From 9448830a6aaba79cfd7cae9318f11e2cab94de48 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Tue, 30 Jun 2026 13:42:21 +0200 Subject: [PATCH 1/2] user: parseLine, parseParts: add error-return Return an error when failing to parse numeric values instead of silently discarding them. Co-authored-by: Mickael Emirkanian Signed-off-by: Sebastiaan van Stijn --- user/user.go | 45 ++++++++++++++++++++++++++++++++++----------- user/user_test.go | 40 ++++++++++++++++++++++++++++++++-------- 2 files changed, 66 insertions(+), 19 deletions(-) diff --git a/user/user.go b/user/user.go index 1fd9a08..bdd42fd 100644 --- a/user/user.go +++ b/user/user.go @@ -56,13 +56,13 @@ type IDMap struct { Count int64 } -func parseLine(line []byte, v ...any) { - parseParts(bytes.Split(line, []byte(":")), v...) +func parseLine(line []byte, v ...any) error { + return parseParts(bytes.Split(line, []byte(":")), v...) } -func parseParts(parts [][]byte, v ...any) { +func parseParts(parts [][]byte, v ...any) error { if len(parts) == 0 { - return + return nil } for i, p := range parts { @@ -78,10 +78,24 @@ func parseParts(parts [][]byte, v ...any) { case *string: *e = string(p) case *int: - // "numbers", with conversion errors ignored because of some misbehaving configuration files. - *e, _ = strconv.Atoi(string(p)) + if len(p) != 0 { + n, ok, err := parseNumeric(string(p)) + if err != nil { + return fmt.Errorf("parsing integer field %d: %w", i, err) + } + if !ok { + return fmt.Errorf("parsing integer field %d: %q is not numeric", i, p) + } + *e = n + } case *int64: - *e, _ = strconv.ParseInt(string(p), 10, 64) + if len(p) != 0 { + n, err := strconv.ParseInt(string(p), 10, 64) + if err != nil { + return fmt.Errorf("parsing integer field %d: %w", i, err) + } + *e = n + } case *[]string: // Comma-separated lists. if len(p) != 0 { @@ -94,6 +108,7 @@ func parseParts(parts [][]byte, v ...any) { panic(fmt.Sprintf("parseLine only accepts {*string, *int, *int64, *[]string} as arguments! %#v is not a pointer!", e)) } } + return nil } func ParsePasswdFile(path string) ([]User, error) { @@ -135,7 +150,9 @@ func ParsePasswdFilter(r io.Reader, filter func(User) bool) ([]User, error) { // root:x:0:0:root:/root:/bin/bash // adm:x:3:4:adm:/var/adm:/bin/false p := User{} - parseLine(line, &p.Name, &p.Pass, &p.Uid, &p.Gid, &p.Gecos, &p.Home, &p.Shell) + if err := parseLine(line, &p.Name, &p.Pass, &p.Uid, &p.Gid, &p.Gecos, &p.Home, &p.Shell); err != nil { + return nil, err + } if filter == nil || filter(p) { out = append(out, p) @@ -194,7 +211,9 @@ func ParseGroupFilter(r io.Reader, filter func(Group) bool) ([]Group, error) { // root:x:0:root // adm:x:4:root,adm,daemon p := Group{} - parseLine(line, &p.Name, &p.Pass, &p.Gid, &p.List) + if err := parseLine(line, &p.Name, &p.Pass, &p.Gid, &p.List); err != nil { + return nil, err + } if filter == nil || filter(p) { out = append(out, p) @@ -539,7 +558,9 @@ func ParseSubIDFilter(r io.Reader, filter func(SubID) bool) ([]SubID, error) { // see: man 5 subuid p := SubID{} - parseLine(line, &p.Name, &p.SubID, &p.Count) + if err := parseLine(line, &p.Name, &p.SubID, &p.Count); err != nil { + return nil, err + } if filter == nil || filter(p) { out = append(out, p) @@ -587,7 +608,9 @@ func ParseIDMapFilter(r io.Reader, filter func(IDMap) bool) ([]IDMap, error) { // see: man 7 user_namespaces p := IDMap{} - parseParts(bytes.Fields(line), &p.ID, &p.ParentID, &p.Count) + if err := parseParts(bytes.Fields(line), &p.ID, &p.ParentID, &p.Count); err != nil { + return nil, err + } if filter == nil || filter(p) { out = append(out, p) diff --git a/user/user_test.go b/user/user_test.go index e5f599a..5102451 100644 --- a/user/user_test.go +++ b/user/user_test.go @@ -21,42 +21,66 @@ func TestParseLine(t *testing.T) { d int ) - parseLine([]byte(""), &a, &b) + err := parseLine([]byte(""), &a, &b) + if err != nil { + t.Fatal(err) + } if a != "" || b != "" { t.Fatalf("a and b