diff --git a/src/app-layer-htp.c b/src/app-layer-htp.c index acf005aefa42..b96c67706dee 100644 --- a/src/app-layer-htp.c +++ b/src/app-layer-htp.c @@ -45,6 +45,7 @@ #include "util-pool.h" #include "util-radix-tree.h" #include "util-file.h" +#include "util-byte.h" #include "stream-tcp-private.h" #include "stream-tcp-reassemble.h" @@ -2794,11 +2795,12 @@ static void HTPConfigParseParameters(HTPCfgRec *cfg_prec, ConfNode *s, cfg_prec->randomize = ConfValIsTrue(p->val); } } else if (strcasecmp("randomize-inspection-range", p->name) == 0) { - uint32_t range = atoi(p->val); - if (range > 100) { - SCLogError(SC_ERR_SIZE_PARSE, "Invalid value for randomize" - " inspection range setting from conf file - %s." - " It should be inferior to 100." + uint32_t range; + if (StringParseU32RangeCheck(&range, 10, 0, + (const char *)p->val, 0, 100) < 0) { + SCLogError(SC_ERR_INVALID_VALUE, "Invalid value for randomize" + "-inspection-range setting from conf file - \"%s\"." + " It should be a valid integer less than or equal to 100." " Killing engine", p->val); exit(EXIT_FAILURE); diff --git a/src/counters.c b/src/counters.c index dda69ad5262a..e292b07db315 100644 --- a/src/counters.c +++ b/src/counters.c @@ -33,6 +33,7 @@ #include "util-time.h" #include "util-unittest.h" #include "util-debug.h" +#include "util-byte.h" #include "util-privs.h" #include "util-signal.h" #include "unix-manager.h" @@ -251,7 +252,12 @@ static void StatsInitCtxPreOutput(void) const char *interval = ConfNodeLookupChildValue(stats, "interval"); if (interval != NULL) - stats_tts = (uint32_t) atoi(interval); + if (StringParseUint32(&stats_tts, 10, 0, interval) < 0) { + SCLogWarning(SC_ERR_INVALID_VALUE, "Invalid value for " + "interval: \"%s\". Resetting to %d.", interval, + STATS_MGMTT_TTS); + stats_tts = STATS_MGMTT_TTS; + } int b; int ret = ConfGetChildValueBool(stats, "decoder-events", &b); diff --git a/src/detect-engine-address.c b/src/detect-engine-address.c index 341114844ba2..df292fc323c4 100644 --- a/src/detect-engine-address.c +++ b/src/detect-engine-address.c @@ -44,6 +44,7 @@ #include "detect-engine-port.h" #include "util-debug.h" +#include "util-byte.h" #include "util-print.h" #include "util-var.h" @@ -483,10 +484,9 @@ static int DetectAddressParseString(DetectAddress *dd, const char *str) goto error; } - int cidr = atoi(mask); - if (cidr < 0 || cidr > 32) + int cidr; + if (StringParseI32RangeCheck(&cidr, 10, 0, (const char *)mask, 0, 32) < 0) goto error; - netmask = CIDRGet(cidr); } else { /* 1.2.3.4/255.255.255.0 format */ @@ -543,9 +543,9 @@ static int DetectAddressParseString(DetectAddress *dd, const char *str) ip[mask - ip] = '\0'; mask++; - int cidr = atoi(mask); - if (cidr < 0 || cidr > 128) - goto error; + int cidr; + if (StringParseI32RangeCheck(&cidr, 10, 0, (const char *)mask, 0, 128) < 0) + goto error; r = inet_pton(AF_INET6, ip, &in6); if (r <= 0) diff --git a/src/detect-engine-iponly.c b/src/detect-engine-iponly.c index 099781f6fafc..a3d63213cd75 100644 --- a/src/detect-engine-iponly.c +++ b/src/detect-engine-iponly.c @@ -53,6 +53,7 @@ #include "util-unittest.h" #include "util-unittest-helper.h" #include "util-print.h" +#include "util-byte.h" #include "util-profiling.h" #include "util-validate.h" @@ -165,8 +166,8 @@ static int IPOnlyCIDRItemParseSingle(IPOnlyCIDRItem *dd, const char *str) goto error; } - int cidr = atoi(mask); - if (cidr < 0 || cidr > 32) + int cidr; + if (StringParseI32RangeCheck(&cidr, 10, 0, (const char *)mask, 0, 32) < 0) goto error; dd->netmask = cidr; @@ -263,7 +264,10 @@ static int IPOnlyCIDRItemParseSingle(IPOnlyCIDRItem *dd, const char *str) goto error; /* Format is cidr val */ - dd->netmask = atoi(mask); + if (StringParseU8RangeCheck(&dd->netmask, 10, 0, + (const char *)mask, 0, 128) < 0) { + goto error; + } memcpy(dd->ip, &in6.s6_addr, sizeof(ip6addr)); } else { diff --git a/src/detect-engine.c b/src/detect-engine.c index 28cbbcc24565..3d38b5799c98 100644 --- a/src/detect-engine.c +++ b/src/detect-engine.c @@ -2307,7 +2307,15 @@ static int DetectEngineCtxLoadConf(DetectEngineCtx *de_ctx) } if (insp_recursion_limit != NULL) { - de_ctx->inspection_recursion_limit = atoi(insp_recursion_limit); + if (StringParseInt32(&de_ctx->inspection_recursion_limit, 10, + 0, (const char *)insp_recursion_limit) < 0) { + SCLogWarning(SC_ERR_INVALID_VALUE, "Invalid value for " + "detect-engine.inspection-recursion-limit: %s " + "resetting to %d", insp_recursion_limit, + DETECT_ENGINE_DEFAULT_INSPECTION_RECURSION_LIMIT); + de_ctx->inspection_recursion_limit = + DETECT_ENGINE_DEFAULT_INSPECTION_RECURSION_LIMIT; + } } else { de_ctx->inspection_recursion_limit = DETECT_ENGINE_DEFAULT_INSPECTION_RECURSION_LIMIT; @@ -4299,7 +4307,7 @@ static int DetectEngineTest02(void) if (de_ctx == NULL) goto end; - result = (de_ctx->inspection_recursion_limit == -1); + result = (de_ctx->inspection_recursion_limit == DETECT_ENGINE_DEFAULT_INSPECTION_RECURSION_LIMIT); end: if (de_ctx != NULL) diff --git a/src/detect-id.c b/src/detect-id.c index 86db49a1542d..56368668a3b7 100644 --- a/src/detect-id.c +++ b/src/detect-id.c @@ -38,6 +38,7 @@ #include "flow-var.h" #include "util-debug.h" +#include "util-byte.h" #include "util-unittest.h" #include "util-unittest-helper.h" @@ -150,12 +151,9 @@ static DetectIdData *DetectIdParse (const char *idstr) } /* ok, fill the id data */ - temp = atoi((char *)tmp_str); - - if (temp > DETECT_IPID_MAX) { - SCLogError(SC_ERR_INVALID_VALUE, "invalid id option '%s'. The id option " - "value must be in the range %u - %u", - idstr, DETECT_IPID_MIN, DETECT_IPID_MAX); + if (StringParseU32RangeCheck(&temp, 10, 0, (const char *)tmp_str, + DETECT_IPID_MIN, DETECT_IPID_MAX) < 0) { + SCLogError(SC_ERR_INVALID_VALUE, "invalid id option '%s'", tmp_str); return NULL; } diff --git a/src/detect-xbits.c b/src/detect-xbits.c index c833f7b6b1ca..4487388975e8 100644 --- a/src/detect-xbits.c +++ b/src/detect-xbits.c @@ -32,6 +32,7 @@ #include "detect-xbits.h" #include "detect-hostbits.h" #include "util-spm.h" +#include "util-byte.h" #include "detect-engine-sigorder.h" @@ -196,7 +197,7 @@ static int DetectXbitParse(DetectEngineCtx *de_ctx, char fb_cmd_str[16] = "", fb_name[256] = ""; char hb_dir_str[16] = ""; enum VarTypes var_type = VAR_TYPE_NOT_SET; - int expire = DETECT_XBITS_EXPIRE_DEFAULT; + uint32_t expire = DETECT_XBITS_EXPIRE_DEFAULT; ret = DetectParsePcreExec(&parse_regex, rawstr, 0, 0, ov, MAX_SUBSTRINGS); if (ret != 2 && ret != 3 && ret != 4 && ret != 5) { @@ -247,10 +248,9 @@ static int DetectXbitParse(DetectEngineCtx *de_ctx, return -1; } SCLogDebug("expire_str %s", expire_str); - expire = atoi(expire_str); - if (expire < 0) { - SCLogError(SC_ERR_INVALID_VALUE, "expire must be positive. " - "Got %d (\"%s\")", expire, expire_str); + if (StringParseUint32(&expire, 10, 0, (const char *)expire_str) < 0) { + SCLogError(SC_ERR_INVALID_VALUE, "Invalid value for " + "expire: \"%s\"", expire_str); return -1; } if (expire == 0) { diff --git a/src/reputation.c b/src/reputation.c index eaba62119c51..fd24333fccd2 100644 --- a/src/reputation.c +++ b/src/reputation.c @@ -28,6 +28,7 @@ #include "suricata-common.h" #include "util-error.h" #include "util-debug.h" +#include "util-byte.h" #include "util-ip.h" #include "util-radix-tree.h" #include "util-unittest.h" @@ -251,10 +252,9 @@ static int SRepCatSplitLine(char *line, uint8_t *cat, char *shortname, size_t sh SCLogDebug("%s, %s", ptrs[0], ptrs[1]); - int c = atoi(ptrs[0]); - if (c < 0 || c >= SREP_MAX_CATS) { + int c; + if (StringParseI32RangeCheck(&c, 10, 0, (const char *)ptrs[0], 0, SREP_MAX_CATS - 1) < 0) return -1; - } *cat = (uint8_t)c; strlcpy(shortname, ptrs[1], shortname_len); @@ -305,15 +305,12 @@ static int SRepSplitLine(SRepCIDRTree *cidr_ctx, char *line, Address *ip, uint8_ if (strcmp(ptrs[0], "ip") == 0) return 1; - int c = atoi(ptrs[1]); - if (c < 0 || c >= SREP_MAX_CATS) { + int c, v; + if (StringParseI32RangeCheck(&c, 10, 0, (const char *)ptrs[1], 0, SREP_MAX_CATS - 1) < 0) return -1; - } - int v = atoi(ptrs[2]); - if (v < 0 || v > SREP_MAX_VAL) { + if (StringParseI32RangeCheck(&v, 10, 0, (const char *)ptrs[2], 0, SREP_MAX_VAL) < 0) return -1; - } if (strchr(ptrs[0], '/') != NULL) { SRepCIDRAddNetblock(cidr_ctx, ptrs[0], c, v); diff --git a/src/runmode-af-packet.c b/src/runmode-af-packet.c index 3e62ad3e8600..0f56b11eaf65 100644 --- a/src/runmode-af-packet.c +++ b/src/runmode-af-packet.c @@ -54,6 +54,7 @@ #include "util-runmodes.h" #include "util-ioctl.h" #include "util-ebpf.h" +#include "util-byte.h" #include "source-af-packet.h" @@ -194,7 +195,11 @@ static void *ParseAFPConfig(const char *iface) if (strcmp(threadsstr, "auto") == 0) { aconf->threads = 0; } else { - aconf->threads = atoi(threadsstr); + if (StringParseInt32(&aconf->threads, 10, 0, (const char *)threadsstr) < 0) { + SCLogWarning(SC_ERR_INVALID_VALUE, "Invalid number of " + "threads, resetting to default"); + aconf->threads = 0; + } } } } @@ -289,7 +294,10 @@ static void *ParseAFPConfig(const char *iface) if (ConfGetChildValueWithDefault(if_root, if_default, "cluster-id", &tmpclusterid) != 1) { aconf->cluster_id = (uint16_t)(cluster_id_auto++); } else { - aconf->cluster_id = (uint16_t)atoi(tmpclusterid); + if (StringParseInt32(&aconf->cluster_id, 10, 0, (const char *)tmpclusterid) < 0) { + SCLogWarning(SC_ERR_INVALID_VALUE, "Invalid cluster_id, resetting to 0"); + aconf->cluster_id = 0; + } SCLogDebug("Going to use cluster-id %" PRId32, aconf->cluster_id); } diff --git a/src/runmode-napatech.c b/src/runmode-napatech.c index d339b2f7d58f..1b23cdb2a0ea 100644 --- a/src/runmode-napatech.c +++ b/src/runmode-napatech.c @@ -30,6 +30,7 @@ #include "util-debug.h" #include "util-time.h" #include "util-cpu.h" +#include "util-byte.h" #include "util-affinity.h" #include "util-runmodes.h" #include "util-device.h" @@ -195,8 +196,12 @@ static void *NapatechConfigParser(const char *device) return NULL; } - /* device+5 is a pointer to the beginning of the stream id after the constant nt portion */ - conf->stream_id = atoi(device + 2); + /* device+2 is a pointer to the beginning of the stream id after the constant nt portion */ + if (StringParseUint16(&conf->stream_id, 10, 0, device + 2) < 0) { + SCLogError(SC_ERR_INVALID_VALUE, "Invalid value for stream_id: %s", device + 2); + SCFree(conf); + return NULL; + } /* Set the host buffer allowance for this stream * Right now we just look at the global default - there is no per-stream hba configuration diff --git a/src/runmode-netmap.c b/src/runmode-netmap.c index 6962a33c8972..0e1e9c157c6c 100644 --- a/src/runmode-netmap.c +++ b/src/runmode-netmap.c @@ -51,6 +51,7 @@ #include "util-device.h" #include "util-runmodes.h" #include "util-ioctl.h" +#include "util-byte.h" #include "source-netmap.h" @@ -148,7 +149,11 @@ static int ParseNetmapSettings(NetmapIfaceSettings *ns, const char *iface, ns->threads = 0; ns->threads_auto = true; } else { - ns->threads = atoi(threadsstr); + if (StringParseUint16(&ns->threads, 10, 0, threadsstr) < 0) { + SCLogWarning(SC_ERR_INVALID_VALUE, "Invalid config value for " + "threads: %s, resetting to 0", threadsstr); + ns->threads = 0; + } } } diff --git a/src/runmode-pcap.c b/src/runmode-pcap.c index 76c25e258f94..53b49f74da5e 100644 --- a/src/runmode-pcap.c +++ b/src/runmode-pcap.c @@ -31,6 +31,7 @@ #include "util-runmodes.h" #include "util-atomic.h" #include "util-misc.h" +#include "util-byte.h" const char *RunModeIdsGetDefaultMode(void) { @@ -144,7 +145,11 @@ static void *ParsePcapConfig(const char *iface) aconf->threads = 1; } else { if (threadsstr != NULL) { - aconf->threads = atoi(threadsstr); + if (StringParseInt32(&aconf->threads, 10, 0, (const char *)threadsstr) < 0) { + SCLogWarning(SC_ERR_INVALID_VALUE, "Invalid value for " + "pcap.threads: %s, resetting to 1", threadsstr); + aconf->threads = 1; + } } } if (aconf->threads == 0) { diff --git a/src/runmode-pfring.c b/src/runmode-pfring.c index 1ade2024277f..03c0fea7e6b3 100644 --- a/src/runmode-pfring.c +++ b/src/runmode-pfring.c @@ -30,6 +30,7 @@ #include "util-runmodes.h" #include "util-device.h" #include "util-ioctl.h" +#include "util-byte.h" #ifdef HAVE_PFRING #include @@ -123,7 +124,11 @@ static void *OldParsePfringConfig(const char *iface) pfconf->threads = 1; } else { if (threadsstr != NULL) { - pfconf->threads = atoi(threadsstr); + if (StringParseUint16(&pfconf->threads, 10, 0, threadsstr) < 0) { + SCLogWarning(SC_ERR_INVALID_VALUE, "Invalid value for " + "pfring.threads: '%s'. Resetting to 1.", threadsstr); + pfconf->threads = 1; + } } } if (pfconf->threads == 0) { @@ -141,7 +146,11 @@ static void *OldParsePfringConfig(const char *iface) } else if (ConfGet("pfring.cluster-id", &tmpclusterid) != 1) { SCLogError(SC_ERR_INVALID_ARGUMENT,"Could not get cluster-id from config"); } else { - pfconf->cluster_id = (uint16_t)atoi(tmpclusterid); + if (StringParseUint16(&pfconf->cluster_id, 10, 0, (const char *)tmpclusterid) < 0) { + SCLogWarning(SC_ERR_INVALID_VALUE, "Invalid value for " + "pfring.cluster_id: '%s'. Resetting to 1.", tmpclusterid); + pfconf->cluster_id = 1; + } pfconf->flags |= PFRING_CONF_FLAGS_CLUSTER; SCLogDebug("Going to use cluster-id %" PRId32, pfconf->cluster_id); } @@ -255,7 +264,11 @@ static void *ParsePfringConfig(const char *iface) } } } else { - pfconf->threads = atoi(threadsstr); + if (StringParseUint16(&pfconf->threads, 10, 0, (const char *)threadsstr) < 0) { + SCLogWarning(SC_ERR_INVALID_VALUE, "Invalid value for " + "pfring.threads: '%s'. Resetting to 1.", threadsstr); + pfconf->threads = 1; + } } } if (pfconf->threads <= 0) { @@ -267,7 +280,11 @@ static void *ParsePfringConfig(const char *iface) /* command line value has precedence */ if (ConfGet("pfring.cluster-id", &tmpclusterid) == 1) { - pfconf->cluster_id = (uint16_t)atoi(tmpclusterid); + if (StringParseUint16(&pfconf->cluster_id, 10, 0, (const char *)tmpclusterid) < 0) { + SCLogWarning(SC_ERR_INVALID_VALUE, "Invalid value for " + "pfring.cluster-id: '%s'. Resetting to 1.", tmpclusterid); + pfconf->cluster_id = 1; + } pfconf->flags |= PFRING_CONF_FLAGS_CLUSTER; SCLogDebug("Going to use command-line provided cluster-id %" PRId32, pfconf->cluster_id); @@ -283,7 +300,11 @@ static void *ParsePfringConfig(const char *iface) SCLogError(SC_ERR_INVALID_ARGUMENT, "Could not get cluster-id from config"); } else { - pfconf->cluster_id = (uint16_t)atoi(tmpclusterid); + if (StringParseUint16(&pfconf->cluster_id, 10, 0, (const char *)tmpclusterid) < 0) { + SCLogWarning(SC_ERR_INVALID_VALUE, "Invalid value for " + "pfring.cluster-id: '%s'. Resetting to 1.", tmpclusterid); + pfconf->cluster_id = 1; + } pfconf->flags |= PFRING_CONF_FLAGS_CLUSTER; SCLogDebug("Going to use cluster-id %" PRId32, pfconf->cluster_id); } diff --git a/src/source-netmap.h b/src/source-netmap.h index 3755cd3cf8e3..adfdaf57d3cb 100644 --- a/src/source-netmap.h +++ b/src/source-netmap.h @@ -48,7 +48,7 @@ typedef struct NetmapIfaceSettings_ bool ips; /**< set to true if checksum_mode != NETMAP_COPY_MODE_NONE */ bool threads_auto; - int threads; + uint16_t threads; int copy_mode; ChecksumValidationMode checksum_mode; const char *bpf_filter;