diff --git a/api/secret.go b/api/secret.go index a3a288bf14..77e3ee9a9e 100644 --- a/api/secret.go +++ b/api/secret.go @@ -94,12 +94,7 @@ func (s *Secret) TokenRemainingUses() (int, error) { return -1, nil } - uses, err := parseutil.ParseInt(s.Data["num_uses"]) - if err != nil { - return 0, err - } - - return int(uses), nil + return parseutil.SafeParseInt(s.Data["num_uses"]) } // TokenPolicies returns the standardized list of policies for the given secret. diff --git a/builtin/logical/ssh/util.go b/builtin/logical/ssh/util.go index afc4997ecf..5658232763 100644 --- a/builtin/logical/ssh/util.go +++ b/builtin/logical/ssh/util.go @@ -222,18 +222,14 @@ func convertMapToStringValue(initial map[string]interface{}) map[string]string { } func convertMapToIntSlice(initial map[string]interface{}) (map[string][]int, error) { + var err error result := map[string][]int{} for key, value := range initial { - sliced, err := parseutil.ParseIntSlice(value) + result[key], err = parseutil.SafeParseIntSlice(value, 0 /* no upper bound on number of keys lengths per key type */) if err != nil { return nil, err } - - result[key] = make([]int, 0, len(sliced)) - for _, value := range sliced { - result[key] = append(result[key], int(value)) - } } return result, nil diff --git a/command/base_flags.go b/command/base_flags.go index aad34b43a9..5ec0af3cbe 100644 --- a/command/base_flags.go +++ b/command/base_flags.go @@ -11,6 +11,7 @@ import ( "strings" "time" + "github.com/hashicorp/go-secure-stdlib/parseutil" "github.com/posener/complete" ) @@ -208,8 +209,8 @@ type IntVar struct { func (f *FlagSet) IntVar(i *IntVar) { initial := i.Default if v, exist := os.LookupEnv(i.EnvVar); exist { - if i, err := strconv.ParseInt(v, 0, 64); err == nil { - initial = int(i) + if i, err := parseutil.SafeParseInt(v); err == nil { + initial = i } } @@ -243,7 +244,7 @@ func newIntValue(def int, target *int, hidden bool) *intValue { } func (i *intValue) Set(s string) error { - v, err := strconv.ParseInt(s, 0, 64) + v, err := parseutil.SafeParseInt(s) if err != nil { return err } diff --git a/command/server/config.go b/command/server/config.go index 8e97a659df..145672ea88 100644 --- a/command/server/config.go +++ b/command/server/config.go @@ -6,6 +6,7 @@ import ( "fmt" "io" "io/ioutil" + "math" "os" "path/filepath" "strconv" @@ -507,6 +508,9 @@ func ParseConfig(d, source string) (*Config, error) { if err != nil { return nil, err } + if pluginFilePermissions < math.MinInt || pluginFilePermissions > math.MaxInt { + return nil, fmt.Errorf("file permission value %v cannot be safely cast to int: exceeds bounds (%v, %v)", pluginFilePermissions, math.MinInt, math.MaxInt) + } result.PluginFilePermissions = int(pluginFilePermissions) } diff --git a/go.mod b/go.mod index f1df2ac776..073c6ae239 100644 --- a/go.mod +++ b/go.mod @@ -75,7 +75,7 @@ require ( github.com/hashicorp/go-secure-stdlib/gatedwriter v0.1.1 github.com/hashicorp/go-secure-stdlib/kv-builder