803fb7
From 81a95ec724b7b874f850cb0f32f1981ccc4fb062 Mon Sep 17 00:00:00 2001
803fb7
From: Karel Zak <kzak@redhat.com>
803fb7
Date: Fri, 20 Nov 2015 12:54:10 +0100
803fb7
Subject: [PATCH] core: support <soft:hard> ranges for RLIMIT options
803fb7
803fb7
The new parser supports:
803fb7
803fb7
 <value>       - specify both limits to the same value
803fb7
 <soft:hard>   - specify both limits
803fb7
803fb7
the size or time specific suffixes are supported, for example
803fb7
803fb7
  LimitRTTIME=1sec
803fb7
  LimitAS=4G:16G
803fb7
803fb7
The patch introduces parse_rlimit_range() and rlim type (size, sec,
803fb7
usec, etc.) specific parsers. No code is duplicated now.
803fb7
803fb7
The patch also sync docs for DefaultLimitXXX= and LimitXXX=.
803fb7
803fb7
References: https://github.com/systemd/systemd/issues/1769
803fb7
803fb7
Cherry-picked from: 91518d20ddf0376808544576d0ef0883cedc67d4
803fb7
Resolves: #1351415
803fb7
---
803fb7
 man/systemd-system.conf.xml |  27 ++-
803fb7
 man/systemd.exec.xml        |   5 +-
de8967
 src/core/load-fragment.c    | 243 ++++++++++---------
de8967
 src/shared/util.c           | 467 ++++++++++++++++++++++++++++++++++++
803fb7
 src/shared/util.h           |  14 ++
803fb7
 src/test/test-unit-file.c   |  31 +++
803fb7
 6 files changed, 667 insertions(+), 120 deletions(-)
803fb7
803fb7
diff --git a/man/systemd-system.conf.xml b/man/systemd-system.conf.xml
803fb7
index b7d9cdee0..39d19bc71 100644
803fb7
--- a/man/systemd-system.conf.xml
803fb7
+++ b/man/systemd-system.conf.xml
803fb7
@@ -326,13 +326,26 @@
803fb7
         <listitem><para>These settings control various default
803fb7
         resource limits for units. See
803fb7
         <citerefentry><refentrytitle>setrlimit</refentrytitle><manvolnum>2</manvolnum></citerefentry>
803fb7
-        for details. Use the string <varname>infinity</varname> to
803fb7
-        configure no limit on a specific resource. The multiplicative suffixes
803fb7
-        K (=1024), M (=1024*1024) and so on for G, T, P and E may be used for
803fb7
-        resource limits measured in bytes (e.g. DefaultLimitAS=16G). These
803fb7
-        settings may be overridden in individual units using the corresponding
803fb7
-        LimitXXX= directives. Note that these resource limits are only
803fb7
-        defaults for units, they are not applied to PID 1
803fb7
+        for details. The resource limit is possible to specify in two formats,
803fb7
+        <option>value</option> to set soft and hard limits to the same value,
803fb7
+        or <option>soft:hard</option> to set both limits individually (e.g. DefaultLimitAS=4G:16G).
803fb7
+        Use the string <varname>infinity</varname> to
803fb7
+        configure no limit on a specific resource. The multiplicative
803fb7
+        suffixes K (=1024), M (=1024*1024) and so on for G, T, P and E
803fb7
+        may be used for resource limits measured in bytes
803fb7
+        (e.g. DefaultLimitAS=16G). For the limits referring to time values,
803fb7
+        the usual time units ms, s, min, h and so on may be used (see
803fb7
+        <citerefentry><refentrytitle>systemd.time</refentrytitle><manvolnum>7</manvolnum></citerefentry>
803fb7
+        for details). Note that if no time unit is specified for
803fb7
+        <varname>DefaultLimitCPU=</varname> the default unit of seconds is
803fb7
+        implied, while for <varname>DefaultLimitRTTIME=</varname> the default
803fb7
+        unit of microseconds is implied. Also, note that the effective
803fb7
+        granularity of the limits might influence their
803fb7
+        enforcement. For example, time limits specified for
803fb7
+        <varname>DefaultLimitCPU=</varname> will be rounded up implicitly to
803fb7
+        multiples of 1s. These  settings may be overridden in individual units
803fb7
+        using the corresponding LimitXXX= directives. Note that these resource
803fb7
+        limits are only defaults for units, they are not applied to PID 1
803fb7
         itself.</para></listitem>
803fb7
       </varlistentry>
803fb7
     </variablelist>
803fb7
diff --git a/man/systemd.exec.xml b/man/systemd.exec.xml
803fb7
index cfdcc3d17..0cd469cd9 100644
803fb7
--- a/man/systemd.exec.xml
803fb7
+++ b/man/systemd.exec.xml
803fb7
@@ -558,7 +558,10 @@
803fb7
         <listitem><para>These settings set both soft and hard limits
803fb7
         of various resources for executed processes. See
803fb7
         <citerefentry><refentrytitle>setrlimit</refentrytitle><manvolnum>2</manvolnum></citerefentry>
803fb7
-        for details. Use the string <varname>infinity</varname> to
803fb7
+        for details. The resource limit is possible to specify in two formats,
803fb7
+        <option>value</option> to set soft and hard limits to the same value,
803fb7
+        or <option>soft:hard</option> to set both limits individually (e.g. LimitAS=4G:16G).
803fb7
+        Use the string <varname>infinity</varname> to
803fb7
         configure no limit on a specific resource. The multiplicative
803fb7
         suffixes K (=1024), M (=1024*1024) and so on for G, T, P and E
803fb7
         may be used for resource limits measured in bytes
803fb7
diff --git a/src/core/load-fragment.c b/src/core/load-fragment.c
803fb7
index 8afe9d7e8..d307f1c74 100644
803fb7
--- a/src/core/load-fragment.c
803fb7
+++ b/src/core/load-fragment.c
803fb7
@@ -1075,81 +1075,108 @@ int config_parse_bounding_set(const char *unit,
803fb7
         return 0;
803fb7
 }
803fb7
 
