shadow-maint · alejandro-colomar · Dec 1, 2023 · Jan 6, 2024 · Jan 9, 2024 · Jan 9, 2024
diff --git a/lib/Makefile.am b/lib/Makefile.am
@@ -33,6 +33,8 @@ libshadow_la_SOURCES = \
 	alloc.h \
 	atoi/a2i.c \
 	atoi/a2i.h \
+	atoi/getnum.c \
+	atoi/getnum.h \
 	atoi/str2i.c \
 	atoi/str2i.h \
 	atoi/strtoi.c \
@@ -71,9 +73,7 @@ libshadow_la_SOURCES = \
 	find_new_sub_gids.c \
 	find_new_sub_uids.c \
 	fputsx.c \
-	get_gid.c \
 	get_pid.c \
-	get_uid.c \
 	getdate.h \
 	getdate.y \
 	getdef.c \
@@ -165,6 +165,7 @@ libshadow_la_SOURCES = \
 	time/day_to_str.c \
 	time/day_to_str.h \
 	ttytype.c \
+	typetraits.h \
 	tz.c \
 	ulimit.c \
 	user_busy.c \

diff --git a/lib/atoi/getnum.c b/lib/atoi/getnum.c
@@ -0,0 +1,16 @@
+// SPDX-FileCopyrightText: 2009, Nicolas François
+// SPDX-FileCopyrightText: 2023-2024, Alejandro Colomar <alx@kernel.org>
+// SPDX-License-Identifier: BSD-3-Clause
+
+
+#include <config.h>
+
+#include <sys/types.h>
+
+#include "atoi/getnum.h"
+
+
+extern inline int get_fd(const char *restrict fdstr, int *restrict fd);
+extern inline int get_gid(const char *restrict gidstr, gid_t *restrict gid);
+extern inline int get_pid(const char *restrict pidstr, pid_t *restrict pid);
+extern inline int get_uid(const char *restrict uidstr, uid_t *restrict uid);
diff --git a/lib/atoi/getnum.h b/lib/atoi/getnum.h
@@ -0,0 +1,59 @@
+// SPDX-FileCopyrightText: 2009, Nicolas François
+// SPDX-FileCopyrightText: 2023-2024, Alejandro Colomar <alx@kernel.org>
+// SPDX-License-Identifier: BSD-3-Clause
+
+
+#ifndef SHADOW_INCLUDE_LIB_ATOI_GETNUM_H_
+#define SHADOW_INCLUDE_LIB_ATOI_GETNUM_H_
+
+
+#include <config.h>
+
+#include <limits.h>
+#include <stddef.h>
+#include <sys/types.h>
+
+#include "atoi/a2i.h"
+#include "attr.h"
+#include "typetraits.h"
+
+
+ATTR_STRING(1) ATTR_ACCESS(write_only, 2)
+inline int get_fd(const char *restrict fdstr, int *restrict fd);
+ATTR_STRING(1) ATTR_ACCESS(write_only, 2)
+inline int get_gid(const char *restrict gidstr, gid_t *restrict gid);
+ATTR_STRING(1) ATTR_ACCESS(write_only, 2)
+inline int get_pid(const char *restrict pidstr, pid_t *restrict pid);
+ATTR_STRING(1) ATTR_ACCESS(write_only, 2)
+inline int get_uid(const char *restrict uidstr, uid_t *restrict uid);
+
+
+inline int
+get_fd(const char *restrict fdstr, int *restrict fd)
+{
+	return a2si(fd, fdstr, NULL, 10, 0, INT_MAX);
+}
+
+
+inline int
+get_gid(const char *restrict gidstr, gid_t *restrict gid)
+{
+	return a2i(gid_t, gid, gidstr, NULL, 10, type_min(gid_t), type_max(gid_t));
+}
+
+
+inline int
+get_pid(const char *restrict pidstr, pid_t *restrict pid)
+{
+	return a2i(pid_t, pid, pidstr, NULL, 10, 1, type_max(pid_t));
+}
+
+
+inline int
+get_uid(const char *restrict uidstr, uid_t *restrict uid)
+{
+	return a2i(uid_t, uid, uidstr, NULL, 10, type_min(uid_t), type_max(uid_t));
+}
+
+
+#endif  // include guard
diff --git a/lib/commonio.c b/lib/commonio.c
@@ -23,6 +23,7 @@
 #include <signal.h>
 
 #include "alloc.h"
+#include "atoi/getnum.h"
 #include "memzero.h"
 #include "nscd.h"
 #include "sssd.h"

diff --git a/lib/get_gid.c b/lib/get_gid.c
diff --git a/lib/get_pid.c b/lib/get_pid.c
@@ -1,8 +1,7 @@
-/*
- * SPDX-FileCopyrightText: 2009       , Nicolas François
- *
- * SPDX-License-Identifier: BSD-3-Clause
- */
+// SPDX-FileCopyrightText: 2009, Nicolas François
+// SPDX-FileCopyrightText: 2023-2024, Alejandro Colomar <alx@kernel.org>
+// SPDX-License-Identifier: BSD-3-Clause
+
 
 #include <config.h>
 
@@ -14,50 +13,23 @@
 #include <sys/stat.h>
 #include <fcntl.h>
 
+#include "atoi/getnum.h"
 #include "string/sprintf.h"
 
