From: Christian Brauner <christian.brauner@canonical.com>
Date: Fri, 28 Oct 2016 18:10:25 +0000 (+0200)
Subject: conf/ile: avoid atoi in config_lsm_aa_incomplete()
X-Git-Tag: lxc-2.1.0~257^2~17
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a56e2df9cf7f319c8e593ad233ec997fd93f0d21;p=thirdparty%2Flxc.git

conf/ile: avoid atoi in config_lsm_aa_incomplete()

Signed-off-by: Christian Brauner <christian.brauner@canonical.com>
---

diff --git a/src/lxc/conf.h b/src/lxc/conf.h
index 6f40259eb..6532d8e27 100644
--- a/src/lxc/conf.h
+++ b/src/lxc/conf.h
@@ -317,7 +317,7 @@ struct lxc_conf {
 	struct lxc_list hooks[NUM_LXC_HOOKS];
 
 	char *lsm_aa_profile;
-	int lsm_aa_allow_incomplete;
+	unsigned int lsm_aa_allow_incomplete;
 	char *lsm_se_context;
 	int tmp_umount_proc;
 	char *seccomp;  // filename with the seccomp rules
diff --git a/src/lxc/confile.c b/src/lxc/confile.c
index a9f8a74a1..331a36dd9 100644
--- a/src/lxc/confile.c
+++ b/src/lxc/confile.c
@@ -1293,9 +1293,13 @@ static int config_lsm_aa_profile(const char *key, const char *value,
 static int config_lsm_aa_incomplete(const char *key, const char *value,
 				 struct lxc_conf *lxc_conf)
 {
-	int v = atoi(value);
+	if (lxc_safe_uint(value, &lxc_conf->lsm_aa_allow_incomplete) < 0)
+		return -1;
 
-	lxc_conf->lsm_aa_allow_incomplete = v == 1 ? 1 : 0;
+	if (lxc_conf->lsm_aa_allow_incomplete > 1) {
+		ERROR("Wrong value for lxc.lsm_aa_allow_incomplete. Can only be set to 0 or 1");
+		return -1;
+	}
 
 	return 0;
 }
@@ -1327,10 +1331,12 @@ static int config_loglevel(const char *key, const char *value,
 	if (!value || strlen(value) == 0)
 		return 0;
 
-	if (value[0] >= '0' && value[0] <= '9')
-		newlevel = atoi(value);
-	else
+	if (value[0] >= '0' && value[0] <= '9') {
+		if (lxc_safe_int(value, &newlevel) < 0)
+			return -1;
+	} else {
 		newlevel = lxc_log_priority_to_int(value);
+	}
 	// store these values in the lxc_conf, and then try to set for
 	// actual current logging.
 	lxc_conf->loglevel = newlevel;