803fb7
-int config_parse_limit(const char *unit,
803fb7
-                       const char *filename,
803fb7
-                       unsigned line,
803fb7
-                       const char *section,
803fb7
-                       unsigned section_line,
803fb7
-                       const char *lvalue,
803fb7
-                       int ltype,
803fb7
-                       const char *rvalue,
803fb7
-                       void *data,
803fb7
-                       void *userdata) {
803fb7
 
803fb7
-        struct rlimit **rl = data;
803fb7
-        unsigned long long u;
803fb7
+static int rlim_parse_u64(const char *val, rlim_t *res) {
803fb7
+        int r = 0;
803fb7
 
803fb7
-        assert(filename);
803fb7
-        assert(lvalue);
803fb7
-        assert(rvalue);
803fb7
-        assert(data);
803fb7
+        if (streq(val, "infinity"))
803fb7
+                *res = RLIM_INFINITY;
803fb7
+        else {
803fb7
+                uint64_t u;
803fb7
 
803fb7
-        rl += ltype;
803fb7
+                /* setrlimit(2) suggests rlim_t is always 64bit on Linux. */
803fb7
+                assert_cc(sizeof(rlim_t) == sizeof(uint64_t));
803fb7
+
803fb7
+                r = safe_atou64(val, &u);
803fb7
+                if (r >= 0 && u >= (uint64_t) RLIM_INFINITY)
803fb7
+                        r = -ERANGE;
803fb7
+                if (r == 0)
803fb7
+                        *res = (rlim_t) u;
803fb7
+        }
803fb7
+        return r;
803fb7
+}
803fb7
 
803fb7
-        if (streq(rvalue, "infinity"))
803fb7
-                u = (unsigned long long) RLIM_INFINITY;
803fb7
+static int rlim_parse_size(const char *val, rlim_t *res) {
803fb7
+        int r = 0;
803fb7
+
803fb7
+        if (streq(val, "infinity"))
803fb7
+                *res = RLIM_INFINITY;
803fb7
         else {
803fb7
-                int r;
803fb7
+                off_t u;
803fb7
 
803fb7
-                r = safe_atollu(rvalue, &u);
803fb7
-                if (r < 0) {
803fb7
-                        log_syntax(unit, LOG_ERR, filename, line, -r,
803fb7
-                                   "Failed to parse resource value, ignoring: %s", rvalue);
803fb7
-                        return 0;
803fb7
-                }
803fb7
+                r = parse_size(val, 1024, &u);
803fb7
+                if (r >= 0 && u >= (off_t) RLIM_INFINITY)
803fb7
+                        r = -ERANGE;
803fb7
+                if (r == 0)
803fb7
+                        *res = (rlim_t) u;
803fb7
         }
803fb7
+        return r;
803fb7
+}
803fb7
 
803fb7
-        if (!*rl) {
803fb7
-                *rl = new(struct rlimit, 1);
803fb7
-                if (!*rl)
803fb7
-                        return log_oom();
803fb7
-        }
803fb7
+static int rlim_parse_sec(const char *val, rlim_t *res) {
803fb7
+        int r = 0;
803fb7
 
803fb7
-        (*rl)->rlim_cur = (*rl)->rlim_max = (rlim_t) u;
803fb7
-        return 0;
803fb7
+        if (streq(val, "infinity"))
803fb7
+                *res = RLIM_INFINITY;
803fb7
+        else {
803fb7
+                usec_t t;
803fb7
+
803fb7
+                r = parse_sec(val, &t);
803fb7
+                if (r < 0)
803fb7
+                        return r;
803fb7
+                if (t == USEC_INFINITY)
803fb7
+                        *res = RLIM_INFINITY;
803fb7
+                else
803fb7
+                        *res = (rlim_t) (DIV_ROUND_UP(t, USEC_PER_SEC));
803fb7
+
803fb7
+        }
803fb7
+        return r;
803fb7
 }
803fb7
 
803fb7
-int config_parse_bytes_limit(const char *unit,
803fb7
-                       const char *filename,
803fb7
-                       unsigned line,
803fb7
-                       const char *section,
803fb7
-                       unsigned section_line,
803fb7
-                       const char *lvalue,
803fb7
-                       int ltype,
803fb7
-                       const char *rvalue,
803fb7
-                       void *data,
803fb7
-                       void *userdata) {
803fb7
+static int rlim_parse_usec(const char *val, rlim_t *res) {
803fb7
+        int r = 0;
803fb7
 
803fb7
-        struct rlimit **rl = data;
803fb7
-        uint64_t bytes;
803fb7
+        if (streq(val, "infinity"))
803fb7
+                *res = RLIM_INFINITY;
803fb7
+        else {
803fb7
+                usec_t t;
803fb7
 
803fb7
-        assert(filename);
803fb7
-        assert(lvalue);
803fb7
-        assert(rvalue);
803fb7
-        assert(data);
803fb7
+                r = parse_time(val, &t, 1);
803fb7
+                if (r < 0)
803fb7
+                        return r;
803fb7
+                if (t == USEC_INFINITY)
803fb7
+                        *res = RLIM_INFINITY;
803fb7
+                else
803fb7
+                        *res = (rlim_t) t;
803fb7
+        }
803fb7
+        return r;
803fb7
+}
803fb7
 
803fb7
-        rl += ltype;
803fb7
+static int parse_rlimit_range(
803fb7
+                const char *unit,
803fb7
+                const char *filename,
803fb7
+                unsigned line,
803fb7
+                const char *value,
803fb7
+                struct rlimit **rl,
803fb7
+                int (*rlim_parser)(const char *, rlim_t *)) {
803fb7
 
803fb7
-        if (streq(rvalue, "infinity"))
803fb7
-                bytes = (uint64_t) RLIM_INFINITY;
803fb7
-        else {
803fb7
-                int r;
803fb7
+        rlim_t soft, hard;
803fb7
+        _cleanup_free_ char *sword = NULL, *hword = NULL;
803fb7
+        int nwords, r;
803fb7
 
