[PATCH] man: strto[iu](): BUGS: Document precedence of ENOTSUP over ERANGE

Alejandro Colomar alx at kernel.org
Sat Jan 20 12:05:58 UTC 2024 

Hi Thorsten,

On Sat, Jan 20, 2024 at 12:33:57AM +0000, Thorsten Glaser wrote:
> Alejandro Colomar dixit:
> 
> > .Sh BUGS
> >+If both
> >+.Er ERANGE
> >+and
> >+.Er ENOTSUP
> >+would happen,
> >+this function reports
> >+.Er ENOTSUP.
> >+This makes it impossible to reliably check for out-of-range values.
> 
> IMHO at the *very* most CAVEATS, not BUGS.

It is a bug when it results in around a dozen bugs in NetBSD, the same
project that designed the interface.  Especially, when none of the calls
in NetBSD (nor in Debian, FWIW) --exceptuating the implementation of
OpenBSD's strtonum(3)-- would be affected negatively if the bug is
fixed.

> You say…
> 
> >strtol(3) and relatives have (ignoring EINVAL) 3
> >stages, not 2.  Firstly we make sure we parsed a number, secondly we
> >make sure the number is valid (in range), and thirdly we check if
> >there's any trailing text.
> 
> … but that’s wrong from a security design PoV (even if the result
> here isn’t a security problem).

Have you actually checked that none of the bugs I found in NetBSD or
Debian due to this bug in strto[iu](3) result either directly or
indirectly in a security problem?

> 
> In general, first, you check if you have a valid anything, and only

ENOTSUP means we have a _valid_ number, followed by other text.

	s = "3 pears";
	how_many = my_strtoi(s, &end, 0, 0, basket_size, &status);
	if (status != ENOTSUP)
		errc(EXIT_FAILURE, status, "strtoi(\"%s\")", s);
	what = end;

> then (once you know that the type is correct) you check that it’s
> within that type’s bounds, not the other way round. This is also
> what strtonum(3) does and is IMHO correct.

Go do that with strtoi(3) or strtonum(3).

> bye,
> //mirabilos

Have a lovely day,
Alex

-- 
<https://www.alejandro-colomar.es/>
Looking for a remote C programming job at the moment.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <https://lists.freedesktop.org/archives/libbsd/attachments/20240120/aebe4894/attachment.sig>

More information about the libbsd mailing list