fdo-mirrors/NetworkManager
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/NetworkManager/NetworkManager.git synced 2026-05-06 04:28:29 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions
NetworkManager/shared/nm-glib-aux/nm-errno.c

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

170 lines
5.4 KiB
C
Raw Permalink Normal View History

all: update deprecated SPDX license identifiers These SPDX license identifiers are deprecated ([1]). Update them. [1] https://spdx.org/licenses/ sed \ -e '1 s%^/\* SPDX-License-Identifier: \(GPL-2.0\|LGPL-2.1\)+ \*/$%/* SPDX-License-Identifier: \1-or-later */%' \ -e '1,2 s%^\(--\|#\|//\) SPDX-License-Identifier: \(GPL-2.0\|LGPL-2.1\)+$%\1 SPDX-License-Identifier: \2-or-later%' \ -i \ $(git grep -l SPDX-License-Identifier -- \ ':(exclude)shared/c-*/' \ ':(exclude)shared/n-*/' \ ':(exclude)shared/systemd/src' \ ':(exclude)src/systemd/src')
2020-12-23 22:21:36 +01:00
/* SPDX-License-Identifier: LGPL-2.1-or-later */
all: manually drop code comments with file description
2019-09-25 13:13:40 +02:00
/*
all: unify format of our Copyright source code comments ```bash readarray -d '' FILES < <( git ls-files -z \ ':(exclude)po' \ ':(exclude)shared/c-rbtree' \ ':(exclude)shared/c-list' \ ':(exclude)shared/c-siphash' \ ':(exclude)shared/c-stdaux' \ ':(exclude)shared/n-acd' \ ':(exclude)shared/n-dhcp4' \ ':(exclude)src/systemd/src' \ ':(exclude)shared/systemd/src' \ ':(exclude)m4' \ ':(exclude)COPYING*' ) sed \ -e 's/^\(--\|#\| \*\) *\(([cC]) *\)\?Copyright \+\(\(([cC])\) \+\)\?\(\(20\|19\)[0-9][0-9]\) *[-–] *\(\(20\|19\)[0-9][0-9]\) \+\([^ ].*\)$/\1 C1pyright#\5 - \7#\9/' \ -e 's/^\(--\|#\| \*\) *\(([cC]) *\)\?Copyright \+\(\(([cC])\) \+\)\?\(\(20\|19\)[0-9][0-9]\) *[,] *\(\(20\|19\)[0-9][0-9]\) \+\([^ ].*\)$/\1 C2pyright#\5, \7#\9/' \ -e 's/^\(--\|#\| \*\) *\(([cC]) *\)\?Copyright \+\(\(([cC])\) \+\)\?\(\(20\|19\)[0-9][0-9]\) \+\([^ ].*\)$/\1 C3pyright#\5#\7/' \ -e 's/^Copyright \(\(20\|19\)[0-9][0-9]\) \+\([^ ].*\)$/C4pyright#\1#\3/' \ -i \ "${FILES[@]}" echo ">>> untouched Copyright lines" git grep Copyright "${FILES[@]}" echo ">>> Copyright lines with unusual extra" git grep '\<C[0-9]pyright#' "${FILES[@]}" | grep -i reserved sed \ -e 's/\<C[0-9]pyright#\([^#]*\)#\(.*\)$/Copyright (C) \1 \2/' \ -i \ "${FILES[@]}" ``` https://gitlab.freedesktop.org/NetworkManager/NetworkManager/merge_requests/298
2019-10-01 09:20:35 +02:00
* Copyright (C) 2018 Red Hat, Inc.
shared,core: add "nm-errno.h" This will be our extension on top of <errno.h>. We want to use (integer) error numbers, that can both contain native errors from <errno.h> and our own defines, both merge in one domain. That is, we will reserve a small range of integers for our own defines (that hopefully won't clash with errors from <errno.h>). We can use this at places where GError is too cumbersome to use. The advantage is, that our error numbers extend <errno.h> and can be mixed. This is what "src/platform/nm-netlink.h" already does with nl_errno(). Next, the netlink errors from there will be merged into "nm-errno.h". Also, platform has NMPlatformError, which are a distinct set of error numbers. But these work differently in the sense that negative values represent codes from <errno.h> and positive numbers are our own platform specific defines. NMPlatformError will also be merged into "nm-errno.h". "nm-errno.h" will unify the error handling of platform and netlink, making it more similar to what we are used to from systemd, and give room to extend it for our own purpose.