803fb7
-                r = parse_size(rvalue, 1024, &bytes);
803fb7
-                if (r < 0) {
803fb7
-                        log_syntax(unit, LOG_ERR, filename, line, r, "Failed to parse resource value, ignoring: %s", rvalue);
803fb7
-                        return 0;
803fb7
-                }
803fb7
+        assert(value);
803fb7
+
803fb7
+        /* <value> or <soft:hard> */
803fb7
+        nwords = extract_many_words(&value, ":", EXTRACT_DONT_COALESCE_SEPARATORS, &sword, &hword, NULL);
803fb7
+        r = nwords < 0 ? nwords : nwords == 0 ? -EINVAL : 0;
803fb7
+
803fb7
+        if (r == 0)
803fb7
+                r = rlim_parser(sword, &soft);
803fb7
+        if (r == 0 && nwords == 2)
803fb7
+                r = rlim_parser(hword, &hard);
803fb7
+        if (r < 0) {
803fb7
+                log_syntax(unit, LOG_ERR, filename, line, r, "Failed to parse resource value, ignoring: %s", value);
803fb7
+                return 0;
803fb7
         }
803fb7
 
803fb7
         if (!*rl) {
803fb7
@@ -1157,12 +1184,12 @@ int config_parse_bytes_limit(const char *unit,
803fb7
                 if (!*rl)
803fb7
                         return log_oom();
803fb7
         }
803fb7
-
803fb7
-        (*rl)->rlim_cur = (*rl)->rlim_max = (rlim_t) bytes;
803fb7
+        (*rl)->rlim_cur = soft;
803fb7
+        (*rl)->rlim_max = nwords == 2 ? hard : soft;
803fb7
         return 0;
803fb7
 }
803fb7
 
803fb7
-int config_parse_sec_limit(
803fb7
+int config_parse_limit(
803fb7
                 const char *unit,
803fb7
                 const char *filename,
803fb7
                 unsigned line,
803fb7
@@ -1175,8 +1202,6 @@ int config_parse_sec_limit(
803fb7
                 void *userdata) {
803fb7
 
803fb7
         struct rlimit **rl = data;
803fb7
-        rlim_t seconds;
803fb7
-        int r;
803fb7
 
803fb7
         assert(filename);
803fb7
         assert(lvalue);
803fb7
@@ -1184,36 +1209,33 @@ int config_parse_sec_limit(
803fb7
         assert(data);
803fb7
 
803fb7
         rl += ltype;
803fb7
+        return parse_rlimit_range(unit, filename, line, rvalue, rl, rlim_parse_u64);
803fb7
+}
803fb7
 
803fb7
-        if (streq(rvalue, "infinity"))
803fb7
-                seconds = RLIM_INFINITY;
803fb7
-        else {
803fb7
-                usec_t t;
803fb7
-
803fb7
-                r = parse_sec(rvalue, &t);
803fb7
-                if (r < 0) {
803fb7
-                        log_syntax(unit, LOG_ERR, filename, line, r, "Failed to parse resource value, ignoring: %s", rvalue);
803fb7
-                        return 0;
803fb7
-                }
803fb7
+int config_parse_bytes_limit(
803fb7
+                const char *unit,
803fb7
+                const char *filename,
803fb7
+                unsigned line,
803fb7
+                const char *section,
803fb7
+                unsigned section_line,
803fb7
+                const char *lvalue,
803fb7
+                int ltype,
803fb7
+                const char *rvalue,
803fb7
+                void *data,
803fb7
+                void *userdata) {
803fb7
 
803fb7
-                if (t == USEC_INFINITY)
803fb7
-                        seconds = RLIM_INFINITY;
803fb7
-                else
803fb7
-                        seconds = (rlim_t) (DIV_ROUND_UP(t, USEC_PER_SEC));
803fb7
-        }
803fb7
+        struct rlimit **rl = data;
803fb7
 
803fb7
-        if (!*rl) {
803fb7
-                *rl = new(struct rlimit, 1);
803fb7
-                if (!*rl)
803fb7
-                        return log_oom();
803fb7
-        }
803fb7
+        assert(filename);
803fb7
+        assert(lvalue);
803fb7
+        assert(rvalue);
803fb7
+        assert(data);
803fb7
 
803fb7
-        (*rl)->rlim_cur = (*rl)->rlim_max = seconds;
803fb7
-        return 0;
803fb7
+        rl += ltype;
803fb7
+        return parse_rlimit_range(unit, filename, line, rvalue, rl, rlim_parse_size);
803fb7
 }
803fb7
 
803fb7
-
803fb7
-int config_parse_usec_limit(
803fb7
+int config_parse_sec_limit(
803fb7
                 const char *unit,
803fb7
                 const char *filename,
803fb7
                 unsigned line,
803fb7
@@ -1226,8 +1248,6 @@ int config_parse_usec_limit(
803fb7
                 void *userdata) {
803fb7
 
803fb7
         struct rlimit **rl = data;
803fb7
-        rlim_t useconds;
803fb7
-        int r;
803fb7
 
803fb7
         assert(filename);
803fb7
         assert(lvalue);
803fb7
@@ -1235,34 +1255,33 @@ int config_parse_usec_limit(
803fb7
         assert(data);
803fb7
 
803fb7
         rl += ltype;
803fb7
+        return parse_rlimit_range(unit, filename, line, rvalue, rl, rlim_parse_sec);
803fb7
+}
803fb7
 
803fb7
-        if (streq(rvalue, "infinity"))
803fb7
-                useconds = RLIM_INFINITY;
803fb7
-        else {
803fb7
-                usec_t t;
803fb7
-
803fb7
-                r = parse_time(rvalue, &t, 1);
803fb7
-                if (r < 0) {
803fb7
-                        log_syntax(unit, LOG_ERR, filename, line, r, "Failed to parse resource value, ignoring: %s", rvalue);
803fb7
-                        return 0;
803fb7
-                }
803fb7
+int config_parse_usec_limit(
803fb7
+                const char *unit,
803fb7
+                const char *filename,
803fb7
+                unsigned line,
803fb7
+                const char *section,
803fb7
+                unsigned section_line,
803fb7
+                const char *lvalue,
803fb7
+                int ltype,
803fb7
+                const char *rvalue,
803fb7
+                void *data,
803fb7
+                void *userdata) {
803fb7
 
803fb7
-                if (t == USEC_INFINITY)
803fb7
-                        useconds = RLIM_INFINITY;
803fb7
-                else
803fb7
-                        useconds = (rlim_t) t;
803fb7
-        }
803fb7
+        struct rlimit **rl = data;
803fb7
 