 
-int
-get_pid(const char *pidstr, pid_t *pid)
-{
-	char       *end;
-	long long  val;
-
-	errno = 0;
-	val = strtoll(pidstr, &end, 10);
-	if (   ('\0' == *pidstr)
-	    || ('\0' != *end)
-	    || (0 != errno)
-	    || (val < 1)
-	    || (/*@+longintegral@*/val != (pid_t)val)/*@=longintegral@*/) {
-		return -1;
-	}
-
-	*pid = val;
-	return 0;
-}
-
 /*
  * If use passed in fd:4 as an argument, then return the
  * value '4', the fd to use.
  * On error, return -1.
  */
 int get_pidfd_from_fd(const char *pidfdstr)
 {
-	char         *end;
-	long long    val;
+	int          pidfd;
 	struct stat  st;
 	dev_t proc_st_dev, proc_st_rdev;
 
-	errno = 0;
-	val = strtoll(pidfdstr, &end, 10);
-	if (   ('\0' == *pidfdstr)
-	    || ('\0' != *end)
-	    || (0 != errno)
-	    || (val < 0)
-	    || (/*@+longintegral@*/val != (int)val)/*@=longintegral@*/) {
+	if (get_fd(pidfdstr, &pidfd) == -1)
 		return -1;
-	}
 
 	if (stat("/proc/self/uid_map", &st) < 0) {
 		return -1;
@@ -66,15 +38,15 @@ int get_pidfd_from_fd(const char *pidfdstr)
 	proc_st_dev = st.st_dev;
 	proc_st_rdev = st.st_rdev;
 
-	if (fstat(val, &st) < 0) {
+	if (fstat(pidfd, &st) < 0) {
 		return -1;
 	}
 
 	if (st.st_dev != proc_st_dev || st.st_rdev != proc_st_rdev) {
 		return -1;
 	}
 
-	return (int)val;
+	return pidfd;
 }
 
 int open_pidfd(const char *pidstr)

diff --git a/lib/get_uid.c b/lib/get_uid.c
diff --git a/lib/getgr_nam_gid.c b/lib/getgr_nam_gid.c
@@ -1,11 +1,10 @@
-/*
- * SPDX-FileCopyrightText: 1991 - 1994, Julianne Frances Haugh
- * SPDX-FileCopyrightText: 1996 - 2000, Marek Michałkiewicz
- * SPDX-FileCopyrightText: 2000 - 2006, Tomasz Kłoczko
- * SPDX-FileCopyrightText: 2007 - 2009, Nicolas François
- *
- * SPDX-License-Identifier: BSD-3-Clause
- */
+// SPDX-FileCopyrightText: 1991-1994, Julianne Frances Haugh
+// SPDX-FileCopyrightText: 1996-2000, Marek Michałkiewicz
+// SPDX-FileCopyrightText: 2000-2006, Tomasz Kłoczko
+// SPDX-FileCopyrightText: 2007-2009, Nicolas François
+// SPDX-FileCopyrightText: 2023-2024, Alejandro Colomar <alx@kernel.org>
+// SPDX-License-Identifier: BSD-3-Clause
+
 
 #include <config.h>
 
@@ -14,30 +13,27 @@
 #include <stdlib.h>
 #include <errno.h>
 #include <grp.h>
+#include <sys/types.h>
+
+#include "atoi/getnum.h"
 #include "prototypes.h"
 
+
 /*
  * getgr_nam_gid - Return a pointer to the group specified by a string.
  * The string may be a valid GID or a valid groupname.
  * If the group does not exist on the system, NULL is returned.
  */
-extern /*@only@*//*@null@*/struct group *getgr_nam_gid (/*@null@*/const char *grname)
+extern /*@only@*//*@null@*/struct group *
+getgr_nam_gid(/*@null@*/const char *grname)
 {
-	char       *end;
-	long long  gid;
+	gid_t  gid;
 
-	if (NULL == grname) {
+	if (NULL == grname)
 		return NULL;
-	}
-
-	errno = 0;
-	gid = strtoll(grname, &end, 10);
-	if (   ('\0' != *grname)
-	    && ('\0' == *end)
-	    && (0 == errno)
-	    && (/*@+longintegral@*/gid == (gid_t)gid)/*@=longintegral@*/) {
-		return xgetgrgid (gid);
-	}
-	return xgetgrnam (grname);
+
+	if (get_gid(grname, &gid) == 0)
+		return xgetgrgid(gid);
+	return xgetgrnam(grname);
 }
 
diff --git a/lib/limits.c b/lib/limits.c
@@ -30,8 +30,10 @@
 #include "shadowlog.h"
 #include <sys/resource.h>
 
+#include "atoi/a2i.h"
 #include "atoi/str2i.h"
 #include "memzero.h"
+#include "typetraits.h"
 
 
 #ifndef LIMITS_FILE
@@ -49,28 +51,21 @@ static int setrlimit_value (unsigned int resource,
                             const char *value,
                             unsigned int multiplier)
 {
-	char           *end;
-	long           l;
-	rlim_t         limit;
+	rlim_t         l, limit;
 	struct rlimit  rlim;
 
 	/* The "-" is special, not belonging to a strange negative limit.
 	 * It is infinity, in a controlled way.
 	 */
 	if ('-' == value[0]) {
 		limit = RLIM_INFINITY;
-	}
-	else {
-		/* We cannot use str2sl() here because it fails when there
-		 * is more to the value than just this number!
-		 * Also, we are limited to base 10 here (hex numbers will not
-		 * work with the limit string parser as is anyway)
-		 */
-		errno = 0;
-		l = strtol(value, &end, 10);
 
-		if (value == end || errno != 0)
+	} else {
+		if (a2i(rlim_t, &l, value, NULL, 10, 0, type_max(rlim_t)) == -1
+		    && errno != ENOTSUP)
+		{
 			return 0;  // FIXME: We could instead throw an error, though.
+		}
 
 		if (__builtin_mul_overflow(l, multiplier, &limit)) {
 			/* FIXME: Again, silent error handling...