactive") && p[1] && !p[3]) { VERIFY_PERMISSION(OPT_P_TIMER); - options->inactivity_timeout = positive_atoi(p[1]); + options->inactivity_timeout = positive_atoi(p[1], msglevel); if (p[2]) { int64_t val = atoll(p[2]); @@ -6736,7 +6768,7 @@ else if (streq(p[0], "session-timeout") && p[1] && !p[2]) { VERIFY_PERMISSION(OPT_P_TIMER); - options->session_timeout = positive_atoi(p[1]); + options->session_timeout = positive_atoi(p[1], msglevel); } else if (streq(p[0], "proto") && p[1] && !p[2]) { @@ -6903,24 +6935,24 @@ else if (streq(p[0], "keepalive") && p[1] && p[2] && !p[3]) { VERIFY_PERMISSION(OPT_P_GENERAL); - options->keepalive_ping = atoi(p[1]); - options->keepalive_timeout = atoi(p[2]); + options->keepalive_ping = atoi_warn(p[1], msglevel); + options->keepalive_timeout = atoi_warn(p[1], msglevel); } else if (streq(p[0], "ping") && p[1] && !p[2]) { VERIFY_PERMISSION(OPT_P_TIMER); - options->ping_send_timeout = positive_atoi(p[1]); + options->ping_send_timeout = positive_atoi(p[1], msglevel); } else if (streq(p[0], "ping-exit") && p[1] && !p[2]) { VERIFY_PERMISSION(OPT_P_TIMER); - options->ping_rec_timeout = positive_atoi(p[1]); + options->ping_rec_timeout = positive_atoi(p[1], msglevel); options->ping_rec_timeout_action = PING_EXIT; } else if (streq(p[0], "ping-restart") && p[1] && !p[2]) { VERIFY_PERMISSION(OPT_P_TIMER); - options->ping_rec_timeout = positive_atoi(p[1]); + options->ping_rec_timeout = positive_atoi(p[1], msglevel); options->ping_rec_timeout_action = PING_RESTART; } else if (streq(p[0], "ping-timer-rem") && !p[1]) @@ -6933,7 +6965,7 @@ VERIFY_PERMISSION(OPT_P_GENERAL|OPT_P_CONNECTION|OPT_P_EXPLICIT_NOTIFY); if (p[1]) { - options->ce.explicit_exit_notification = positive_atoi(p[1]); + options->ce.explicit_exit_notification = positive_atoi(p[1], msglevel); } else { @@ -7053,7 +7085,7 @@ else if (streq(p[0], "route-metric") && p[1] && !p[2]) { VERIFY_PERMISSION(OPT_P_ROUTE); - options->route_default_metric = positive_atoi(p[1]); + options->route_default_metric = positive_atoi(p[1], msglevel); } else if (streq(p[0], "route-delay") && !p[3]) { @@ -7061,10 +7093,10 @@ options->route_delay_defined = true; if (p[1]) { - options->route_delay = positive_atoi(p[1]); + options->route_delay = positive_atoi(p[1], msglevel); if (p[2]) { - options->route_delay_window = positive_atoi(p[2]); + options->route_delay_window = positive_atoi(p[2], msglevel); } } else @@ -7229,7 +7261,7 @@ } else if (streq(p[1], "SERVER_POLL_TIMEOUT") && p[2]) { - options->ce.connect_timeout = positive_atoi(p[2]); + options->ce.connect_timeout = positive_atoi(p[2], msglevel); } else { @@ -7261,14 +7293,14 @@ else if (streq(p[0], "script-security") && p[1] && !p[2]) { VERIFY_PERMISSION(OPT_P_GENERAL); - script_security_set(atoi(p[1])); + script_security_set(atoi_warn(p[1], msglevel)); } else if (streq(p[0], "mssfix") && !p[3]) { VERIFY_PERMISSION(OPT_P_GENERAL|OPT_P_CONNECTION); if (p[1]) { - int mssfix = positive_atoi(p[1]); + int mssfix = positive_atoi(p[1], msglevel); /* can be 0, but otherwise it needs to be high enough so we can * substract room for headers. */ if (mssfix != 0 @@ -7451,7 +7483,7 @@ options->ifconfig_pool_persist_filename = p[1]; if (p[2]) { - options->ifconfig_pool_persist_refresh_freq = positive_atoi(p[2]); + options->ifconfig_pool_persist_refresh_freq = positive_atoi(p[2], msglevel); } } else if (streq(p[0], "ifconfig-ipv6-pool") && p[1] && !p[2]) @@ -7483,8 +7515,8 @@ int real, virtual; VERIFY_PERMISSION(OPT_P_GENERAL); - real = atoi(p[1]); - virtual = atoi(p[2]); + real = atoi_warn(p[1], msglevel); + virtual = atoi_warn(p[1], msglevel); if (real < 1 || virtual < 1) { msg(msglevel, "--hash-size sizes must be >= 1 (preferably a power of 2)"); @@ -7498,8 +7530,8 @@ int cf_max, cf_per; VERIFY_PERMISSION(OPT_P_GENERAL); - cf_max = atoi(p[1]); - cf_per = atoi(p[2]); + cf_max = atoi_warn(p[1], msglevel); + cf_per = atoi_warn(p[1], msglevel); if (cf_max < 0 || cf_per < 0) { msg(msglevel, "--connect-freq parms must be > 0"); @@ -7529,7 +7561,7 @@ int max_clients; VERIFY_PERMISSION(OPT_P_GENERAL); - max_clients = atoi(p[1]); + max_clients = atoi_warn(p[1], msglevel); if (max_clients < 0) { msg(msglevel, "--max-clients must be at least 1"); @@ -7545,7 +7577,7 @@ else if (streq(p[0], "max-routes-per-client") && p[1] && !p[2]) { VERIFY_PERMISSION(OPT_P_INHERIT); - options->max_routes_per_client = max_int(atoi(p[1]), 1); + options->max_routes_per_client = max_int(positive_atoi(p[1], msglevel), 1); } else if (streq(p[0], "client-cert-not-required") && !p[1]) { @@ -7629,14 +7661,14 @@ { VERIFY_PERMISSION(OPT_P_GENERAL); options->auth_token_generate = true; - options->auth_token_lifetime = p[1] ? positive_atoi(p[1]) : 0; + options->auth_token_lifetime = p[1] ? positive_atoi(p[1], msglevel) : 0; for (int i = 2; i < MAX_PARMS && p[i] != NULL; i++) { /* the second parameter can be the renewal time */ - if (i == 2 && positive_atoi(p[i])) + if (i == 2 && positive_atoi(p[i], msglevel)) { - options->auth_token_renewal = positive_atoi(p[i]); + options->auth_token_renewal = positive_atoi(p[i], msglevel); } else if (streq(p[i], "external-auth")) { @@ -7716,7 +7748,7 @@ int n_bcast_buf; VERIFY_PERMISSION(OPT_P_GENERAL); - n_bcast_buf = atoi(p[1]); + n_bcast_buf = atoi_warn(p[1], msglevel); if (n_bcast_buf < 1) { msg(msglevel, "--bcast-buffers parameter must be > 0"); @@ -7728,7 +7760,7 @@ int tcp_queue_limit; VERIFY_PERMISSION(OPT_P_GENERAL); - tcp_queue_limit = atoi(p[1]); + tcp_queue_limit = atoi_warn(p[1], msglevel); if (tcp_queue_limit < 1) { msg(msglevel, "--tcp-queue-limit parameter must be > 0"); @@ -7876,10 +7908,10 @@ int ageing_time, check_interval; VERIFY_PERMISSION(OPT_P_GENERAL); - ageing_time = atoi(p[1]); + ageing_time = atoi_warn(p[1], msglevel); if (p[2]) { - check_interval = atoi(p[2]); + check_interval = atoi_warn(p[1], msglevel); } else { @@ -7908,7 +7940,7 @@ else if (streq(p[0], "push-continuation") && p[1] && !p[2]) { VERIFY_PERMISSION(OPT_P_PULL_MODE); - options->push_continuation = atoi(p[1]); + options->push_continuation = atoi_warn(p[1], msglevel); } else if (streq(p[0], "auth-user-pass") && !p[2]) { @@ -7933,7 +7965,7 @@ { VERIFY_PERMISSION(OPT_P_GENERAL); options->sc_info.challenge_text = p[1]; - if (atoi(p[2])) + if (atoi_warn(p[1], msglevel)) { options->sc_info.flags |= SC_ECHO; } @@ -8029,7 +8061,7 @@ { if (!streq(p[2], "default")) { - int offset = atoi(p[2]); + int offset = options_atoi(p[1], msglevel); if (!(offset > -256 && offset < 256)) { @@ -8045,7 +8077,7 @@ { const int min_lease = 30; int lease_time; - lease_time = atoi(p[3]); + lease_time = options_atoi(p[1], msglevel); if (lease_time < min_lease) { msg(msglevel, "--ip-win32 dynamic [offset] [lease-time]: lease time parameter (%d) must be at least %d seconds", lease_time, min_lease); @@ -8169,7 +8201,7 @@ else if (streq(p[1], "NBT") && p[2] && !p[3]) { int t; - t = atoi(p[2]); + t = options_atoi(p[1], msglevel); if (!(t == 1 || t == 2 || t == 4 || t == 8)) { msg(msglevel, "--dhcp-option NBT: parameter (%d) must be 1, 2, 4, or 8", t); @@ -8227,7 +8259,7 @@ #if defined(TARGET_ANDROID) else if (streq(p[1], "PROXY_HTTP") && p[3] && !p[4]) { - o->http_proxy_port = atoi(p[3]); + o->http_proxy_port = options_atoi(p[1], msglevel); o->http_proxy = p[2]; } #endif @@ -8261,7 +8293,7 @@ { int s; VERIFY_PERMISSION(OPT_P_DHCPDNS); - s = atoi(p[1]); + s = options_atoi(p[1], msglevel); if (s < 0 || s >= 256) { msg(msglevel, "--tap-sleep parameter must be between 0 and 255"); @@ -8344,7 +8376,7 @@ options->exit_event_name = p[1]; if (p[2]) { - options->exit_event_initial_state = (atoi(p[2]) != 0); + options->exit_event_initial_state = (options_atoi(p[1], msglevel) != 0); } } else if (streq(p[0], "allow-nonadmin") && !p[2]) @@ -8711,7 +8743,7 @@ { int replay_window; - replay_window = atoi(p[1]); + replay_window = atoi_warn(p[1], msglevel); if (!