1. 12 Feb, 2019 10 commits
    • Thomas Haller's avatar
    • Thomas Haller's avatar
      737ab514
    • Thomas Haller's avatar
      shared: add nm_strerror_native() to replace strerror() and g_strerror() · e1ca3bf7
      Thomas Haller authored
      We have various options for strerror(), with ups and downsides:
      
      - strerror()
      
          - returns pointer that is overwritten on next call. It's convenient
            to use, but dangerous.
      
          - not thread-safe.
      
          - not guaranteed to be UTF-8.
      
      - strerror_r()
      
          - takes input buffer and is less convenient to use. At least, we
            are in control of when the buffer gets overwritten.
      
          - there is a Posix/XSI and a glibc variant, making it sligthly
            inconvenient to used. This could be solved by a wrapper we implement.
      
          - thread-safe.
      
          - not guaranteed to be UTF-8.
      
      - g_strerror()
      
          - convenient and safe to use. Also the buffer is never released for the
            remainder of the program.
      
          - passing untrusted error numbers to g_strerror() can result in a
            denial of service, as the internal buffer grows until out-of-memory.
      
          - thread-safe.
      
          - guaranteed to be UTF-8 (depending on locale).
      
      Add our own wrapper nm_strerror_native(). It is:
      
          - convenient to use (returning a buffer that does not require
            management).
      
          - slightly dangerous as the buffer gets overwritten on the next call
            (like strerror()).
      
          - thread-safe.
      
          - guaranteed to be UTF-8 (depending on locale).
      
          - doesn't keep an unlimited cache of strings, unlike g_strerror().
      
      You can't have it all. g_strerror() is leaking all generated error messages.
      I think that is unacceptable, because it would mean we need to
      keep track where our error numbers come from (and trust libraries we
      use to only set a restricted set of known error numbers).
      e1ca3bf7
    • Thomas Haller's avatar
      all: assert that native errno numbers are positive · 4d9918aa
      Thomas Haller authored
      Use the NM_ERRNO_NATIVE() macro that asserts that these errno numbers are
      indeed positive. Using the macro also serves as a documentation of what
      the meaning of these numbers is.
      
      That is often not obvious, whether we have an nm_errno(), an nm_errno_native()
      (from <errno.h>), or another error number (e.g. WaitForNlResponseResult). This
      situation already improved by merging netlink error codes (nle),
      NMPlatformError enum and <errno.h> as nm_errno(). But we still must
      always be careful about not to mix error codes from different
      domains or transform them appropriately (like nm_errno_from_native()).
      4d9918aa
    • Thomas Haller's avatar
      shared: cleanup separation and transition between errno and nmerr numbers · 67130e67
      Thomas Haller authored
      The native error numbers (from <errno.h>) and our nmerr extention on top
      of them are almost the same. But there are peculiarities.
      
      Both errno and nmerr must be positive values. That is because some API
      (systemd) like to return negative error codes. So, a positive errno and
      its negative counter part indicate the same error. We need normalization
      functions that make an error number positive (these are nm_errno() and
      nm_errno_native()).
      
      This means, G_MININT needs special treatment, because it cannot be
      represented as a positive integer. Also, zero needs special
      treatment, because we want to encode an error, and zero already encodes
      no-error. Take care of these special cases.
      
      On top of that, nmerr reserves a range within native error numbers for
      NetworkManager specific failure codes. So we need to transition from native
      numbers to nmerr numbers via nm_errno_from_native().
      
      Take better care of some special cases and clean them up.
      
      Also add NM_ERRNO_NATIVE() macro. While nm_errno_native() coerces a
      value in the suitable range, NM_ERRNO_NATIVE() asserts that the number
      is already positive (and returns it as-is). It's use is only for
      asserting and implicitly documenting the requirements we have on the
      number passed to it.
      67130e67
    • Thomas Haller's avatar
      shared: fix nm_errno_from_native() for negative values · 89d3c524
      Thomas Haller authored
      We first need to map negative values to their positive form,
      and then do the check for the reserved range.
      
      Fixes: 18732c34
      89d3c524
    • Thomas Haller's avatar
      047998f8
    • Thomas Haller's avatar
      libnm,core: use _nm_utils_ascii_str_to_uint64() instead of strtol() · b7bb7449
      Thomas Haller authored
      Using strtol() correctly proves to be hard.
      
      Usually, we want to also check that the end pointer is points to the end
      of the string. Othewise, we silently accept trailing garbage.
      b7bb7449
    • Thomas Haller's avatar
      all: drop unnecessary includes of <errno.h> and <string.h> · a3370af3
      Thomas Haller authored
      "nm-macros-interal.h" already includes <errno.h> and <string.h>.
      No need to include it everywhere else too.
      a3370af3
    • Thomas Haller's avatar
      32a847a6
  2. 11 Feb, 2019 1 commit
  3. 10 Feb, 2019 1 commit
  4. 09 Feb, 2019 4 commits
  5. 08 Feb, 2019 24 commits