803fb7
-        if (!*rl) {
803fb7
-                *rl = new(struct rlimit, 1);
803fb7
-                if (!*rl)
803fb7
-                        return log_oom();
803fb7
-        }
803fb7
+        assert(filename);
803fb7
+        assert(lvalue);
803fb7
+        assert(rvalue);
803fb7
+        assert(data);
803fb7
 
803fb7
-        (*rl)->rlim_cur = (*rl)->rlim_max = useconds;
803fb7
-        return 0;
803fb7
+        rl += ltype;
803fb7
+        return parse_rlimit_range(unit, filename, line, rvalue, rl, rlim_parse_usec);
803fb7
 }
803fb7
 
803fb7
+
803fb7
 #ifdef HAVE_SYSV_COMPAT
803fb7
 int config_parse_sysv_priority(const char *unit,
803fb7
                                const char *filename,
803fb7
diff --git a/src/shared/util.c b/src/shared/util.c
803fb7
index 036677eb4..f75ed9dd4 100644
803fb7
--- a/src/shared/util.c
803fb7
+++ b/src/shared/util.c
803fb7
@@ -93,6 +93,7 @@
803fb7
 #include "virt.h"
803fb7
 #include "def.h"
803fb7
 #include "sparse-endian.h"
803fb7
+#include "conf-parser.h"
803fb7
 
803fb7
 int saved_argc = 0;
803fb7
 char **saved_argv = NULL;
803fb7
@@ -100,6 +101,8 @@ char **saved_argv = NULL;
803fb7
 static volatile unsigned cached_columns = 0;
803fb7
 static volatile unsigned cached_lines = 0;
803fb7
 
803fb7
+bool unichar_is_valid(int32_t ch);
803fb7
+
803fb7
 size_t page_size(void) {
803fb7
         static thread_local size_t pgsz = 0;
803fb7
         long r;
803fb7
@@ -1365,6 +1368,207 @@ char *cescape(const char *s) {
803fb7
         return r;
803fb7
 }
803fb7
 
803fb7
+bool unichar_is_valid(int32_t ch) {
803fb7
+
803fb7
+        if (ch >= 0x110000) /* End of unicode space */
803fb7
+                return false;
803fb7
+        if ((ch & 0xFFFFF800) == 0xD800) /* Reserved area for UTF-16 */
803fb7
+                return false;
803fb7
+        if ((ch >= 0xFDD0) && (ch <= 0xFDEF)) /* Reserved */
803fb7
+                return false;
803fb7
+        if ((ch & 0xFFFE) == 0xFFFE) /* BOM (Byte Order Mark) */
803fb7
+                return false;
803fb7
+
803fb7
+        return true;
803fb7
+}
803fb7
+
803fb7
+int cunescape_one(const char *p, size_t length, int32_t *ret, bool *eight_bit) {
803fb7
+        int r = 1;
803fb7
+
803fb7
+        assert(p);
803fb7
+        assert(*p);
803fb7
+        assert(ret);
803fb7
+
803fb7
+        /* Unescapes C style. Returns the unescaped character in ret.
803fb7
+         * Sets *eight_bit to true if the escaped sequence either fits in
803fb7
+         * one byte in UTF-8 or is a non-unicode literal byte and should
803fb7
+         * instead be copied directly.
803fb7
+         */
803fb7
+
803fb7
+        if (length != (size_t) -1 && length < 1)
803fb7
+                return -EINVAL;
803fb7
+
803fb7
+        switch (p[0]) {
803fb7
+
803fb7
+        case 'a':
803fb7
+                *ret = '\a';
803fb7
+                break;
803fb7
+        case 'b':
803fb7
+                *ret = '\b';
803fb7
+                break;
803fb7
+        case 'f':
803fb7
+                *ret = '\f';
803fb7
+                break;
803fb7
+        case 'n':
803fb7
+                *ret = '\n';
803fb7
+                break;
803fb7
+        case 'r':
803fb7
+                *ret = '\r';
803fb7
+                break;
803fb7
+        case 't':
803fb7
+                *ret = '\t';
803fb7
+                break;
803fb7
+        case 'v':
803fb7
+                *ret = '\v';
803fb7
+                break;
803fb7
+        case '\\':
803fb7
+                *ret = '\\';
803fb7
+                break;
803fb7
+        case '"':
803fb7
+                *ret = '"';
803fb7
+                break;
803fb7
+        case '\'':
803fb7
+                *ret = '\'';
803fb7
+                break;
803fb7
+
803fb7
+        case 's':
803fb7
+                /* This is an extension of the XDG syntax files */
803fb7
+                *ret = ' ';
803fb7
+                break;
803fb7
+
803fb7
+        case 'x': {
803fb7
+                /* hexadecimal encoding */
803fb7
+                int a, b;
803fb7
+
803fb7
+                if (length != (size_t) -1 && length < 3)
803fb7
+                        return -EINVAL;
803fb7
+
803fb7
+                a = unhexchar(p[1]);
803fb7
+                if (a < 0)
803fb7
+                        return -EINVAL;
803fb7
+
803fb7
+                b = unhexchar(p[2]);
803fb7
+                if (b < 0)
803fb7
+                        return -EINVAL;
803fb7
+
803fb7
+                /* Don't allow NUL bytes */
803fb7
+                if (a == 0 && b == 0)
803fb7
+                        return -EINVAL;
803fb7
+
803fb7
+                *ret = (a << 4U) | b;
803fb7
+                *eight_bit = true;
803fb7
+                r = 3;
803fb7
+                break;
803fb7
+        }
803fb7
+
803fb7
+        case 'u': {
803fb7
+                /* C++11 style 16bit unicode */
803fb7
+
803fb7
+                int a[4];
803fb7
+                unsigned i;
803fb7
+                uint32_t c;
803fb7
+
803fb7
+                if (length != (size_t) -1 && length < 5)
803fb7
+                        return -EINVAL;
803fb7
+
803fb7
+                for (i = 0; i < 4; i++) {
803fb7
+                        a[i] = unhexchar(p[1 + i]);
803fb7
+                        if (a[i] < 0)
803fb7
+                                return a[i];
803fb7
+                }
803fb7
+
803fb7
+                c = ((uint32_t) a[0] << 12U) | ((uint32_t) a[1] << 8U) | ((uint32_t) a[2] << 4U) | (uint32_t) a[3];
803fb7
+
803fb7
+                /* Don't allow 0 chars */
803fb7
+                if (c == 0)
803fb7
+                        return -EINVAL;
803fb7
+
803fb7
+                *ret = c;
803fb7
+                r = 5;
803fb7
+                break;
803fb7
+        }
803fb7
+
803fb7
+        case 'U': {
803fb7
+                /* C++11 style 32bit unicode */
803fb7
+
803fb7
+                int a[8];
803fb7
+                unsigned i;
803fb7
+                int32_t c;
803fb7
+
803fb7
+                if (length != (size_t) -1 && length < 9)
803fb7
+                        return -EINVAL;
803fb7
+
803fb7
+                for (i = 0; i < 8; i++) {
803fb7
+                        a[i] = unhexchar(p[1 + i]);
803fb7
+                        if (a[i] < 0)
803fb7
+                                return a[i];
803fb7
+                }
803fb7
+
803fb7
+                c = ((uint32_t) a[0] << 28U) | ((uint32_t) a[1] << 24U) | ((uint32_t) a[2] << 20U) | ((uint32_t) a[3] << 16U) |
803fb7
+                    ((uint32_t) a[4] << 12U) | ((uint32_t) a[5] <<  8U) | ((uint32_t) a[6] <<  4U) |  (uint32_t) a[7];
803fb7
+
803fb7
+                /* Don't allow 0 chars */
803fb7
+                if (c == 0)
803fb7
+                        return -EINVAL;
803fb7
+
803fb7
+                /* Don't allow invalid code points */
803fb7
+                if (!unichar_is_valid(c))
803fb7
+                        return -EINVAL;
803fb7
+
803fb7
+                *ret = c;
803fb7
+                r = 9;
803fb7
+                break;
803fb7
+        }
803fb7
+
803fb7
+        case '0':
803fb7
+        case '1':
803fb7
+        case '2':
803fb7
+        case '3':
803fb7
+        case '4':
803fb7
+        case '5':
803fb7
+        case '6':
803fb7
+        case '7': {
803fb7
+                /* octal encoding */
803fb7
+                int a, b, c;
803fb7
+                int32_t m;
803fb7
+
803fb7
+                if (length != (size_t) -1 && length < 3)
803fb7
+                        return -EINVAL;
803fb7
+
803fb7
+                a = unoctchar(p[0]);
803fb7
+                if (a < 0)
803fb7
+                        return -EINVAL;
803fb7
+
803fb7
+                b = unoctchar(p[1]);
803fb7
+                if (b < 0)
803fb7
+                        return -EINVAL;
803fb7
+
803fb7
+                c = unoctchar(p[2]);
803fb7
+                if (c < 0)
803fb7
+                        return -EINVAL;
803fb7
+
803fb7
+                /* don't allow NUL bytes */
803fb7
+                if (a == 0 && b == 0 && c == 0)
803fb7
+                        return -EINVAL;
803fb7
+
803fb7
+                /* Don't allow bytes above 255 */
803fb7
+                m = ((uint32_t) a << 6U) | ((uint32_t) b << 3U) | (uint32_t) c;
803fb7
+                if (m > 255)
803fb7
+                        return -EINVAL;
803fb7
+
803fb7
+                *ret = m;
803fb7
+                *eight_bit = true;
803fb7
+                r = 3;
803fb7
+                break;
803fb7
+        }
803fb7
+
803fb7
+        default:
803fb7
+                return -EINVAL;
803fb7
+        }
803fb7
+
803fb7
+        return r;
803fb7
+}
803fb7
+
803fb7
 char *cunescape_length_with_prefix(const char *s, size_t length, const char *prefix) {
803fb7
         char *r, *t;
803fb7
         const char *f;
803fb7
@@ -8207,3 +8411,266 @@ bool colors_enabled(void) {
803fb7
 