should be empty ('%v', '%v')", a, b) } - parseLine([]byte("a"), &a, &b) + err = parseLine([]byte("a"), &a, &b) + if err != nil { + t.Fatal(err) + } if a != "a" || b != "" { t.Fatalf("a should be 'a' and b should be empty ('%v', '%v')", a, b) } - parseLine([]byte("bad boys:corny cows"), &a, &b) + err = parseLine([]byte("bad boys:corny cows"), &a, &b) + if err != nil { + t.Fatal(err) + } if a != "bad boys" || b != "corny cows" { t.Fatalf("a should be 'bad boys' and b should be 'corny cows' ('%v', '%v')", a, b) } - parseLine([]byte(""), &c) + err = parseLine([]byte(""), &c) + if err != nil { + t.Fatal(err) + } if len(c) != 0 { t.Fatalf("c should be empty (%#v)", c) } - parseLine([]byte("d,e,f:g:h:i,j,k"), &c, &a, &b, &c) + err = parseLine([]byte("d,e,f:g:h:i,j,k"), &c, &a, &b, &c) + if err != nil { + t.Fatal(err) + } if a != "g" || b != "h" || len(c) != 3 || c[0] != "i" || c[1] != "j" || c[2] != "k" { t.Fatalf("a should be 'g', b should be 'h', and c should be ['i','j','k'] ('%v', '%v', '%#v')", a, b, c) } - parseLine([]byte("::::::::::"), &a, &b, &c) + err = parseLine([]byte("::::::::::"), &a, &b, &c) + if err != nil { + t.Fatal(err) + } if a != "" || b != "" || len(c) != 0 { t.Fatalf("a, b, and c should all be empty ('%v', '%v', '%#v')", a, b, c) } - parseLine([]byte("not a number"), &d) + err = parseLine([]byte("not a number"), &d) + if err == nil { + t.Fatal("expected an error") + } if d != 0 { t.Fatalf("d should be 0 (%v)", d) } - parseLine([]byte("b:12:c"), &a, &d, &b) + err = parseLine([]byte("b:12:c"), &a, &d, &b) + if err != nil { + t.Fatal(err) + } if a != "b" || b != "c" || d != 12 { t.Fatalf("a should be 'b' and b should be 'c', and d should be 12 ('%v', '%v', %v)", a, b, d) } From 36088f5ac4135a2d72e1045292ed93c18310015a Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Tue, 30 Jun 2026 15:31:49 +0200 Subject: [PATCH 2/2] user: skip malformed lines Signed-off-by: Sebastiaan van Stijn --- user/user.go | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/user/user.go b/user/user.go index bdd42fd..7bc62fd 100644 --- a/user/user.go +++ b/user/user.go @@ -62,6 +62,7 @@ func parseLine(line []byte, v ...any) error { func parseParts(parts [][]byte, v ...any) error { if len(parts) == 0 { + // TODO(thaJeztah); do we need an "ok" return so that we can skip these in loops? return nil } @@ -151,7 +152,9 @@ func ParsePasswdFilter(r io.Reader, filter func(User) bool) ([]User, error) { // adm:x:3:4:adm:/var/adm:/bin/false p := User{} if err := parseLine(line, &p.Name, &p.Pass, &p.Uid, &p.Gid, &p.Gecos, &p.Home, &p.Shell); err != nil { - return nil, err + // Skip malformed lines, and don't consider them. + // return nil, fmt.Errorf("invalid line (%q): %w", string(line), err) + continue } if filter == nil || filter(p) { @@ -212,7 +215,9 @@ func ParseGroupFilter(r io.Reader, filter func(Group) bool) ([]Group, error) { // adm:x:4:root,adm,daemon p := Group{} if err := parseLine(line, &p.Name, &p.Pass, &p.Gid, &p.List); err != nil { - return nil, err + // Skip malformed lines, and don't consider them. + // return nil, fmt.Errorf("invalid line (%q): %w", string(line), err) + continue } if filter == nil || filter(p) { @@ -559,6 +564,8 @@ func ParseSubIDFilter(r io.Reader, filter func(SubID) bool) ([]SubID, error) { // see: man 5 subuid p := SubID{} if err := parseLine(line, &p.Name, &p.SubID, &p.Count); err != nil { + // Skip malformed lines, and don't consider them. + // return nil, fmt.Errorf("invalid line (%q): %w", string(line), err) return nil, err } @@ -609,7 +616,9 @@ func ParseIDMapFilter(r io.Reader, filter func(IDMap) bool) ([]IDMap, error) { // see: man 7 user_namespaces p := IDMap{} if err := parseParts(bytes.Fields(line), &p.ID, &p.ParentID, &p.Count); err != nil { - return nil, err + // Skip malformed lines, and don't consider them. + // return nil, fmt.Errorf("invalid line (%q): %w", string(line), err) + continue } if filter == nil || filter(p) {