postfix-users October 2010 archive
Main Archive Page > Month Archives  > postfix-users archives
postfix-users: Overflow check when reading integer values from c

Overflow check when reading integer values from config?

From: Miroslav Lichvar <mlichvar_at_nospam>
Date: Fri Oct 08 2010 - 11:59:55 GMT
To: postfix-users@postfix.org

Hi,

there is an inconsistency between 64-bit and 32-bit systems when a
large integer which doesn't fit in int is specified in the config. On
32-bit the value is clamped to INT_MAX, because long is the same width
as int. This leads to strange situations when the same configuration
works on 32-bit, but fails on 64-bit, as I have seen in a recent
Fedora bug report with too large mailbox_size_limit.

So I'm wondering is this worth checking? The value could be always
clamped or it could be a fatal error if it's out of range.

Something like this (and similarly for the other data types):

--- mail_conf_int.c.orig
+++ mail_conf_int.c
@@ -80,6 +80,7 @@
 #include <sys_defs.h>
 #include <stdlib.h>
 #include <stdio.h> /* sscanf() */
+#include <errno.h>
 
 /* Utility library. */
 
@@ -97,10 +98,14 @@
 static int convert_mail_conf_int(const char *name, int *intval)
 {
     const char *strval;
- char junk;
+ char *end;
+ long longval;
 
     if ((strval = mail_conf_lookup_eval(name)) != 0) {
- if (sscanf(strval, "%d%c", intval, &junk) != 1)
+ errno = 0;
+ *intval = longval = strtol(strval, &end, 10);
+ if (*strval == '\0' || *end != '\0' || errno == ERANGE ||
+ longval != *intval)
             msg_fatal("bad numerical configuration: %s = %s", name, strval);
         return (1);
     }

Thanks,

-- Miroslav Lichvar