803fb7
         return parse_boolean(colors) != 0;
803fb7
 }
803fb7
+
803fb7
+int extract_first_word(const char **p, char **ret, const char *separators, ExtractFlags flags) {
803fb7
+        _cleanup_free_ char *s = NULL;
803fb7
+        size_t allocated = 0, sz = 0;
803fb7
+        char c;
803fb7
+        int r;
803fb7
+
803fb7
+        char quote = 0;                 /* 0 or ' or " */
803fb7
+        bool backslash = false;         /* whether we've just seen a backslash */
803fb7
+
803fb7
+        assert(p);
803fb7
+        assert(ret);
803fb7
+
803fb7
+        /* Bail early if called after last value or with no input */
803fb7
+        if (!*p)
803fb7
+                goto finish_force_terminate;
803fb7
+        c = **p;
803fb7
+
803fb7
+        if (!separators)
803fb7
+                separators = WHITESPACE;
803fb7
+
803fb7
+        /* Parses the first word of a string, and returns it in
803fb7
+         * *ret. Removes all quotes in the process. When parsing fails
803fb7
+         * (because of an uneven number of quotes or similar), leaves
803fb7
+         * the pointer *p at the first invalid character. */
803fb7
+
803fb7
+        if (flags & EXTRACT_DONT_COALESCE_SEPARATORS)
803fb7
+                if (!GREEDY_REALLOC(s, allocated, sz+1))
803fb7
+                        return -ENOMEM;
803fb7
+
803fb7
+        for (;; (*p)++, c = **p) {
803fb7
+                if (c == 0)
803fb7
+                        goto finish_force_terminate;
803fb7
+                else if (strchr(separators, c)) {
803fb7
+                        if (flags & EXTRACT_DONT_COALESCE_SEPARATORS) {
803fb7
+                                (*p)++;
803fb7
+                                goto finish_force_next;
803fb7
+                        }
803fb7
+                } else {
803fb7
+                        /* We found a non-blank character, so we will always
803fb7
+                         * want to return a string (even if it is empty),
803fb7
+                         * allocate it here. */
803fb7
+                        if (!GREEDY_REALLOC(s, allocated, sz+1))
803fb7
+                                return -ENOMEM;
803fb7
+                        break;
803fb7
+                }
803fb7
+        }
803fb7
+
803fb7
+        for (;; (*p)++, c = **p) {
803fb7
+                if (backslash) {
803fb7
+                        if (!GREEDY_REALLOC(s, allocated, sz+7))
803fb7
+                                return -ENOMEM;
803fb7
+
803fb7
+                        if (c == 0) {
803fb7
+                                if ((flags & EXTRACT_CUNESCAPE_RELAX) &&
803fb7
+                                    (!quote || flags & EXTRACT_RELAX)) {
803fb7
+                                        /* If we find an unquoted trailing backslash and we're in
803fb7
+                                         * EXTRACT_CUNESCAPE_RELAX mode, keep it verbatim in the
803fb7
+                                         * output.
803fb7
+                                         *
803fb7
+                                         * Unbalanced quotes will only be allowed in EXTRACT_RELAX
803fb7
+                                         * mode, EXTRACT_CUNESCAPE_RELAX mode does not allow them.
803fb7
+                                         */
803fb7
+                                        s[sz++] = '\\';
803fb7
+                                        goto finish_force_terminate;
803fb7
+                                }
803fb7
+                                if (flags & EXTRACT_RELAX)
803fb7
+                                        goto finish_force_terminate;
803fb7
+                                return -EINVAL;
803fb7
+                        }
803fb7
+
803fb7
+                        if (flags & EXTRACT_CUNESCAPE) {
803fb7
+                                bool eight_bit = false;
803fb7
+                                int32_t u;
803fb7
+
803fb7
+                                r = cunescape_one(*p, (size_t) -1, &u, &eight_bit);
803fb7
+                                if (r < 0) {
803fb7
+                                        if (flags & EXTRACT_CUNESCAPE_RELAX) {
803fb7
+                                                s[sz++] = '\\';
803fb7
+                                                s[sz++] = c;
803fb7
+                                        } else
803fb7
+                                                return -EINVAL;
803fb7
+                                } else {
803fb7
+                                        (*p) += r - 1;
803fb7
+
803fb7
+                                        if (eight_bit)
803fb7
+                                                s[sz++] = u;
803fb7
+                                        else
803fb7
+                                                sz += utf8_encode_unichar(s + sz, u);
803fb7
+                                }
803fb7
+                        } else
803fb7
+                                s[sz++] = c;
803fb7
+
803fb7
+                        backslash = false;
803fb7
+
803fb7
+                } else if (quote) {     /* inside either single or double quotes */
803fb7
+                        for (;; (*p)++, c = **p) {
803fb7
+                                if (c == 0) {
803fb7
+                                        if (flags & EXTRACT_RELAX)
803fb7
+                                                goto finish_force_terminate;
803fb7
+                                        return -EINVAL;
803fb7
+                                } else if (c == quote) {        /* found the end quote */
803fb7
+                                        quote = 0;
803fb7
+                                        break;
803fb7
+                                } else if (c == '\\' && !(flags & EXTRACT_RETAIN_ESCAPE)) {
803fb7
+                                        backslash = true;
803fb7
+                                        break;
803fb7
+                                } else {
803fb7
+                                        if (!GREEDY_REALLOC(s, allocated, sz+2))
803fb7
+                                                return -ENOMEM;
803fb7
+
803fb7
+                                        s[sz++] = c;
803fb7
+                                }
803fb7
+                        }
803fb7
+
803fb7
+                } else {
803fb7
+                        for (;; (*p)++, c = **p) {
803fb7
+                                if (c == 0)
803fb7
+                                        goto finish_force_terminate;
803fb7
+                                else if ((c == '\'' || c == '"') && (flags & EXTRACT_QUOTES)) {