2018-12-22 12:41:04 +01:00
*/
all: add "nm-glib-aux/nm-default-glib-i18n-lib.h" as replacement for "nm-default.h"
2021-02-04 08:48:06 +01:00
#include "nm-glib-aux/nm-default-glib-i18n-lib.h"
shared,core: add "nm-errno.h" This will be our extension on top of <errno.h>. We want to use (integer) error numbers, that can both contain native errors from <errno.h> and our own defines, both merge in one domain. That is, we will reserve a small range of integers for our own defines (that hopefully won't clash with errors from <errno.h>). We can use this at places where GError is too cumbersome to use. The advantage is, that our error numbers extend <errno.h> and can be mixed. This is what "src/platform/nm-netlink.h" already does with nl_errno(). Next, the netlink errors from there will be merged into "nm-errno.h". Also, platform has NMPlatformError, which are a distinct set of error numbers. But these work differently in the sense that negative values represent codes from <errno.h> and positive numbers are our own platform specific defines. NMPlatformError will also be merged into "nm-errno.h". "nm-errno.h" will unify the error handling of platform and netlink, making it more similar to what we are used to from systemd, and give room to extend it for our own purpose.
2018-12-22 12:41:04 +01:00
#include "nm-errno.h"
/*****************************************************************************/
core: move netlink errors to nm-errno.h No other changes (yet).
2018-12-22 12:45:01 +01:00
shared: drop _STATIC variant of macros that define functions Several macros are used to define function. They had a "_STATIC" variant, to define the function as static. I think those macros should not try to abstract entirely what they do. They should not accept the function scope as argument (or have two variants per scope). This also because it might make sense to add additional __attribute__(()) to the function. That only works, if the macro does not pretend to *not* define a plain function. Instead, embrace what the function does and let the users place the function scope as they see fit. This also follows what is already done with static NM_CACHED_QUARK_FCN ("autoconnect-root", autoconnect_root_quark)
2020-02-13 14:55:26 +01:00
static NM_UTILS_LOOKUP_STR_DEFINE(
_geterror,
shared: cleanup separation and transition between errno and nmerr numbers The native error numbers (from <errno.h>) and our nmerr extention on top of them are almost the same. But there are peculiarities. Both errno and nmerr must be positive values. That is because some API (systemd) like to return negative error codes. So, a positive errno and its negative counter part indicate the same error. We need normalization functions that make an error number positive (these are nm_errno() and nm_errno_native()). This means, G_MININT needs special treatment, because it cannot be represented as a positive integer. Also, zero needs special treatment, because we want to encode an error, and zero already encodes no-error. Take care of these special cases. On top of that, nmerr reserves a range within native error numbers for NetworkManager specific failure codes. So we need to transition from native numbers to nmerr numbers via nm_errno_from_native(). Take better care of some special cases and clean them up. Also add NM_ERRNO_NATIVE() macro. While nm_errno_native() coerces a value in the suitable range, NM_ERRNO_NATIVE() asserts that the number is already positive (and returns it as-is). It's use is only for asserting and implicitly documenting the requirements we have on the number passed to it.
2019-01-31 16:37:53 +01:00
#if 0
format: manually replace remaining tabs with spaces and reformat
2020-09-29 09:02:29 +02:00
enum _NMErrno,
shared: cleanup separation and transition between errno and nmerr numbers The native error numbers (from <errno.h>) and our nmerr extention on top of them are almost the same. But there are peculiarities. Both errno and nmerr must be positive values. That is because some API (systemd) like to return negative error codes. So, a positive errno and its negative counter part indicate the same error. We need normalization functions that make an error number positive (these are nm_errno() and nm_errno_native()). This means, G_MININT needs special treatment, because it cannot be represented as a positive integer. Also, zero needs special treatment, because we want to encode an error, and zero already encodes no-error. Take care of these special cases. On top of that, nmerr reserves a range within native error numbers for NetworkManager specific failure codes. So we need to transition from native numbers to nmerr numbers via nm_errno_from_native(). Take better care of some special cases and clean them up. Also add NM_ERRNO_NATIVE() macro. While nm_errno_native() coerces a value in the suitable range, NM_ERRNO_NATIVE() asserts that the number is already positive (and returns it as-is). It's use is only for asserting and implicitly documenting the requirements we have on the number passed to it.
2019-01-31 16:37:53 +01:00
#else
int,
#endif
core: move netlink errors to nm-errno.h No other changes (yet).
