- deraadt@cvs.openbsd.org 2006/03/27 13:03:54

     [dh.c]
     use strtonum() instead of atoi(), limit dhg size to 64k; ok djm

2 files changed, 8 insertions, 3 deletions

diff --git a/ChangeLog b/ChangeLog
index 7bbc6ce82..6cfa9b84f 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -4,6 +4,9 @@
      [xmalloc.c]
      we can do the size & nmemb check before the integer overflow check; 
      evol
+   - deraadt@cvs.openbsd.org 2006/03/27 13:03:54
+     [dh.c]
+     use strtonum() instead of atoi(), limit dhg size to 64k; ok djm
 
 20060326
  - OpenBSD CVS Sync
@@ -4453,4 +4456,4 @@
    - (djm) Trim deprecated options from INSTALL. Mention UsePAM
    - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu
 
-$Id: ChangeLog,v 1.4288 2006/03/31 12:09:17 djm Exp $
+$Id: ChangeLog,v 1.4289 2006/03/31 12:09:41 djm Exp $
diff --git a/dh.c b/dh.c
index 4db3b0b2a..b32a7efb5 100644
--- a/dh.c
+++ b/dh.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: dh.c,v 1.34 2006/03/25 13:17:01 djm Exp $ */
+/* $OpenBSD: dh.c,v 1.35 2006/03/27 13:03:54 deraadt Exp $ */
 /*
  * Copyright (c) 2000 Niels Provos.  All rights reserved.
  *
@@ -44,6 +44,7 @@ parse_prime(int linenum, char *line, struct dhgroup *dhg)
 {
         char *cp, *arg;
         char *strsize, *gen, *prime;
+        const char *errstr = NULL;
 
         cp = line;
         if ((arg = strdelim(&cp)) == NULL)
@@ -68,7 +69,8 @@ parse_prime(int linenum, char *line, struct dhgroup *dhg)
                 goto fail;
         strsize = strsep(&cp, " "); /* size */
         if (cp == NULL || *strsize == '\0' ||
-            (dhg->size = atoi(strsize)) == 0)
+            (dhg->size = (u_int)strtonum(strsize, 0, 64*1024, &errstr)) == 0 ||
+            errstr)
                 goto fail;
         /* The whole group is one bit larger */
         dhg->size++;