803fb7
+                                        quote = c;
803fb7
+                                        break;
803fb7
+                                } else if (c == '\\' && !(flags & EXTRACT_RETAIN_ESCAPE)) {
803fb7
+                                        backslash = true;
803fb7
+                                        break;
803fb7
+                                } else if (strchr(separators, c)) {
803fb7
+                                        if (flags & EXTRACT_DONT_COALESCE_SEPARATORS) {
803fb7
+                                                (*p)++;
803fb7
+                                                goto finish_force_next;
803fb7
+                                        }
803fb7
+                                        /* Skip additional coalesced separators. */
803fb7
+                                        for (;; (*p)++, c = **p) {
803fb7
+                                                if (c == 0)
803fb7
+                                                        goto finish_force_terminate;
803fb7
+                                                if (!strchr(separators, c))
803fb7
+                                                        break;
803fb7
+                                        }
803fb7
+                                        goto finish;
803fb7
+
803fb7
+                                } else {
803fb7
+                                        if (!GREEDY_REALLOC(s, allocated, sz+2))
803fb7
+                                                return -ENOMEM;
803fb7
+
803fb7
+                                        s[sz++] = c;
803fb7
+                                }
803fb7
+                        }
803fb7
+                }
803fb7
+        }
803fb7
+
803fb7
+finish_force_terminate:
803fb7
+        *p = NULL;
803fb7
+finish:
803fb7
+        if (!s) {
803fb7
+                *p = NULL;
803fb7
+                *ret = NULL;
803fb7
+                return 0;
803fb7
+        }
803fb7
+
803fb7
+finish_force_next:
803fb7
+        s[sz] = 0;
803fb7
+        *ret = s;
803fb7
+        s = NULL;
803fb7
+
803fb7
+        return 1;
803fb7
+}
803fb7
+
803fb7
+int extract_first_word_and_warn(
803fb7
+                const char **p,
803fb7
+                char **ret,
803fb7
+                const char *separators,
803fb7
+                ExtractFlags flags,
803fb7
+                const char *unit,
803fb7
+                const char *filename,
803fb7
+                unsigned line,
803fb7
+                const char *rvalue) {
803fb7
+
803fb7
+        /* Try to unquote it, if it fails, warn about it and try again
803fb7
+         * but this time using EXTRACT_CUNESCAPE_RELAX to keep the
803fb7
+         * backslashes verbatim in invalid escape sequences. */
803fb7
+
803fb7
+        const char *save;
803fb7
+        int r;
803fb7
+
803fb7
+        save = *p;
803fb7
+        r = extract_first_word(p, ret, separators, flags);
803fb7
+        if (r >= 0)
803fb7
+                return r;
803fb7
+
803fb7
+        if (r == -EINVAL && !(flags & EXTRACT_CUNESCAPE_RELAX)) {
803fb7
+
803fb7
+                /* Retry it with EXTRACT_CUNESCAPE_RELAX. */
803fb7
+                *p = save;
803fb7
+                r = extract_first_word(p, ret, separators, flags|EXTRACT_CUNESCAPE_RELAX);
803fb7
+                if (r >= 0) {
803fb7
+                        /* It worked this time, hence it must have been an invalid escape sequence we could correct. */
803fb7
+                        log_syntax(unit, LOG_WARNING, filename, line, EINVAL, "Invalid escape sequences in line, correcting: \"%s\"", rvalue);
803fb7
+                        return r;
803fb7
+                }
803fb7
+
803fb7
+                /* If it's still EINVAL; then it must be unbalanced quoting, report this. */
803fb7
+                if (r == -EINVAL)
803fb7
+                        return log_syntax(unit, LOG_ERR, filename, line, r, "Unbalanced quoting, ignoring: \"%s\"", rvalue);
803fb7
+        }
803fb7
+
803fb7
+        /* Can be any error, report it */
803fb7
+        return log_syntax(unit, LOG_ERR, filename, line, r, "Unable to decode word \"%s\", ignoring: %m", rvalue);
803fb7
+}
803fb7
+
803fb7
+int extract_many_words(const char **p, const char *separators, ExtractFlags flags, ...) {
803fb7
+        va_list ap;
803fb7
+        char **l;
803fb7
+        int n = 0, i, c, r;
803fb7
+
803fb7
+        /* Parses a number of words from a string, stripping any
803fb7
+         * quotes if necessary. */
803fb7
+
803fb7
+        assert(p);
803fb7
+
803fb7
+        /* Count how many words are expected */
803fb7
+        va_start(ap, flags);
803fb7
+        for (;;) {
803fb7
+                if (!va_arg(ap, char **))
803fb7
+                        break;
803fb7
+                n++;
803fb7
+        }
803fb7
+        va_end(ap);
803fb7
+
803fb7
+        if (n <= 0)
803fb7
+                return 0;
803fb7
+
803fb7
+        /* Read all words into a temporary array */
803fb7
+        l = newa0(char*, n);
803fb7
+        for (c = 0; c < n; c++) {
803fb7
+
803fb7
+                r = extract_first_word(p, &l[c], separators, flags);
803fb7
+                if (r < 0) {
803fb7
+                        int j;
803fb7
+
803fb7
+                        for (j = 0; j < c; j++)
803fb7
+                                free(l[j]);
803fb7
+
803fb7
+                        return r;
803fb7
+                }
803fb7
+
803fb7
+                if (r == 0)
803fb7
+                        break;
803fb7
+        }
803fb7
+
803fb7
+        /* If we managed to parse all words, return them in the passed
803fb7
+         * in parameters */
803fb7
+        va_start(ap, flags);
803fb7
+        for (i = 0; i < n; i++) {
803fb7
+                char **v;
803fb7
+
803fb7
+                v = va_arg(ap, char **);
803fb7
+                assert(v);
803fb7
+
803fb7
+                *v = l[i];
803fb7
+        }
803fb7
+        va_end(ap);
803fb7
+
803fb7
+        return c;
803fb7
+}
803fb7
diff --git a/src/shared/util.h b/src/shared/util.h
803fb7
index a441e44ff..be04524cc 100644
803fb7
--- a/src/shared/util.h
803fb7
+++ b/src/shared/util.h
803fb7
@@ -315,6 +315,7 @@ int undecchar(char c) _const_;
803fb7
 char *cescape(const char *s);
803fb7
 char *cunescape(const char *s);
803fb7
 char *cunescape_length(const char *s, size_t length);
803fb7
+int cunescape_one(const char *p, size_t length, int32_t *ret, bool *eight_bit);
803fb7
 char *cunescape_length_with_prefix(const char *s, size_t length, const char *prefix);
803fb7
 