2018-12-22 12:45:01 +01:00
NM_UTILS_LOOKUP_DEFAULT(NULL),
all: reformat all with new clang-format style Run: ./contrib/scripts/nm-code-format.sh -i ./contrib/scripts/nm-code-format.sh -i Yes, it needs to run twice because the first run doesn't yet produce the final result. Signed-off-by: Antonio Cardace <acardace@redhat.com>
2020-09-28 16:03:33 +02:00
shared: cleanup separation and transition between errno and nmerr numbers The native error numbers (from <errno.h>) and our nmerr extention on top of them are almost the same. But there are peculiarities. Both errno and nmerr must be positive values. That is because some API (systemd) like to return negative error codes. So, a positive errno and its negative counter part indicate the same error. We need normalization functions that make an error number positive (these are nm_errno() and nm_errno_native()). This means, G_MININT needs special treatment, because it cannot be represented as a positive integer. Also, zero needs special treatment, because we want to encode an error, and zero already encodes no-error. Take care of these special cases. On top of that, nmerr reserves a range within native error numbers for NetworkManager specific failure codes. So we need to transition from native numbers to nmerr numbers via nm_errno_from_native(). Take better care of some special cases and clean them up. Also add NM_ERRNO_NATIVE() macro. While nm_errno_native() coerces a value in the suitable range, NM_ERRNO_NATIVE() asserts that the number is already positive (and returns it as-is). It's use is only for asserting and implicitly documenting the requirements we have on the number passed to it.
2019-01-31 16:37:53 +01:00
NM_UTILS_LOOKUP_STR_ITEM(NME_ERRNO_SUCCESS, "NME_ERRNO_SUCCESS"),
NM_UTILS_LOOKUP_STR_ITEM(NME_ERRNO_OUT_OF_RANGE, "NME_ERRNO_OUT_OF_RANGE"),
all: reformat all with new clang-format style Run: ./contrib/scripts/nm-code-format.sh -i ./contrib/scripts/nm-code-format.sh -i Yes, it needs to run twice because the first run doesn't yet produce the final result. Signed-off-by: Antonio Cardace <acardace@redhat.com>
2020-09-28 16:03:33 +02:00
shared: cleanup separation and transition between errno and nmerr numbers The native error numbers (from <errno.h>) and our nmerr extention on top of them are almost the same. But there are peculiarities. Both errno and nmerr must be positive values. That is because some API (systemd) like to return negative error codes. So, a positive errno and its negative counter part indicate the same error. We need normalization functions that make an error number positive (these are nm_errno() and nm_errno_native()). This means, G_MININT needs special treatment, because it cannot be represented as a positive integer. Also, zero needs special treatment, because we want to encode an error, and zero already encodes no-error. Take care of these special cases. On top of that, nmerr reserves a range within native error numbers for NetworkManager specific failure codes. So we need to transition from native numbers to nmerr numbers via nm_errno_from_native(). Take better care of some special cases and clean them up. Also add NM_ERRNO_NATIVE() macro. While nm_errno_native() coerces a value in the suitable range, NM_ERRNO_NATIVE() asserts that the number is already positive (and returns it as-is). It's use is only for asserting and implicitly documenting the requirements we have on the number passed to it.
2019-01-31 16:37:53 +01:00
NM_UTILS_LOOKUP_STR_ITEM(NME_UNSPEC, "NME_UNSPEC"),
NM_UTILS_LOOKUP_STR_ITEM(NME_BUG, "NME_BUG"),
NM_UTILS_LOOKUP_STR_ITEM(NME_NATIVE_ERRNO, "NME_NATIVE_ERRNO"),
all: reformat all with new clang-format style Run: ./contrib/scripts/nm-code-format.sh -i ./contrib/scripts/nm-code-format.sh -i Yes, it needs to run twice because the first run doesn't yet produce the final result. Signed-off-by: Antonio Cardace <acardace@redhat.com>
2020-09-28 16:03:33 +02:00
shared: cleanup separation and transition between errno and nmerr numbers The native error numbers (from <errno.h>) and our nmerr extention on top of them are almost the same. But there are peculiarities. Both errno and nmerr must be positive values. That is because some API (systemd) like to return negative error codes. So, a positive errno and its negative counter part indicate the same error. We need normalization functions that make an error number positive (these are nm_errno() and nm_errno_native()). This means, G_MININT needs special treatment, because it cannot be represented as a positive integer. Also, zero needs special treatment, because we want to encode an error, and zero already encodes no-error. Take care of these special cases. On top of that, nmerr reserves a range within native error numbers for NetworkManager specific failure codes. So we need to transition from native numbers to nmerr numbers via nm_errno_from_native(). Take better care of some special cases and clean them up. Also add NM_ERRNO_NATIVE() macro. While nm_errno_native() coerces a value in the suitable range, NM_ERRNO_NATIVE() asserts that the number is already positive (and returns it as-is). It's use is only for asserting and implicitly documenting the requirements we have on the number passed to it.
