# HG changeset patch
# User Olaf Wintermann <olaf.wintermann@gmail.com>
# Date 1651998821 -7200
# Node ID f4a34b0869c7b543186f6363d03b4cc1a0a3a082
# Parent  c62ea2a2133bcc788278bacf8a026467e866c478
replace atoi with util_strtoint

diff -r c62ea2a2133b -r f4a34b0869c7 src/server/daemon/config.c
--- a/src/server/daemon/config.c	Sat May 07 15:07:01 2022 +0200
+++ b/src/server/daemon/config.c	Sun May 08 10:33:41 2022 +0200
@@ -388,19 +388,41 @@
     }
     
     if(min.length != 0) {
-        poolcfg.min_threads = atoi(min.ptr);
+        int64_t value;
+        if(util_strtoint(min.ptr, &value)) {
+            poolcfg.min_threads = value;
+        } else {
+            log_ereport(LOG_MISCONFIG, "Threadpool: MinThreads not an integer");
+            return 1;
+        }
     }
     
     if(max.length != 0) {
-        poolcfg.max_threads = atoi(max.ptr);
+        int64_t value;
+        if(util_strtoint(max.ptr, &value)) {
+            poolcfg.max_threads = value;
+        } else {
+            log_ereport(LOG_MISCONFIG, "Threadpool: MaxThreads not an integer");
+            return 1;
+        }
     }
     
     if(stack.length != 0) {
-        poolcfg.stack_size = atoi(stack.ptr);
+        int64_t value;
+        if(util_strtoint(stack.ptr, &value)) {
+            poolcfg.stack_size = value;
+        } else {
+            log_ereport(LOG_MISCONFIG, "Threadpool: StackSize not an integer");
+        }
     }
     
     if(queue.length != 0) {
-        poolcfg.queue_size = atoi(queue.ptr);
+        int64_t value;
+        if(util_strtoint(queue.ptr, &value)) {
+            poolcfg.queue_size = value;
+        } else {
+            log_ereport(LOG_MISCONFIG, "Threadpool: QueueSize not an integer");
+        }
     }
     
     create_threadpool(name, &poolcfg);
@@ -408,6 +430,7 @@
     return 0;
 }
 
+#define EV_MAX_THREADS 2048
 int cfg_handle_eventhandler(ServerConfiguration *c, ConfigNode *obj) {
     EventHandlerConfig evcfg;
     
@@ -417,7 +440,17 @@
     
     evcfg.name = name;
     
-    evcfg.nthreads = atoi(threads.ptr);
+    int64_t value;
+    if(!util_strtoint(threads.ptr, &value)) {
+        log_ereport(LOG_MISCONFIG, "EventHandler: Threads: '%s' is not an integer", threads.ptr);
+        return 1;
+    }
+    if(value < 1 || value > EV_MAX_THREADS) {
+        log_ereport(LOG_MISCONFIG, "EventHandler: Invalid number of threads (1 .. %d)", EV_MAX_THREADS);
+        return 1;
+    }
+    
+    evcfg.nthreads = value;
     
     evcfg.isdefault = util_getboolean(isdefault.ptr, 0);
     
@@ -525,8 +558,18 @@
     scstr_t blck = serverconfig_directive_value(obj, SC("BlockingIO"));
     
     // TODO: use sstrdup_pool?
+    int64_t port_value;
+    if(!util_strtoint(port.ptr, &port_value)) {
+        log_ereport(LOG_MISCONFIG, "Listener: Invalid argument for parameter 'Port': '%s'", port.ptr);
+        return 1;
+    }
+    if(port_value < 1 || port_value > 65535) {
+        log_ereport(LOG_MISCONFIG, "Listener: Port number out of range (1 .. 65535)");
+        return 1;
+    }
+    
     lc.name = sstrdup(name);
-    lc.port = atoi(port.ptr);
+    lc.port = port_value;
     lc.vs = sstrdup(vs);
     lc.threadpool = sstrdup(thrp);
     
diff -r c62ea2a2133b -r f4a34b0869c7 src/server/daemon/httprequest.c
--- a/src/server/daemon/httprequest.c	Sat May 07 15:07:01 2022 +0200
+++ b/src/server/daemon/httprequest.c	Sun May 08 10:33:41 2022 +0200
@@ -375,26 +375,26 @@
     // check for request body and prepare input buffer
     char *ctlen_str = pblock_findkeyval(pb_key_content_length, rq->rq.headers);
     if(ctlen_str) {
-        int ctlen = atoi(ctlen_str); // TODO: use other func
-              
-        //printf("request body length: %d\n", ctlen);
+        int64_t ctlen;
+        if(util_strtoint(ctlen_str, &ctlen)) {
+            netbuf *nb = sn->netbuf;
+            HttpStream *net_io = (HttpStream*)sn->sn.csd;
 