803fb7
 char *xescape(const char *s, const char *bad);
803fb7
@@ -1082,3 +1083,16 @@ void sigkill_wait(pid_t *pid);
803fb7
 int syslog_parse_priority(const char **p, int *priority, bool with_facility);
803fb7
 
803fb7
 char *shell_maybe_quote(const char *s);
803fb7
+
803fb7
+typedef enum ExtractFlags {
803fb7
+        EXTRACT_RELAX                    = 1,
803fb7
+        EXTRACT_CUNESCAPE                = 2,
803fb7
+        EXTRACT_CUNESCAPE_RELAX          = 4,
803fb7
+        EXTRACT_QUOTES                   = 8,
803fb7
+        EXTRACT_DONT_COALESCE_SEPARATORS = 16,
803fb7
+        EXTRACT_RETAIN_ESCAPE            = 32,
803fb7
+} ExtractFlags;
803fb7
+
803fb7
+int extract_first_word(const char **p, char **ret, const char *separators, ExtractFlags flags);
803fb7
+int extract_first_word_and_warn(const char **p, char **ret, const char *separators, ExtractFlags flags, const char *unit, const char *filename, unsigned line, const char *rvalue);
803fb7
+int extract_many_words(const char **p, const char *separators, ExtractFlags flags, ...) _sentinel_;
803fb7
diff --git a/src/test/test-unit-file.c b/src/test/test-unit-file.c
803fb7
index 87c81ccd7..931dfeda8 100644
803fb7
--- a/src/test/test-unit-file.c
803fb7
+++ b/src/test/test-unit-file.c
803fb7
@@ -554,11 +554,22 @@ static void test_config_parse_rlimit(void) {
803fb7
         assert_se(rl[RLIMIT_NOFILE]->rlim_cur == 55);
803fb7
         assert_se(rl[RLIMIT_NOFILE]->rlim_cur == rl[RLIMIT_NOFILE]->rlim_max);
803fb7
 
