diff options
| author | dtucker@openbsd.org <dtucker@openbsd.org> | 2017-12-05 23:59:47 +0000 |
|---|---|---|
| committer | Darren Tucker <dtucker@zip.com.au> | 2017-12-07 11:49:00 +1100 |
| commit | 609d96b3d58475a15b2eb6b3d463f2c5d8e510c0 (patch) | |
| tree | be75a3c395010d0ccf6e5c07e46e4e826203a221 /readconf.c | |
| parent | 168ecec13f9d7cb80c07df3bf7d414f4e4165e84 (diff) | |
upstream commit
Replace atoi and strtol conversions for integer arguments
to config keywords with a checking wrapper around strtonum. This will
prevent and flag invalid and negative arguments to these keywords. ok djm@
OpenBSD-Commit-ID: 99ae3981f3d608a219ccb8d2fff635ae52c17998
Diffstat (limited to 'readconf.c')
| -rw-r--r-- | readconf.c | 16 |
1 files changed, 5 insertions, 11 deletions
diff --git a/readconf.c b/readconf.c index 63baa7d78..10b57bd45 100644 --- a/readconf.c +++ b/readconf.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: readconf.c,v 1.280 2017/10/21 23:06:24 millert Exp $ */ | 1 | /* $OpenBSD: readconf.c,v 1.281 2017/12/05 23:59:47 dtucker Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
| 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
| @@ -817,6 +817,7 @@ process_config_line_depth(Options *options, struct passwd *pw, const char *host, | |||
| 817 | const struct multistate *multistate_ptr; | 817 | const struct multistate *multistate_ptr; |
| 818 | struct allowed_cname *cname; | 818 | struct allowed_cname *cname; |
| 819 | glob_t gl; | 819 | glob_t gl; |
| 820 | const char *errstr; | ||
| 820 | 821 | ||
| 821 | if (activep == NULL) { /* We are processing a command line directive */ | 822 | if (activep == NULL) { /* We are processing a command line directive */ |
| 822 | cmdline = 1; | 823 | cmdline = 1; |
| @@ -1131,15 +1132,9 @@ parse_command: | |||
| 1131 | intptr = &options->port; | 1132 | intptr = &options->port; |
| 1132 | parse_int: | 1133 | parse_int: |
| 1133 | arg = strdelim(&s); | 1134 | arg = strdelim(&s); |
| 1134 | if (!arg || *arg == '\0') | 1135 | if ((errstr = atoi_err(arg, &value)) != NULL) |
| 1135 | fatal("%.200s line %d: Missing argument.", filename, linenum); | 1136 | fatal("%s line %d: integer value %s.", |
| 1136 | if (arg[0] < '0' || arg[0] > '9') | 1137 | filename, linenum, errstr); |
| 1137 | fatal("%.200s line %d: Bad number.", filename, linenum); | ||
| 1138 | |||
| 1139 | /* Octal, decimal, or hex format? */ | ||
| 1140 | value = strtol(arg, &endofnumber, 0); | ||
| 1141 | if (arg == endofnumber) | ||
| 1142 | fatal("%.200s line %d: Bad number.", filename, linenum); | ||
| 1143 | if (*activep && *intptr == -1) | 1138 | if (*activep && *intptr == -1) |
| 1144 | *intptr = value; | 1139 | *intptr = value; |
| 1145 | break; | 1140 | break; |
| @@ -1534,7 +1529,6 @@ parse_keytypes: | |||
| 1534 | case oCanonicalDomains: | 1529 | case oCanonicalDomains: |
| 1535 | value = options->num_canonical_domains != 0; | 1530 | value = options->num_canonical_domains != 0; |
| 1536 | while ((arg = strdelim(&s)) != NULL && *arg != '\0') { | 1531 | while ((arg = strdelim(&s)) != NULL && *arg != '\0') { |
| 1537 | const char *errstr; | ||
| 1538 | if (!valid_domain(arg, 1, &errstr)) { | 1532 | if (!valid_domain(arg, 1, &errstr)) { |
| 1539 | fatal("%s line %d: %s", filename, linenum, | 1533 | fatal("%s line %d: %s", filename, linenum, |
| 1540 | errstr); | 1534 | errstr); |