2019-01-31 16:37:53 +01:00
NM_UTILS_LOOKUP_STR_ITEM(NME_NL_ATTRSIZE, "NME_NL_ATTRSIZE"),
NM_UTILS_LOOKUP_STR_ITEM(NME_NL_BAD_SOCK, "NME_NL_BAD_SOCK"),
NM_UTILS_LOOKUP_STR_ITEM(NME_NL_DUMP_INTR, "NME_NL_DUMP_INTR"),
NM_UTILS_LOOKUP_STR_ITEM(NME_NL_MSG_OVERFLOW, "NME_NL_MSG_OVERFLOW"),
NM_UTILS_LOOKUP_STR_ITEM(NME_NL_MSG_TOOSHORT, "NME_NL_MSG_TOOSHORT"),
NM_UTILS_LOOKUP_STR_ITEM(NME_NL_MSG_TRUNC, "NME_NL_MSG_TRUNC"),
NM_UTILS_LOOKUP_STR_ITEM(NME_NL_SEQ_MISMATCH, "NME_NL_SEQ_MISMATCH"),
NM_UTILS_LOOKUP_STR_ITEM(NME_NL_NOADDR, "NME_NL_NOADDR"),
all: reformat all with new clang-format style Run: ./contrib/scripts/nm-code-format.sh -i ./contrib/scripts/nm-code-format.sh -i Yes, it needs to run twice because the first run doesn't yet produce the final result. Signed-off-by: Antonio Cardace <acardace@redhat.com>
2020-09-28 16:03:33 +02:00
shared: cleanup separation and transition between errno and nmerr numbers The native error numbers (from <errno.h>) and our nmerr extention on top of them are almost the same. But there are peculiarities. Both errno and nmerr must be positive values. That is because some API (systemd) like to return negative error codes. So, a positive errno and its negative counter part indicate the same error. We need normalization functions that make an error number positive (these are nm_errno() and nm_errno_native()). This means, G_MININT needs special treatment, because it cannot be represented as a positive integer. Also, zero needs special treatment, because we want to encode an error, and zero already encodes no-error. Take care of these special cases. On top of that, nmerr reserves a range within native error numbers for NetworkManager specific failure codes. So we need to transition from native numbers to nmerr numbers via nm_errno_from_native(). Take better care of some special cases and clean them up. Also add NM_ERRNO_NATIVE() macro. While nm_errno_native() coerces a value in the suitable range, NM_ERRNO_NATIVE() asserts that the number is already positive (and returns it as-is). It's use is only for asserting and implicitly documenting the requirements we have on the number passed to it.
2019-01-31 16:37:53 +01:00
NM_UTILS_LOOKUP_STR_ITEM(NME_PL_NOT_FOUND, "not-found"),
NM_UTILS_LOOKUP_STR_ITEM(NME_PL_EXISTS, "exists"),
NM_UTILS_LOOKUP_STR_ITEM(NME_PL_WRONG_TYPE, "wrong-type"),
NM_UTILS_LOOKUP_STR_ITEM(NME_PL_NOT_SLAVE, "not-slave"),
NM_UTILS_LOOKUP_STR_ITEM(NME_PL_NO_FIRMWARE, "no-firmware"),
NM_UTILS_LOOKUP_STR_ITEM(NME_PL_OPNOTSUPP, "not-supported"),
NM_UTILS_LOOKUP_STR_ITEM(NME_PL_NETLINK, "netlink"),
NM_UTILS_LOOKUP_STR_ITEM(NME_PL_CANT_SET_MTU, "cant-set-mtu"),
all: reformat all with new clang-format style Run: ./contrib/scripts/nm-code-format.sh -i ./contrib/scripts/nm-code-format.sh -i Yes, it needs to run twice because the first run doesn't yet produce the final result. Signed-off-by: Antonio Cardace <acardace@redhat.com>
2020-09-28 16:03:33 +02:00
shared: cleanup separation and transition between errno and nmerr numbers The native error numbers (from <errno.h>) and our nmerr extention on top of them are almost the same. But there are peculiarities. Both errno and nmerr must be positive values. That is because some API (systemd) like to return negative error codes. So, a positive errno and its negative counter part indicate the same error. We need normalization functions that make an error number positive (these are nm_errno() and nm_errno_native()). This means, G_MININT needs special treatment, because it cannot be represented as a positive integer. Also, zero needs special treatment, because we want to encode an error, and zero already encodes no-error. Take care of these special cases. On top of that, nmerr reserves a range within native error numbers for NetworkManager specific failure codes. So we need to transition from native numbers to nmerr numbers via nm_errno_from_native(). Take better care of some special cases and clean them up. Also add NM_ERRNO_NATIVE() macro. While nm_errno_native() coerces a value in the suitable range, NM_ERRNO_NATIVE() asserts that the number is already positive (and returns it as-is). It's use is only for asserting and implicitly documenting the requirements we have on the number passed to it.
