From b53ec8d7dca8eba189c45ae29e4d5ff03e5e5556 Mon Sep 17 00:00:00 2001

From: Evgeny Vereshchagin <evvers@ya.ru>

Date: Fri, 27 Nov 2015 08:54:42 +0000

Subject: [PATCH] core: fix rlimit parsing

* refuse limits if soft > hard

* print an actual value instead of (null)

see https://github.com/systemd/systemd/pull/1994#issuecomment-159999123

Cherry-picked from: 0316f2aeebde7569d24a93ab788ac4bc1657b11b

Related: #1351415

---

 src/core/load-fragment.c  |  5 ++++-

 src/test/test-unit-file.c | 21 +++++++++++++++++++++

 2 files changed, 25 insertions(+), 1 deletion(-)

diff --git a/src/core/load-fragment.c b/src/core/load-fragment.c

index d307f1c743..2f6209e053 100644

--- a/src/core/load-fragment.c

+++ b/src/core/load-fragment.c

@@ -1160,6 +1160,7 @@ static int parse_rlimit_range(

                 struct rlimit **rl,

                 int (*rlim_parser)(const char *, rlim_t *)) {

+        const char *whole_value = value;

         rlim_t soft, hard;

         _cleanup_free_ char *sword = NULL, *hword = NULL;

         int nwords, r;

@@ -1175,9 +1176,11 @@ static int parse_rlimit_range(

         if (r == 0 && nwords == 2)

                 r = rlim_parser(hword, &hard);

         if (r < 0) {

-                log_syntax(unit, LOG_ERR, filename, line, r, "Failed to parse resource value, ignoring: %s", value);

+                log_syntax(unit, LOG_ERR, filename, line, r, "Failed to parse resource value, ignoring: %s", whole_value);

                 return 0;

         }

+        if (nwords == 2 && soft > hard)

+                return log_syntax(unit, LOG_WARNING, filename, line, 0, "Invalid resource value ("RLIM_FMT" > "RLIM_FMT"), ignoring: %s", soft, hard, whole_value);

         if (!*rl) {

                 *rl = new(struct rlimit, 1);

diff --git a/src/test/test-unit-file.c b/src/test/test-unit-file.c

index 931dfeda88..8acf071ff3 100644

--- a/src/test/test-unit-file.c

+++ b/src/test/test-unit-file.c

@@ -570,6 +570,27 @@ static void test_config_parse_rlimit(void) {

         assert_se(rl[RLIMIT_NOFILE]->rlim_cur == RLIM_INFINITY);

         assert_se(rl[RLIMIT_NOFILE]->rlim_cur == rl[RLIMIT_NOFILE]->rlim_max);

+        assert_se(config_parse_limit(NULL, "fake", 1, "section", 1, "LimitNOFILE", RLIMIT_NOFILE, "10:20:30", rl, NULL) >= 0);

+        assert_se(rl[RLIMIT_NOFILE]);

+        assert_se(rl[RLIMIT_NOFILE]->rlim_cur == 10);

+        assert_se(rl[RLIMIT_NOFILE]->rlim_max == 20);

+

+        /* Invalid values don't change rl */

+        assert_se(config_parse_limit(NULL, "fake", 1, "section", 1, "LimitNOFILE", RLIMIT_NOFILE, "wat:wat", rl, NULL) >= 0);

+        assert_se(rl[RLIMIT_NOFILE]);

+        assert_se(rl[RLIMIT_NOFILE]->rlim_cur == 10);

+        assert_se(rl[RLIMIT_NOFILE]->rlim_max == 20);

+

+        assert_se(config_parse_limit(NULL, "fake", 1, "section", 1, "LimitNOFILE", RLIMIT_NOFILE, "66:wat", rl, NULL) >= 0);

+        assert_se(rl[RLIMIT_NOFILE]);

+        assert_se(rl[RLIMIT_NOFILE]->rlim_cur == 10);

+        assert_se(rl[RLIMIT_NOFILE]->rlim_max == 20);

+

+        assert_se(config_parse_limit(NULL, "fake", 1, "section", 1, "LimitNOFILE", RLIMIT_NOFILE, "200:100", rl, NULL) >= 0);

+        assert_se(rl[RLIMIT_NOFILE]);

+        assert_se(rl[RLIMIT_NOFILE]->rlim_cur == 10);

+        assert_se(rl[RLIMIT_NOFILE]->rlim_max == 20);

+

         free(rl[RLIMIT_NOFILE]);

         assert_se(config_parse_sec_limit(NULL, "fake", 1, "section", 1, "LimitCPU", RLIMIT_CPU, "56", rl, NULL) >= 0);

         assert_se(rl[RLIMIT_CPU]);