DAG: Validate environment variables better. [skip ci]

infrastation · infrastation · commit bf563e1b7208 · 2024-10-29T19:44:12.000Z
Make the environment variables named constants.  Add a helper function
to convert strings to integers using a more thorough validation, such
that if it returns a non-negative integer for an input string, the
string definitely represents the number.  In dag_activate() reject
integers that are not one of the valid values.  In case of a validation
error include the rejected string value in the error message, not the
parsed integer value.

Before:
 # ERF_FCS_BITS=invalid tcpdump -ni dag0
(works as if ERF_FCS_BITS=0)
 # ERF_DONT_STRIP_FCS=never tcpdump -ni dag0
(works as if ERF_DONT_STRIP_FCS=1)

After:
 # ERF_FCS_BITS=invalid tcpdump -ni dag0
tcpdump: dag_activate dag0: invalid ERF_FCS_BITS value (invalid) in
  environment
 # ERF_DONT_STRIP_FCS=never tcpdump -ni dag0
tcpdump: dag_activate dag0: invalid ERF_DONT_STRIP_FCS value (never) in
  environment
diff --git a/CHANGES b/CHANGES
@@ -80,6 +80,8 @@ DayOfTheWeek, Month DD, YYYY / The Tcpdump Group
       Use PCAP_ERROR_NO_SUCH_DEVICE more in dag_activate().
       Validate capture device names better.
       Enumerate streams without trying to lock them.
+      If the environment variable ERF_FCS_BITS is set, require it to be either
+        0 or 16 or 32.  Likewise for ERF_DONT_STRIP_FCS (either 0 or 1).
 
 DayOfTheWeek, Month DD, YYYY / The Tcpdump Group
   Summary for 1.10.6 libpcap release (so far!)
diff --git a/doc/README.dag b/doc/README.dag
@@ -106,7 +106,7 @@ a HDLC/PoS/PPP/Frame Relay link with 16 bit CRC/FCS, then set
 ERF_FCS_BITS=16.
 
 If you wish to create a pcap file that DOES contain the Ethernet FCS,
-specify the environment variable ERF_DONT_STRIP_FCS. This will cause
+specify the environment variable ERF_DONT_STRIP_FCS=1.  This will cause
 the existing FCS to be captured into the pcap file. Note some
 applications may incorrectly report capture errors or oversize packets
 when reading these files.
diff --git a/pcap-dag.c b/pcap-dag.c
@@ -93,6 +93,30 @@ static int dag_set_datalink(pcap_t *p, int dlt);
 static int dag_get_datalink(pcap_t *p);
 static int dag_setnonblock(pcap_t *p, int nonblock);
 
+// Environment variables that can control behaviour of this libpcap module.
+#define ENV_RX_FCS_BITS "ERF_FCS_BITS"
+#define ENV_RX_FCS_NOSTRIP "ERF_DONT_STRIP_FCS"
+
+/*
+ * Convert the return value of getenv() to an integer using matching stricter
+ * than atoi().  If the environment variable is not set, return the default
+ * value.  Otherwise return an integer in the interval [0, INT32_MAX] or -1 on
+ * error.
+ */
+static int32_t
+strtouint31(const char *str, const int32_t defaultval) {
+	if (! str)
+		return defaultval;
+	if (! str[0])
+		return -1;
+
+	char * endp;
+	unsigned long val = strtoul(str, &endp, 10);
+	if (*endp || val > INT32_MAX)
+		return -1;
+	return (int32_t)val;
+}
+
 static void
 delete_pcap_dag(const pcap_t *p)
 {
@@ -829,33 +853,45 @@ static int dag_activate(pcap_t* p)
 		p->linktype_ext = LT_FCS_DATALINK_EXT(0);
 	} else {
 		/*
-		 * Start out assuming it's 32 bits.
+		 * Assume Rx FCS length to be 32 bits unless the user has
+		 * requested a different value, in which case validate it well.
 		 */
-		pd->dag_fcs_bits = 32;
-
-		/* Allow an environment variable to override. */
-		if ((s = getenv("ERF_FCS_BITS")) != NULL) {
-			if ((n = atoi(s)) == 0 || n == 16 || n == 32) {
-				pd->dag_fcs_bits = n;
-			} else {
-				ret = PCAP_ERROR;
-				snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
-				    "%s %s: bad ERF_FCS_BITS value (%d) in environment",
-				    __func__, device, n);
-				goto failstop;
-			}
+		s = getenv(ENV_RX_FCS_BITS);
+		switch ((n = strtouint31(s, 32))) {
+		case 0:
+		case 16:
+		case 32:
+			pd->dag_fcs_bits = n;
+			break;
+		default:
+			ret = PCAP_ERROR;
+			snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
+			    "%s %s: invalid %s value (%s) in environment",
+			    __func__, device, ENV_RX_FCS_BITS, s);
+			goto failstop;
 		}
 
 		/*
 		 * Did the user request that they not be stripped?
 		 */
-		if ((s = getenv("ERF_DONT_STRIP_FCS")) != NULL) {
+		s = getenv(ENV_RX_FCS_NOSTRIP);
+		switch ((n = strtouint31(s, 0))) {
+		case 0:
+			break;
+		case 1:
 			/* Yes.  Note the number of 16-bit words that will be
 			   supplied. */
 			p->linktype_ext = LT_FCS_DATALINK_EXT(pd->dag_fcs_bits/16);
 
 			/* And don't strip them. */
 			pd->dag_fcs_bits = 0;
+			break;
+		default:
+			ret = PCAP_ERROR;
+			snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
+			    "%s %s: invalid %s value (%s) in environment",
+			    __func__, device, ENV_RX_FCS_NOSTRIP, s);
+			goto failstop;
 		}
 	}
 