-        netbuf *nb = sn->netbuf;
-        HttpStream *net_io = (HttpStream*)sn->sn.csd;
+            // how many bytes are already read and in the buffer
+            int cur_input_available = nb->cursize - nb->pos;
 
-        // how many bytes are already read and in the buffer
-        int cur_input_available = nb->cursize - nb->pos;
-        
-        if(cur_input_available >= ctlen) {
-            // we have the whole request body in the buffer and
-            // maybe even more
-            // no more read from the socket is necessary to get the body,
-            // therefore disable it
-            net_io->max_read = 0;
-        } else {
-            // read still required to get the complete request body
-            net_io->max_read = ctlen - cur_input_available;
-        }
+            if(cur_input_available >= ctlen) {
+                // we have the whole request body in the buffer and
+                // maybe even more
+                // no more read from the socket is necessary to get the body,
+                // therefore disable it
+                net_io->max_read = 0;
+            } else {
+                // read still required to get the complete request body
+                net_io->max_read = ctlen - cur_input_available;
+            }
+            //printf("request body length: %d\n", ctlen);
+        } // else: should we abort?
     }
     char *transfer_encoding = pblock_findkeyval(pb_key_transfer_encoding, rq->rq.headers);
     if(transfer_encoding) {
@@ -878,10 +878,8 @@
             
             if(ret != REQ_NOACTION) {
                 if(ret == REQ_PROCEED) {
-                    /*
-                     * flush buffer and add termination if chunked encoding
-                     * is enabled
-                     */
+                    // flush buffer and add termination if chunked encoding
+                    // is enabled
                     net_finish(sn->sn.csd);
                 } else if(ret == REQ_PROCESSING) {
                     // save nsapi context
@@ -917,11 +915,18 @@
             if(ret == REQ_NOACTION) {
                 directive *d = dt->dirs[j];
 
-                // check status code parameter          
+                // check status code parameter
+                // Error SAFs can specify, for which status code they should
+                // be executed
                 char *status = pblock_findkeyval(pb_key_type, d->param);
                 if(status) {
-                    int statuscode = atoi(status);
-                    if(statuscode != rq->rq.status_num) {
+                    int64_t statuscode = -1;
+                    if(!util_strtoint(status, &statuscode)) {
+                        log_ereport(
+                                LOG_WARN,
+                                "nsapi_error: directive '%s' ignored: invalid type parameter: integer status code expected",
+                                d->func->name);
+                    } else if(statuscode != rq->rq.status_num) {
                         continue;
                     }
                 }
@@ -937,10 +942,8 @@
             }
             if(ret != REQ_NOACTION) {
                 if(ret == REQ_PROCEED) {
-                    /*
-                     * flush buffer and add termination if chunked encoding
-                     * is enabled
-                     */
+                    // flush buffer and add termination if chunked encoding
+                    // is enabled
                     net_finish(sn->sn.csd);
                 } else if(ret == REQ_PROCESSING) {
                     // save nsapi context
diff -r c62ea2a2133b -r f4a34b0869c7 src/server/util/pool.c
--- a/src/server/util/pool.c	Sat May 07 15:07:01 2022 +0200
+++ b/src/server/util/pool.c	Sun May 08 10:33:41 2022 +0200
@@ -65,6 +65,7 @@
 
 #include <stdlib.h>
 #include <string.h>
+#include <limits.h>
 //define PERM_MALLOC   malloc
 //define PERM_FREE     free
 //define PERM_REALLOC  realloc
@@ -91,6 +92,8 @@
     return 0;
 }
 
+#define POOL_MIN_BLOCKSIZE 128
+
 NSAPI_PUBLIC int
 pool_init(pblock *pb, Session *sn, Request *rq)
 {
@@ -101,11 +104,22 @@
     int n;
 
     //printf("standard block size: %d\n", pool_config.block_size);
-
+    
     if (str_block_size != NULL) {
-        n = atoi(str_block_size);
-        if (n > 0)
-            pool_config.block_size = n;
+        int64_t value;
+        if(!util_strtoint(str_block_size, &value)) {
+            log_ereport(LOG_MISCONFIG, "pool-init: param 'block-size' is not an integer");
+            return REQ_ABORTED;
+        }
+        if(value > INT_MAX) {
+            log_ereport(LOG_MISCONFIG, "pool-init: block-size is too big");
+            return REQ_ABORTED;
+        }
+        if(value < POOL_MIN_BLOCKSIZE) {
+            log_ereport(LOG_MISCONFIG, "pool-init: block-size is too small");
+            return REQ_ABORTED;
+        }
+        pool_config.block_size = value;
     }
 
     if (str_pool_disable && util_getboolean(str_pool_disable, PR_TRUE)) {