v0.1.2 github.com/hashicorp/go-secure-stdlib/mlock v0.1.2 - github.com/hashicorp/go-secure-stdlib/parseutil v0.1.4 + github.com/hashicorp/go-secure-stdlib/parseutil v0.1.5 github.com/hashicorp/go-secure-stdlib/password v0.1.1 github.com/hashicorp/go-secure-stdlib/reloadutil v0.1.1 github.com/hashicorp/go-secure-stdlib/strutil v0.1.2 @@ -139,7 +139,7 @@ require ( github.com/mitchellh/go-testing-interface v1.14.1 github.com/mitchellh/go-wordwrap v1.0.0 github.com/mitchellh/gox v1.0.1 - github.com/mitchellh/mapstructure v1.4.3 + github.com/mitchellh/mapstructure v1.5.0 github.com/mitchellh/reflectwalk v1.0.2 github.com/natefinch/atomic v0.0.0-20150920032501-a62ce929ffcc github.com/ncw/swift v1.0.47 diff --git a/go.sum b/go.sum index 234326cd63..fe1bd91b19 100644 --- a/go.sum +++ b/go.sum @@ -885,8 +885,9 @@ github.com/hashicorp/go-secure-stdlib/mlock v0.1.2 h1:p4AKXPPS24tO8Wc8i1gLvSKdmk github.com/hashicorp/go-secure-stdlib/mlock v0.1.2/go.mod h1:zq93CJChV6L9QTfGKtfBxKqD7BqqXx5O04A/ns2p5+I= github.com/hashicorp/go-secure-stdlib/parseutil v0.1.1/go.mod h1:QmrqtbKuxxSWTN3ETMPuB+VtEiBJ/A9XhoYGv8E1uD8= github.com/hashicorp/go-secure-stdlib/parseutil v0.1.2/go.mod h1:QmrqtbKuxxSWTN3ETMPuB+VtEiBJ/A9XhoYGv8E1uD8= -github.com/hashicorp/go-secure-stdlib/parseutil v0.1.4 h1:hrIH/qrOTHfG9a1Jz6Z2jQf7Xe77AaD464W1fCFLwPQ= github.com/hashicorp/go-secure-stdlib/parseutil v0.1.4/go.mod h1:QmrqtbKuxxSWTN3ETMPuB+VtEiBJ/A9XhoYGv8E1uD8= +github.com/hashicorp/go-secure-stdlib/parseutil v0.1.5 h1:MBgwAFPUbfuI0+tmDU/aeM1MARvdbqWmiieXIalKqDE= +github.com/hashicorp/go-secure-stdlib/parseutil v0.1.5/go.mod h1:QmrqtbKuxxSWTN3ETMPuB+VtEiBJ/A9XhoYGv8E1uD8= github.com/hashicorp/go-secure-stdlib/password v0.1.1 h1:6JzmBqXprakgFEHwBgdchsjaA9x3GyjdI568bXKxa60= github.com/hashicorp/go-secure-stdlib/password v0.1.1/go.mod h1:9hH302QllNwu1o2TGYtSk8I8kTAN0ca1EHpwhm5Mmzo= github.com/hashicorp/go-secure-stdlib/reloadutil v0.1.1 h1:SMGUnbpAcat8rIKHkBPjfv81yC46a8eCNZ2hsR2l1EI= @@ -1205,8 +1206,9 @@ github.com/mitchellh/mapstructure v0.0.0-20160808181253-ca63d7c062ee/go.mod h1:F github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y= github.com/mitchellh/mapstructure v1.4.1/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= github.com/mitchellh/mapstructure v1.4.2/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= -github.com/mitchellh/mapstructure v1.4.3 h1:OVowDSCllw/YjdLkam3/sm7wEtOy59d8ndGgCcyj8cs= github.com/mitchellh/mapstructure v1.4.3/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= +github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyuac5Z2hdY= +github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= github.com/mitchellh/osext v0.0.0-20151018003038-5e2d6d41470f/go.mod h1:OkQIRizQZAeMln+1tSwduZz7+Af5oFlKirV/MSYes2A= github.com/mitchellh/pointerstructure v1.2.0 h1:O+i9nHnXS3l/9Wu7r4NrEdwA2VFTicjUEN1uBnDo34A= github.com/mitchellh/pointerstructure v1.2.0/go.mod h1:BRAsLI5zgXmw97Lf6s25bs8ohIXc3tViBH44KcwB2g4=