[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#317590: marked as done (apt-spy: Please include improved error checks in argument parsing code)

Your message dated Sun, 21 Oct 2007 12:17:03 +0000
with message-id <E1IjZjr-00068x-9V@ries.debian.org>
and subject line Bug#317590: fixed in apt-spy 3.1-17
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message --- 
Package: apt-file
Severity: wishlist
Tags: patch

Please include improved error checks in argument parsing code.  Patch
is attached which will error on arguments such as "-n 10FOOBAR".

Also fixed is a spelling error and a grammar error.

This patch would probably conflict with:
apt-spy.inline-initializations, but I've included the necessary
renaming of the variable BESTNUMBER here.

Justin

diff -ur apt-spy-3.1/main.c apt-spy-3.1.jp6/main.c
--- apt-spy-3.1/main.c	2005-07-08 20:48:09.000000000 -0400
+++ apt-spy-3.1.jp6/main.c	2005-07-09 14:28:52.000000000 -0400
@@ -71,6 +71,7 @@
 	/* Parse options... */
 	while((c = getopt(argc, argv, "a:c:d:e:f:i:m:o:p:s:t:u:w:n:vh")) != -1)
 		switch(c) {
+		char *end;
 		/* Area to benchmark */
 		case 'a':
 			area = optarg;
@@ -85,7 +86,13 @@
 			break;
 		/* Number of servers to benchmark */
 		case 'e':
-			test_number = atoi(optarg);
+			test_number = strtol(optarg, &end, 10);
+			if (!*optarg || end!=optarg+strlen(optarg)) {
+				fprintf(stderr, "Error parsing number"
+						" of servers to be"
+						" benchmarked\n");
+				exit(1);
+			}
 			break;
 		/* File, relative to Debian base, to grab from server. */
 		case 'f':
@@ -111,9 +118,15 @@
 		case 's':
 			country_list = optarg;
 			break;
-		/* Time to bencmark each server for. */
+		/* Time for which to benchmark each server. */
 		case 't':
-			timeout = atoi(optarg);
+			timeout = strtol(optarg, &end, 10);
+			if (!*optarg || end!=optarg+strlen(optarg)) {
+				fprintf(stderr, "Error parsing server"
+						" benchmark time"
+						" interval\n");
+				exit(1);
+			}
 			break;
 		/* The URL we should update ourselves from */					
 		case 'u':
@@ -126,7 +139,13 @@
 			break;
 		/* Number of servers to write in "top" server list */
 		case 'n':
-			BESTNUMBER = atoi(optarg);
+			bestnumber = strtol(optarg, &end, 10);
+			if (!*optarg || end!=optarg+strlen(optarg)) {
+				fprintf(stderr, "Error parsing number"
+						" of best servers to"
+						" write\n");
+				exit(1);
+			}
 			break;
 		case 'v':
 			version();

--- End Message ---
--- Begin Message --- 
Source: apt-spy
Source-Version: 3.1-17

We believe that the bug you reported is fixed in the latest version of
apt-spy, which is due to be installed in the Debian FTP archive:

apt-spy_3.1-17.diff.gz
  to pool/main/a/apt-spy/apt-spy_3.1-17.diff.gz
apt-spy_3.1-17.dsc
  to pool/main/a/apt-spy/apt-spy_3.1-17.dsc
apt-spy_3.1-17_amd64.deb
  to pool/main/a/apt-spy/apt-spy_3.1-17_amd64.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 317590@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Raphael Geissert <atomo64@gmail.com> (supplier of updated apt-spy package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Sat, 20 Oct 2007 21:05:46 -0500
Source: apt-spy
Binary: apt-spy
Architecture: source amd64
Version: 3.1-17
Distribution: unstable
Urgency: low
Maintainer: Debian QA Group <packages@qa.debian.org>
Changed-By: Raphael Geissert <atomo64@gmail.com>
Description: 
 apt-spy    - writes a sources.list file based on bandwidth tests
Closes: 317590 418548 442165
Changes: 
 apt-spy (3.1-17) unstable; urgency=low
 .
   * QA upload.
   * Updated default mirrors list (new 02_mirrors-txt_update.diff)
   * Removed debian/TODO.Debian since there's nothing left to do
   * argument-parsing-error-checks.diff: improved error checking on passed arguments (Closes: #317590)
     - Thanks to Justin Pryzby
   * segfault_418548.diff: invalid pointer causes a segfault (Closes: #418548)
     - Thanks to Steve Kemp for the patch
   * sources.list-rename.diff: default output list to /etc/apt/sources.list.d/apt-spy.list avoiding overwrite of /etc/apt/sources.list (Closes: #442165)
   * Updated debian/menu to reflect new Debian Menu Sub-Policy
Files: 
 519b8c557797a8f995f1640dec41e9ff 601 admin optional apt-spy_3.1-17.dsc
 616cf9afdcd994fb955243ff17c3b2dd 28729 admin optional apt-spy_3.1-17.diff.gz
 d1512737c403302aab7eb79547ad42f1 31604 admin optional apt-spy_3.1-17_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFHG0FegY5NIXPNpFURAm+FAKCxo3bVgPEOz6dJZi3+95PKoZxHXwCggIE9
1ycCXvveoirMVyMCpBxfx0U=
=jD85
-----END PGP SIGNATURE-----

--- End Message ---
Reply to: