From 9ed90812c06ebfdd5bc2d355f2093941349e9f23 Mon Sep 17 00:00:00 2001
From: Robert Swiecki <robert@swiecki.net>
Date: Fri, 25 May 2018 23:53:11 +0200
Subject: [PATCH] better checks for strto*l errors

---
 cmdline.cc |  1 +
 contain.cc | 18 ++++++++++--------
 2 files changed, 11 insertions(+), 8 deletions(-)

diff --git a/cmdline.cc b/cmdline.cc
index 33b5591..0872606 100644
--- a/cmdline.cc
+++ b/cmdline.cc
@@ -288,6 +288,7 @@ uint64_t parseRLimit(int res, const char* optarg, unsigned long mul) {
 		    "provided)",
 		    res, optarg);
 	}
+	errno = 0;
 	uint64_t val = strtoull(optarg, NULL, 0) * mul;
 	if (val == ULLONG_MAX && errno != 0) {
 		PLOG_F("strtoul('%s', 0)", optarg);
diff --git a/contain.cc b/contain.cc
index c4beeed..ea33b42 100644
--- a/contain.cc
+++ b/contain.cc
@@ -25,6 +25,7 @@
 #include <errno.h>
 #include <fcntl.h>
 #include <inttypes.h>
+#include <limits.h>
 #include <signal.h>
 #include <stdbool.h>
 #include <stddef.h>
@@ -218,28 +219,29 @@ static bool containMakeFdsCOEProc(nsjconf_t* nsjconf) {
 		if (strcmp("..", entry->d_name) == 0) {
 			continue;
 		}
-		int fd = strtoul(entry->d_name, NULL, 10);
-		if (errno == EINVAL) {
-			LOG_W("Cannot convert /proc/self/fd/%s to a number", entry->d_name);
+		errno = 0;
+		long fd = strtol(entry->d_name, NULL, 10);
+		if (fd == LONG_MAX && errno != 0) {
+			PLOG_W("Cannot convert /proc/self/fd/%s to a number", entry->d_name);
 			continue;
 		}
 		int flags = TEMP_FAILURE_RETRY(fcntl(fd, F_GETFD, 0));
 		if (flags == -1) {
-			PLOG_D("fcntl(fd, F_GETFD, 0)");
+			PLOG_D("fcntl(fd=%ld, F_GETFD, 0)", fd);
 			closedir(dir);
 			return false;
 		}
 		if (containPassFd(nsjconf, fd)) {
-			LOG_D("FD=%d will be passed to the child process", fd);
+			LOG_D("FD=%ld will be passed to the child process", fd);
 			if (TEMP_FAILURE_RETRY(fcntl(fd, F_SETFD, flags & ~(FD_CLOEXEC))) == -1) {
-				PLOG_E("Could not clear FD_CLOEXEC for FD=%d", fd);
+				PLOG_E("Could not clear FD_CLOEXEC for FD=%ld", fd);
 				closedir(dir);
 				return false;
 			}
 		} else {
-			LOG_D("FD=%d will be closed before execve()", fd);
+			LOG_D("FD=%ld will be closed before execve()", fd);
 			if (TEMP_FAILURE_RETRY(fcntl(fd, F_SETFD, flags | FD_CLOEXEC)) == -1) {
-				PLOG_E("Could not set FD_CLOEXEC for FD=%d", fd);
+				PLOG_E("Could not set FD_CLOEXEC for FD=%ld", fd);
 				closedir(dir);
 				return false;
 			}