[patch] have rtprio check that arguments are numeric;
 change atoi to strtol
    Eitan Adler 
    lists at eitanadler.com
       
    Sun Jan  2 23:47:08 UTC 2011
    
    
  
What about this patch? I incorporated  your feedback so I am not going
to reply inline.
> The syntax of the prio commands is weird, there is an obvious corner
> (or wrongly handled) case, where the command name starts with a digit.
> Command name starting with dash is even harder.
>
I agree - and I wouldn't mind seeing the syntax changed (along with
the licensed changed to a 2 clause BSD license) - but I suspect the
benefits conferred by those two things would not be enough to overcome
the reluctance to change a very old command (since 1994). If I'm wrong
I'll gladly write a "cleanroom" version with sane syntax.
Index: rtprio.c
===================================================================
--- rtprio.c	(revision 216679)
+++ rtprio.c	(working copy)
@@ -41,6 +41,7 @@
 #include <ctype.h>
 #include <err.h>
+#include <libgen.h>
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
@@ -54,14 +55,12 @@
 	char  **argv;
 {
 	char   *p;
-	int     proc = 0;
+	pid_t     proc;
 	struct rtprio rtp;
+	char *invalidchar;
-	/* find basename */
-	if ((p = rindex(argv[0], '/')) == NULL)
-		p = argv[0];
-	else
-		++p;
+	proc = 0;
+	p = basename(argv[0]);
 	if (!strcmp(p, "rtprio"))
 		rtp.type = RTP_PRIO_REALTIME;
@@ -70,8 +69,10 @@
 	switch (argc) {
 	case 2:
-		proc = abs(atoi(argv[1]));	/* Should check if numeric
-						 * arg! */
+		proc = (int)strtol(argv[1], &invalidchar, 10);
+		if (*invalidchar != '\0')
+			errx(1,"Process should be a pid");
+		proc = abs(proc);
 		/* FALLTHROUGH */
 	case 1:
 		if (rtprio(RTP_LOOKUP, proc, &rtp) != 0)
@@ -104,16 +105,20 @@
 					break;
 				}
 			} else {
-				rtp.prio = atoi(argv[1]);
+				rtp.prio = (int)strtol(argv[1], &invalidchar, 10);
+				if (*invalidchar != '\0')
+					errx(1,"Priority should be a number", invalidchar);
 			}
 		} else {
 			usage();
 			break;
 		}
-		if (argv[2][0] == '-')
-			proc = -atoi(argv[2]);
-
+		if (argv[2][0] == '-') {
+			proc = (int)strtol(argv[2]+1, &invalidchar, 10);
+			if (*invalidchar != '\0')
+				errx(1,"Process should be a pid");
+		}
 		if (rtprio(RTP_SET, proc, &rtp) != 0)
 			err(1, "%s", argv[0]);
-- 
Eitan Adler
    
    
More information about the freebsd-hackers
mailing list