2019-01-31 16:37:53 +01:00
NM_UTILS_LOOKUP_ITEM_IGNORE(_NM_ERRNO_MININT),
NM_UTILS_LOOKUP_ITEM_IGNORE(_NM_ERRNO_RESERVED_LAST_PLUS_1), );
core: move netlink errors to nm-errno.h No other changes (yet).
2018-12-22 12:45:01 +01:00
shared: add nm_strerror_native() to replace strerror() and g_strerror() We have various options for strerror(), with ups and downsides: - strerror() - returns pointer that is overwritten on next call. It's convenient to use, but dangerous. - not thread-safe. - not guaranteed to be UTF-8. - strerror_r() - takes input buffer and is less convenient to use. At least, we are in control of when the buffer gets overwritten. - there is a Posix/XSI and a glibc variant, making it sligthly inconvenient to used. This could be solved by a wrapper we implement. - thread-safe. - not guaranteed to be UTF-8. - g_strerror() - convenient and safe to use. Also the buffer is never released for the remainder of the program. - passing untrusted error numbers to g_strerror() can result in a denial of service, as the internal buffer grows until out-of-memory. - thread-safe. - guaranteed to be UTF-8 (depending on locale). Add our own wrapper nm_strerror_native(). It is: - convenient to use (returning a buffer that does not require management). - slightly dangerous as the buffer gets overwritten on the next call (like strerror()). - thread-safe. - guaranteed to be UTF-8 (depending on locale). - doesn't keep an unlimited cache of strings, unlike g_strerror(). You can't have it all. g_strerror() is leaking all generated error messages. I think that is unacceptable, because it would mean we need to keep track where our error numbers come from (and trust libraries we use to only set a restricted set of known error numbers).
2019-01-31 13:17:26 +01:00
/**
* nm_strerror():
* @nmerr: the NetworkManager specific errno to be converted
* to string.
*
* NetworkManager specific error numbers reserve a range in "errno.h" with
* our own defines. For numbers that don't fall into this range, the numbers
* are identical to the common error numbers.
*
all: fix minor typos https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/565
2020-07-04 11:37:01 +03:00
* Identical to strerror(), g_strerror(), nm_strerror_native() for error numbers
shared: add nm_strerror_native() to replace strerror() and g_strerror() We have various options for strerror(), with ups and downsides: - strerror() - returns pointer that is overwritten on next call. It's convenient to use, but dangerous. - not thread-safe. - not guaranteed to be UTF-8. - strerror_r() - takes input buffer and is less convenient to use. At least, we are in control of when the buffer gets overwritten. - there is a Posix/XSI and a glibc variant, making it sligthly inconvenient to used. This could be solved by a wrapper we implement. - thread-safe. - not guaranteed to be UTF-8. - g_strerror() - convenient and safe to use. Also the buffer is never released for the remainder of the program. - passing untrusted error numbers to g_strerror() can result in a denial of service, as the internal buffer grows until out-of-memory. - thread-safe. - guaranteed to be UTF-8 (depending on locale). Add our own wrapper nm_strerror_native(). It is: - convenient to use (returning a buffer that does not require management). - slightly dangerous as the buffer gets overwritten on the next call (like strerror()). - thread-safe. - guaranteed to be UTF-8 (depending on locale). - doesn't keep an unlimited cache of strings, unlike g_strerror(). You can't have it all. g_strerror() is leaking all generated error messages. I think that is unacceptable, because it would mean we need to keep track where our error numbers come from (and trust libraries we use to only set a restricted set of known error numbers).
2019-01-31 13:17:26 +01:00
* that are not in the reserved range of NetworkManager specific errors.
*
* Returns: (transfer none): the string representation of the error number.
*/
core: move netlink errors to nm-errno.h No other changes (yet).
2018-12-22 12:45:01 +01:00
const char *
trivial: rename nl-errno to nm-errno
2018-12-22 13:35:57 +01:00
nm_strerror(int nmerr)
core: move netlink errors to nm-errno.h No other changes (yet).
