Merge pull request #1096 from hintjens/master

Problem: API violations are treated as recoverable errors

Merge pull request #1096 from hintjens/master
Problem: API violations are treated as recoverable errors
cac5e74d · Trevor Bernard · 1d236d81 · d0667461 · cac5e74d · cac5e74d
Commit cac5e74d authored Jun 17, 2014 by Trevor Bernard
Show whitespace changes
Inline Side-by-side

Showing with 31 additions and 6 deletions

configure.ac configure.ac +11 -0

options.cpp src/options.cpp +20 -6

No files found.
--- a/configure.ac
+++ b/configure.ac
@@ -144,6 +144,17 @@ else
    libzmq_pedantic="yes"
 fi

+AC_ARG_WITH([militant],
+            [AS_HELP_STRING([--with-militant],
+                            [Enable militant API assertions])],
+            [zmq_militant="yes"],
+            [])
+
+if test "x$zmq_militant" = "xyes"; then
+    AC_DEFINE(ZMQ_ACT_MILITANT, 1, [Enable militant API assertions])
+fi
+
+
 # By default compiling with -Werror except OSX.
 libzmq_werror="yes"


--- a/src/options.cpp
+++ b/src/options.cpp
@@ -65,7 +65,9 @@ int zmq::options_t::setsockopt (int option_, const void *optval_,
 {
    bool is_int = (optvallen_ == sizeof (int));
    int value = is_int? *((int *) optval_): 0;
-
+#if defined (ZMQ_ACT_MILITANT)
+    bool malformed = true;          //  Did caller pass a bad option value?
+#endif
    switch (option_) {
        case ZMQ_SNDHWM:
            if (is_int && value >= 0) {
@@ -440,10 +442,23 @@ int zmq::options_t::setsockopt (int option_, const void *optval_,
            }
            break;

-
        default:
-            break;
-    }
+#if defined (ZMQ_ACT_MILITANT)
+            //  There are valid scenarios for probing with unknown socket option
+            //  values, e.g. to check if security is enabled or not. This will not
+            //  provoke a militant assert. However, passing bad values to a valid
+            //  socket option will, if ZMQ_ACT_MILITANT is defined.
+            malformed = false;
+#endif
+            break;
+    }
+#if defined (ZMQ_ACT_MILITANT)
+    //  There is no valid use case for passing an error back to the application
+    //  when it sent malformed arguments to a socket option. Use ./configure
+    //  --with-militant to enable this checking.
+    if (malformed)
+        zmq_assert (false);
+#endif
    errno = EINVAL;
    return -1;
 }
@@ -517,6 +532,7 @@ int zmq::options_t::getsockopt (int option_, void *optval_, size_t *optvallen_)
                return 0;
            }
            break;
+            
        case ZMQ_TYPE:
            if (is_int) {
                *value = type;
@@ -757,8 +773,6 @@ int zmq::options_t::getsockopt (int option_, void *optval_, size_t *optvallen_)
                return 0;
            }
            break;
-
-
    }
    errno = EINVAL;
    return -1;