803fb7
+
803fb7
+        assert_se(config_parse_limit(NULL, "fake", 1, "section", 1, "LimitNOFILE", RLIMIT_NOFILE, "55:66", rl, NULL) >= 0);
803fb7
+        assert_se(rl[RLIMIT_NOFILE]);
803fb7
+        assert_se(rl[RLIMIT_NOFILE]->rlim_cur == 55);
803fb7
+        assert_se(rl[RLIMIT_NOFILE]->rlim_max == 66);
803fb7
+
803fb7
         assert_se(config_parse_limit(NULL, "fake", 1, "section", 1, "LimitNOFILE", RLIMIT_NOFILE, "infinity", rl, NULL) >= 0);
803fb7
         assert_se(rl[RLIMIT_NOFILE]);
803fb7
         assert_se(rl[RLIMIT_NOFILE]->rlim_cur == RLIM_INFINITY);
803fb7
         assert_se(rl[RLIMIT_NOFILE]->rlim_cur == rl[RLIMIT_NOFILE]->rlim_max);
803fb7
 
803fb7
+        assert_se(config_parse_limit(NULL, "fake", 1, "section", 1, "LimitNOFILE", RLIMIT_NOFILE, "infinity:infinity", rl, NULL) >= 0);
803fb7
+        assert_se(rl[RLIMIT_NOFILE]);
803fb7
+        assert_se(rl[RLIMIT_NOFILE]->rlim_cur == RLIM_INFINITY);
803fb7
+        assert_se(rl[RLIMIT_NOFILE]->rlim_cur == rl[RLIMIT_NOFILE]->rlim_max);
803fb7
+
803fb7
         free(rl[RLIMIT_NOFILE]);
803fb7
         assert_se(config_parse_sec_limit(NULL, "fake", 1, "section", 1, "LimitCPU", RLIMIT_CPU, "56", rl, NULL) >= 0);
803fb7
         assert_se(rl[RLIMIT_CPU]);
803fb7
@@ -570,6 +581,11 @@ static void test_config_parse_rlimit(void) {
803fb7
         assert_se(rl[RLIMIT_CPU]->rlim_cur == 57);
803fb7
         assert_se(rl[RLIMIT_CPU]->rlim_cur == rl[RLIMIT_CPU]->rlim_max);
803fb7
 
803fb7
+        assert_se(config_parse_sec_limit(NULL, "fake", 1, "section", 1, "LimitCPU", RLIMIT_CPU, "40s:1m", rl, NULL) >= 0);
803fb7
+        assert_se(rl[RLIMIT_CPU]);
803fb7
+        assert_se(rl[RLIMIT_CPU]->rlim_cur == 40);
803fb7
+        assert_se(rl[RLIMIT_CPU]->rlim_max == 60);
803fb7
+
803fb7
         assert_se(config_parse_sec_limit(NULL, "fake", 1, "section", 1, "LimitCPU", RLIMIT_CPU, "infinity", rl, NULL) >= 0);
803fb7
         assert_se(rl[RLIMIT_CPU]);
803fb7
         assert_se(rl[RLIMIT_CPU]->rlim_cur == RLIM_INFINITY);
803fb7
@@ -587,16 +603,31 @@ static void test_config_parse_rlimit(void) {
803fb7
         assert_se(rl[RLIMIT_RTTIME]->rlim_cur == 58);
803fb7
         assert_se(rl[RLIMIT_RTTIME]->rlim_cur == rl[RLIMIT_RTTIME]->rlim_max);
803fb7
 
803fb7
+        assert_se(config_parse_usec_limit(NULL, "fake", 1, "section", 1, "LimitRTTIME", RLIMIT_RTTIME, "58:60", rl, NULL) >= 0);
803fb7
+        assert_se(rl[RLIMIT_RTTIME]);
803fb7
+        assert_se(rl[RLIMIT_RTTIME]->rlim_cur == 58);
803fb7
+        assert_se(rl[RLIMIT_RTTIME]->rlim_max == 60);
803fb7
+
803fb7
         assert_se(config_parse_usec_limit(NULL, "fake", 1, "section", 1, "LimitRTTIME", RLIMIT_RTTIME, "59s", rl, NULL) >= 0);
803fb7
         assert_se(rl[RLIMIT_RTTIME]);
803fb7
         assert_se(rl[RLIMIT_RTTIME]->rlim_cur == 59 * USEC_PER_SEC);
803fb7
         assert_se(rl[RLIMIT_RTTIME]->rlim_cur == rl[RLIMIT_RTTIME]->rlim_max);
803fb7
 
803fb7
+        assert_se(config_parse_usec_limit(NULL, "fake", 1, "section", 1, "LimitRTTIME", RLIMIT_RTTIME, "59s:123s", rl, NULL) >= 0);
803fb7
+        assert_se(rl[RLIMIT_RTTIME]);
803fb7
+        assert_se(rl[RLIMIT_RTTIME]->rlim_cur == 59 * USEC_PER_SEC);
803fb7
+        assert_se(rl[RLIMIT_RTTIME]->rlim_max == 123 * USEC_PER_SEC);
803fb7
+
803fb7
         assert_se(config_parse_usec_limit(NULL, "fake", 1, "section", 1, "LimitRTTIME", RLIMIT_RTTIME, "infinity", rl, NULL) >= 0);
803fb7
         assert_se(rl[RLIMIT_RTTIME]);
803fb7
         assert_se(rl[RLIMIT_RTTIME]->rlim_cur == RLIM_INFINITY);
803fb7
         assert_se(rl[RLIMIT_RTTIME]->rlim_cur == rl[RLIMIT_RTTIME]->rlim_max);
803fb7
 
803fb7
+        assert_se(config_parse_usec_limit(NULL, "fake", 1, "section", 1, "LimitRTTIME", RLIMIT_RTTIME, "infinity:infinity", rl, NULL) >= 0);
803fb7
+        assert_se(rl[RLIMIT_RTTIME]);
803fb7
+        assert_se(rl[RLIMIT_RTTIME]->rlim_cur == RLIM_INFINITY);
803fb7
+        assert_se(rl[RLIMIT_RTTIME]->rlim_cur == rl[RLIMIT_RTTIME]->rlim_max);
803fb7
+
803fb7
         assert_se(config_parse_usec_limit(NULL, "fake", 1, "section", 1, "LimitRTTIME", RLIMIT_RTTIME, "2345ms", rl, NULL) >= 0);
803fb7
         assert_se(rl[RLIMIT_RTTIME]);
803fb7
         assert_se(rl[RLIMIT_RTTIME]->rlim_cur == 2345 * USEC_PER_MSEC);