2018-12-22 12:45:01 +01:00
{
const char *s;
shared: declare error numbers as enum and minor cleanup
2018-12-22 12:57:30 +01:00
nmerr = nm_errno(nmerr);
core: move netlink errors to nm-errno.h No other changes (yet).
2018-12-22 12:45:01 +01:00
shared: declare error numbers as enum and minor cleanup
2018-12-22 12:57:30 +01:00
if (nmerr >= _NM_ERRNO_RESERVED_FIRST) {
trivial: rename nl-errno to nm-errno
2018-12-22 13:35:57 +01:00
s = _geterror(nmerr);
core: move netlink errors to nm-errno.h No other changes (yet).
2018-12-22 12:45:01 +01:00
if (s)
return s;
}
shared: add nm_strerror_native() to replace strerror() and g_strerror() We have various options for strerror(), with ups and downsides: - strerror() - returns pointer that is overwritten on next call. It's convenient to use, but dangerous. - not thread-safe. - not guaranteed to be UTF-8. - strerror_r() - takes input buffer and is less convenient to use. At least, we are in control of when the buffer gets overwritten. - there is a Posix/XSI and a glibc variant, making it sligthly inconvenient to used. This could be solved by a wrapper we implement. - thread-safe. - not guaranteed to be UTF-8. - g_strerror() - convenient and safe to use. Also the buffer is never released for the remainder of the program. - passing untrusted error numbers to g_strerror() can result in a denial of service, as the internal buffer grows until out-of-memory. - thread-safe. - guaranteed to be UTF-8 (depending on locale). Add our own wrapper nm_strerror_native(). It is: - convenient to use (returning a buffer that does not require management). - slightly dangerous as the buffer gets overwritten on the next call (like strerror()). - thread-safe. - guaranteed to be UTF-8 (depending on locale). - doesn't keep an unlimited cache of strings, unlike g_strerror(). You can't have it all. g_strerror() is leaking all generated error messages. I think that is unacceptable, because it would mean we need to keep track where our error numbers come from (and trust libraries we use to only set a restricted set of known error numbers).
2019-01-31 13:17:26 +01:00
return nm_strerror_native(nmerr);
}
/*****************************************************************************/
/**
* nm_strerror_native_r:
* @errsv: the errno to convert to string.
* @buf: the output buffer where to write the string to.
* @buf_size: the length of buffer.
*
* This is like strerror_r(), with one difference: depending on the
* locale, the returned string is guaranteed to be valid UTF-8.
* Also, there is some confusion as to whether to use glibc's
* strerror_r() or the POXIX/XSI variant. This is abstracted
* by the function.
*
* Note that the returned buffer may also be a statically allocated
* buffer, and not the input buffer @buf. Consequently, the returned
* string may be longer than @buf_size.
*
* Returns: (transfer none): a NUL terminated error message. This is either a static
all: fix minor typos https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/565
2020-07-04 11:37:01 +03:00
* string (that is never freed), or the provided @buf argument.
shared: add nm_strerror_native() to replace strerror() and g_strerror() We have various options for strerror(), with ups and downsides: - strerror() - returns pointer that is overwritten on next call. It's convenient to use, but dangerous. - not thread-safe. - not guaranteed to be UTF-8. - strerror_r() - takes input buffer and is less convenient to use. At least, we are in control of when the buffer gets overwritten. - there is a Posix/XSI and a glibc variant, making it sligthly inconvenient to used. This could be solved by a wrapper we implement. - thread-safe. - not guaranteed to be UTF-8. - g_strerror() - convenient and safe to use. Also the buffer is never released for the remainder of the program. - passing untrusted error numbers to g_strerror() can result in a denial of service, as the internal buffer grows until out-of-memory. - thread-safe. - guaranteed to be UTF-8 (depending on locale). Add our own wrapper nm_strerror_native(). It is: - convenient to use (returning a buffer that does not require management). - slightly dangerous as the buffer gets overwritten on the next call (like strerror()). - thread-safe. - guaranteed to be UTF-8 (depending on locale). - doesn't keep an unlimited cache of strings, unlike g_strerror(). You can't have it all. g_strerror() is leaking all generated error messages. I think that is unacceptable, because it would mean we need to keep track where our error numbers come from (and trust libraries we use to only set a restricted set of known error numbers).
