[dm-devel] [PATCH 09/57] libmultipath: Do not use 'sscanf' for parsing integers

[Hannes Reinecke]

'sscanf' doesn't really have a way of signalling errors,
so strtoul(l) should be used instead.

Signed-off-by: Hannes Reinecke <hare at suse.de>
---
 libmultipath/discovery.c | 21 +++++++++++++--------
 1 file changed, 13 insertions(+), 8 deletions(-)

diff --git a/libmultipath/discovery.c b/libmultipath/discovery.c
index 446c91e..324e217 100644
--- a/libmultipath/discovery.c
+++ b/libmultipath/discovery.c
@@ -6,6 +6,7 @@
 #include <stdio.h>
 #include <ctype.h>
 #include <unistd.h>
+#include <limits.h>
 #include <fcntl.h>
 #include <sys/ioctl.h>
 #include <sys/stat.h>
@@ -237,8 +238,8 @@ sysfs_get_timeout(struct path *pp, unsigned int *timeout)
 	const char *attr = NULL;
 	const char *subsys;
 	struct udev_device *parent;
-	int r;
-	unsigned int t;
+	char *eptr;
+	unsigned long t;
 
 	if (!pp->udev || pp->bus != SYSFS_BUS_SCSI)
 		return -ENOSYS;
@@ -256,14 +257,17 @@ sysfs_get_timeout(struct path *pp, unsigned int *timeout)
 		return -ENXIO;
 	}
 
-	r = sscanf(attr, "%u\n", &t);
-
-	if (r != 1) {
+	t = strtoul(attr, &eptr, 0);
+	if (attr == eptr || t == ULONG_MAX) {
 		condlog(3, "%s: Cannot parse timeout attribute '%s'",
 			pp->dev, attr);
 		return -EINVAL;
 	}
-
+	if (t > UINT_MAX) {
+		condlog(3, "%s: Overflow in timeout value '%s'",
+			pp->dev, attr);
+		return -ERANGE;
+	}
 	*timeout = t;
 
 	return 0;
@@ -482,7 +486,7 @@ static void
 sysfs_set_rport_tmo(struct multipath *mpp, struct path *pp)
 {
 	struct udev_device *rport_dev = NULL;
-	char value[16];
+	char value[16], *eptr;
 	char rport_id[32];
 	unsigned long long tmo = 0;
 	int ret;
@@ -522,7 +526,8 @@ sysfs_set_rport_tmo(struct multipath *mpp, struct path *pp)
 				"error %d", rport_id, -ret);
 			goto out;
 		}
-		if (sscanf(value, "%llu\n", &tmo) != 1) {
+		tmo = strtoull(value, &eptr, 0);
+		if (value == eptr || tmo == ULLONG_MAX) {
 			condlog(0, "%s: Cannot parse dev_loss_tmo "
 				"attribute '%s'", rport_id, value);
 			goto out;
-- 
2.6.6