(MIN_SEQ_BACKTRACK <= replay_window && replay_window <= MAX_SEQ_BACKTRACK)) { msg(msglevel, "replay-window window size parameter (%d) must be between %d and %d", @@ -8726,7 +8758,7 @@ { int replay_time; - replay_time = atoi(p[2]); + replay_time = atoi_warn(p[1], msglevel); if (!(MIN_TIME_BACKTRACK <= replay_time && replay_time <= MAX_TIME_BACKTRACK)) { msg(msglevel, "replay-window time window parameter (%d) must be between %d and %d", @@ -9168,7 +9200,7 @@ else if (streq(p[0], "tls-timeout") && p[1] && !p[2]) { VERIFY_PERMISSION(OPT_P_TLS_PARMS); - options->tls_timeout = positive_atoi(p[1]); + options->tls_timeout = positive_atoi(p[1], msglevel); } else if (streq(p[0], "reneg-bytes") && p[1] && !p[2]) { @@ -9197,21 +9229,21 @@ else if (streq(p[0], "reneg-sec") && p[1] && !p[3]) { VERIFY_PERMISSION(OPT_P_TLS_PARMS); - options->renegotiate_seconds = positive_atoi(p[1]); + options->renegotiate_seconds = positive_atoi(p[1], msglevel); if (p[2]) { - options->renegotiate_seconds_min = positive_atoi(p[2]); + options->renegotiate_seconds_min = positive_atoi(p[2], msglevel); } } else if (streq(p[0], "hand-window") && p[1] && !p[2]) { VERIFY_PERMISSION(OPT_P_TLS_PARMS); - options->handshake_window = positive_atoi(p[1]); + options->handshake_window = positive_atoi(p[1], msglevel); } else if (streq(p[0], "tran-window") && p[1] && !p[2]) { VERIFY_PERMISSION(OPT_P_TLS_PARMS); - options->transition_window = positive_atoi(p[1]); + options->transition_window = positive_atoi(p[1], msglevel); } else if (streq(p[0], "tls-auth") && p[1] && !p[3]) { @@ -9348,7 +9380,7 @@ else if (streq(p[0], "show-pkcs11-ids") && !p[3]) { char *provider = p[1]; - bool cert_private = (p[2] == NULL ? false : ( atoi(p[2]) != 0 )); + bool cert_private = (p[2] == NULL ? false : (atoi_warn(p[1], msglevel) != 0 )); #ifdef DEFAULT_PKCS11_MODULE if (!provider) @@ -9400,7 +9432,7 @@ for (j = 1; j < MAX_PARMS && p[j] != NULL; ++j) { - options->pkcs11_protected_authentication[j-1] = atoi(p[j]) != 0 ? 1 : 0; + options->pkcs11_protected_authentication[j-1] = atoi_warn(p[j], msglevel) != 0 ? 1 : 0; } } else if (streq(p[0], "pkcs11-private-mode") && p[1]) @@ -9422,13 +9454,13 @@ for (j = 1; j < MAX_PARMS && p[j] != NULL; ++j) { - options->pkcs11_cert_private[j-1] = atoi(p[j]) != 0 ? 1 : 0; + options->pkcs11_cert_private[j-1] = atoi_warn(p[j], msglevel) != 0 ? 1 : 0; } } else if (streq(p[0], "pkcs11-pin-cache") && p[1] && !p[2]) { VERIFY_PERMISSION(OPT_P_GENERAL); - options->pkcs11_pin_cache_period = atoi(p[1]); + options->pkcs11_pin_cache_period = atoi_warn(p[1], msglevel); } else if (streq(p[0], "pkcs11-id") && p[1] && !p[2]) { @@ -9457,12 +9489,12 @@ { VERIFY_PERMISSION(OPT_P_PEER_ID); options->use_peer_id = true; - options->peer_id = atoi(p[1]); + options->peer_id = atoi_warn(p[1], msglevel); } #ifdef HAVE_EXPORT_KEYING_MATERIAL else if (streq(p[0], "keying-material-exporter") && p[1] && p[2]) { - int ekm_length = positive_atoi(p[2]); + int ekm_length = positive_atoi(p[2], msglevel); VERIFY_PERMISSION(OPT_P_GENERAL); @@ -9521,7 +9553,7 @@ else if (streq(p[0], "vlan-pvid") && p[1] && !p[2]) { VERIFY_PERMISSION(OPT_P_GENERAL|OPT_P_INSTANCE); - options->vlan_pvid = positive_atoi(p[1]); + options->vlan_pvid = positive_atoi(p[1], msglevel); if (options->vlan_pvid < OPENVPN_8021Q_MIN_VID || options->vlan_pvid > OPENVPN_8021Q_MAX_VID) {