[Spread-users] segmentation fault in spmonitor's option parser
Neal H. Walfield
neal at walfield.org
Sat Nov 21 11:11:54 EST 2009
spmonitor is very sloppy about option parsing. For instance, if you
don't supply a mandatory argument to an option, it crashes. The
attached patch corrects this. It also prints out that an option is
unknown when this is the case. This latter change is arguably a
separate change but it related in the sense that the patch prints out
that a mandatory option is missing, if this is the case, and changes
this error scenario to act similarly.
Relatedly, for reading the port argument, sscanf is used but no
validation check is performed. In the very least, I think one ought
to check if MY_PORT has the value 0 and error out in this case. I
have not included a patch to change this behavior.
Neal
2009-11-21 Neal H. Walfield <neal at gnu.org>
* monitor.c (Usage): Don't segmentation fault if a mandatory
option is missing. If a flag is unknown, say so.
diff -c /home/neal/src/spread-src-4.1.0/daemon/monitor.c\~ /home/neal/src/spread-src-4.1.0/daemon/monitor.c
--- /home/neal/src/spread-src-4.1.0/daemon/monitor.c~ 2009-06-18 22:24:17.000000000 +0200
+++ /home/neal/src/spread-src-4.1.0/daemon/monitor.c 2009-11-21 16:59:26.000000000 +0100
@@ -1075,6 +1075,7 @@
static void Usage(int argc, char *argv[])
{
+ char *error = NULL;
My_name = 0; /* NULL */
My_port = 6543;
@@ -1087,7 +1088,9 @@
{
argv++;
- if( !strncmp( *argv, "-p", 2 ) )
+ if (argc == 1)
+ error = "Option missing mandatory argument.";
+ else if( !strncmp( *argv, "-p", 2 ) )
{
sscanf(argv[1], "%d", &My_port );
@@ -1112,8 +1115,12 @@
strcpy( Config_file, argv[1] );
argc--; argv++;
- }else{
- Alarm( EXIT, "Usage: spmonitor\n%s\n%s\n%s\n%s\n",
+ }else
+ error = "Unknown option.";
+
+ if (error) {
+ Alarm( EXIT, "%s\nUsage: spmonitor\n%s\n%s\n%s\n%s\n",
+ error,
"\t[-p <port number>]: specify port number",
"\t[-n <proc name>] : force computer name",
"\t[-t <status timeout>]: specify number of seconds between status queries",
Diff finished. Sat Nov 21 17:00:23 2009
More information about the Spread-users
mailing list