2019-01-31 13:17:26 +01:00
*/
const char *
nm_strerror_native_r(int errsv, char *buf, gsize buf_size)
{
char *buf2;
all: reformat all with new clang-format style Run: ./contrib/scripts/nm-code-format.sh -i ./contrib/scripts/nm-code-format.sh -i Yes, it needs to run twice because the first run doesn't yet produce the final result. Signed-off-by: Antonio Cardace <acardace@redhat.com>
2020-09-28 16:03:33 +02:00
shared: add nm_strerror_native() to replace strerror() and g_strerror() We have various options for strerror(), with ups and downsides: - strerror() - returns pointer that is overwritten on next call. It's convenient to use, but dangerous. - not thread-safe. - not guaranteed to be UTF-8. - strerror_r() - takes input buffer and is less convenient to use. At least, we are in control of when the buffer gets overwritten. - there is a Posix/XSI and a glibc variant, making it sligthly inconvenient to used. This could be solved by a wrapper we implement. - thread-safe. - not guaranteed to be UTF-8. - g_strerror() - convenient and safe to use. Also the buffer is never released for the remainder of the program. - passing untrusted error numbers to g_strerror() can result in a denial of service, as the internal buffer grows until out-of-memory. - thread-safe. - guaranteed to be UTF-8 (depending on locale). Add our own wrapper nm_strerror_native(). It is: - convenient to use (returning a buffer that does not require management). - slightly dangerous as the buffer gets overwritten on the next call (like strerror()). - thread-safe. - guaranteed to be UTF-8 (depending on locale). - doesn't keep an unlimited cache of strings, unlike g_strerror(). You can't have it all. g_strerror() is leaking all generated error messages. I think that is unacceptable, because it would mean we need to keep track where our error numbers come from (and trust libraries we use to only set a restricted set of known error numbers).
2019-01-31 13:17:26 +01:00
nm_assert(buf);
nm_assert(buf_size > 0);
all: reformat all with new clang-format style Run: ./contrib/scripts/nm-code-format.sh -i ./contrib/scripts/nm-code-format.sh -i Yes, it needs to run twice because the first run doesn't yet produce the final result. Signed-off-by: Antonio Cardace <acardace@redhat.com>
2020-09-28 16:03:33 +02:00
shared: fix _POSIX_C_SOURCE not being defined for nm-errno.c This is the case with musl. Based-on-patch-by: Rasmus Thomsen <oss@cogitri.dev>
2020-12-10 20:07:53 +01:00
#if (!defined(__GLIBC__) && !defined(__UCLIBC__)) || ((_POSIX_C_SOURCE >= 200112L) && !_GNU_SOURCE)
shared: add nm_strerror_native() to replace strerror() and g_strerror() We have various options for strerror(), with ups and downsides: - strerror() - returns pointer that is overwritten on next call. It's convenient to use, but dangerous. - not thread-safe. - not guaranteed to be UTF-8. - strerror_r() - takes input buffer and is less convenient to use. At least, we are in control of when the buffer gets overwritten. - there is a Posix/XSI and a glibc variant, making it sligthly inconvenient to used. This could be solved by a wrapper we implement. - thread-safe. - not guaranteed to be UTF-8. - g_strerror() - convenient and safe to use. Also the buffer is never released for the remainder of the program. - passing untrusted error numbers to g_strerror() can result in a denial of service, as the internal buffer grows until out-of-memory. - thread-safe. - guaranteed to be UTF-8 (depending on locale). Add our own wrapper nm_strerror_native(). It is: - convenient to use (returning a buffer that does not require management). - slightly dangerous as the buffer gets overwritten on the next call (like strerror()). - thread-safe. - guaranteed to be UTF-8 (depending on locale). - doesn't keep an unlimited cache of strings, unlike g_strerror(). You can't have it all. g_strerror() is leaking all generated error messages. I think that is unacceptable, because it would mean we need to keep track where our error numbers come from (and trust libraries we use to only set a restricted set of known error numbers).
2019-01-31 13:17:26 +01:00
/* XSI-compliant */
{
int errno_saved = errno;
all: reformat all with new clang-format style Run: ./contrib/scripts/nm-code-format.sh -i ./contrib/scripts/nm-code-format.sh -i Yes, it needs to run twice because the first run doesn't yet produce the final result. Signed-off-by: Antonio Cardace <acardace@redhat.com>
2020-09-28 16:03:33 +02:00
shared: add nm_strerror_native() to replace strerror() and g_strerror() We have various options for strerror(), with ups and downsides: - strerror() - returns pointer that is overwritten on next call. It's convenient to use, but dangerous. - not thread-safe. - not guaranteed to be UTF-8. - strerror_r() - takes input buffer and is less convenient to use. At least, we are in control of when the buffer gets overwritten. - there is a Posix/XSI and a glibc variant, making it sligthly inconvenient to used. This could be solved by a wrapper we implement. - thread-safe. - not guaranteed to be UTF-8. - g_strerror() - convenient and safe to use. Also the buffer is never released for the remainder of the program. - passing untrusted error numbers to g_strerror() can result in a denial of service, as the internal buffer grows until out-of-memory. - thread-safe. - guaranteed to be UTF-8 (depending on locale). Add our own wrapper nm_strerror_native(). It is: - convenient to use (returning a buffer that does not require management). - slightly dangerous as the buffer gets overwritten on the next call (like strerror()). - thread-safe. - guaranteed to be UTF-8 (depending on locale). - doesn't keep an unlimited cache of strings, unlike g_strerror(). You can't have it all. g_strerror() is leaking all generated error messages. I think that is unacceptable, because it would mean we need to keep track where our error numbers come from (and trust libraries we use to only set a restricted set of known error numbers).
2019-01-31 13:17:26 +01:00
if (strerror_r(errsv, buf, buf_size) != 0) {
g_snprintf(buf, buf_size, "Unspecified errno %d", errsv);
errno = errno_saved;
}
buf2 = buf;
}
#else
/* GNU-specific */
buf2 = strerror_r(errsv, buf, buf_size);
#endif
/* like g_strerror(), ensure that the error message is UTF-8. */
if (!g_get_charset(NULL) && !g_utf8_validate(buf2, -1, NULL)) {
gs_free char *msg = NULL;
msg = g_locale_to_utf8(buf2, -1, NULL, NULL, NULL);
if (msg) {
g_strlcpy(buf, msg, buf_size);
buf2 = buf;
}
}
return buf2;
}
/**
* nm_strerror_native:
* @errsv: the errno integer from <errno.h>
*
* Like strerror(), but strerror() is not thread-safe and not guaranteed
* to be UTF-8.
*
* g_strerror() is a thread-safe variant of strerror(), however it caches
* all returned strings in a dictionary. That means, using this on untrusted
* error numbers can result in this cache to grow without limits.
*
* Instead, return a tread-local buffer. This way, it's thread-safe.
*
* There is a downside to this: subsequent calls of nm_strerror_native()
* overwrite the error message.
*
* Returns: (transfer none): the text representation of the error number.
*/
const char *
nm_strerror_native(int errsv)
{
static _nm_thread_local char *buf_static = NULL;
char * buf;
buf = buf_static;
if (G_UNLIKELY(!buf)) {
buf = g_malloc(NM_STRERROR_BUFSIZE);
buf_static = buf;
glib-aux: fix releasing thread-local storage from nm_strerror_native() The previous implementation was just wrong. Fixes: e1ca3bf7ed40 ('shared: add nm_strerror_native() to replace strerror() and g_strerror()') (cherry picked from commit 5bc39d97834c5ba9d81e6f38e07f19eb4e9fd398) (cherry picked from commit 963c395cc2685bde456208726501d79b08d583ce)
2021-06-30 23:18:22 +02:00
nm_utils_thread_local_register_destroy(buf, g_free);
shared: add nm_strerror_native() to replace strerror() and g_strerror() We have various options for strerror(), with ups and downsides: - strerror() - returns pointer that is overwritten on next call. It's convenient to use, but dangerous. - not thread-safe. - not guaranteed to be UTF-8. - strerror_r() - takes input buffer and is less convenient to use. At least, we are in control of when the buffer gets overwritten. - there is a Posix/XSI and a glibc variant, making it sligthly inconvenient to used. This could be solved by a wrapper we implement. - thread-safe. - not guaranteed to be UTF-8. - g_strerror() - convenient and safe to use. Also the buffer is never released for the remainder of the program. - passing untrusted error numbers to g_strerror() can result in a denial of service, as the internal buffer grows until out-of-memory. - thread-safe. - guaranteed to be UTF-8 (depending on locale). Add our own wrapper nm_strerror_native(). It is: - convenient to use (returning a buffer that does not require management). - slightly dangerous as the buffer gets overwritten on the next call (like strerror()). - thread-safe. - guaranteed to be UTF-8 (depending on locale). - doesn't keep an unlimited cache of strings, unlike g_strerror(). You can't have it all. g_strerror() is leaking all generated error messages. I think that is unacceptable, because it would mean we need to keep track where our error numbers come from (and trust libraries we use to only set a restricted set of known error numbers).
2019-01-31 13:17:26 +01:00
}
return nm_strerror_native_r(errsv, buf, NM_STRERROR_BUFSIZE);
core: move netlink errors to nm-errno.h No other changes (yet).
2018-12-22 12:45:01 +01:00
}
Reference in a new issue Copy permalink