diff options
author | dtucker@openbsd.org <dtucker@openbsd.org> | 2017-12-05 23:59:47 +0000 |
---|---|---|
committer | Darren Tucker <dtucker@zip.com.au> | 2017-12-07 11:49:00 +1100 |
commit | 609d96b3d58475a15b2eb6b3d463f2c5d8e510c0 (patch) | |
tree | be75a3c395010d0ccf6e5c07e46e4e826203a221 /servconf.c | |
parent | 168ecec13f9d7cb80c07df3bf7d414f4e4165e84 (diff) |
upstream commit
Replace atoi and strtol conversions for integer arguments
to config keywords with a checking wrapper around strtonum. This will
prevent and flag invalid and negative arguments to these keywords. ok djm@
OpenBSD-Commit-ID: 99ae3981f3d608a219ccb8d2fff635ae52c17998
Diffstat (limited to 'servconf.c')
-rw-r--r-- | servconf.c | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/servconf.c b/servconf.c index a9d727fdb..ff94bbd6b 100644 --- a/servconf.c +++ b/servconf.c | |||
@@ -1,5 +1,5 @@ | |||
1 | 1 | ||
2 | /* $OpenBSD: servconf.c,v 1.321 2017/12/05 23:56:07 dtucker Exp $ */ | 2 | /* $OpenBSD: servconf.c,v 1.322 2017/12/05 23:59:47 dtucker Exp $ */ |
3 | /* | 3 | /* |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
5 | * All rights reserved | 5 | * All rights reserved |
@@ -1152,6 +1152,7 @@ process_server_config_line(ServerOptions *options, char *line, | |||
1152 | size_t len; | 1152 | size_t len; |
1153 | long long val64; | 1153 | long long val64; |
1154 | const struct multistate *multistate_ptr; | 1154 | const struct multistate *multistate_ptr; |
1155 | const char *errstr; | ||
1155 | 1156 | ||
1156 | /* Strip trailing whitespace. Allow \f (form feed) at EOL only */ | 1157 | /* Strip trailing whitespace. Allow \f (form feed) at EOL only */ |
1157 | if ((len = strlen(line)) == 0) | 1158 | if ((len = strlen(line)) == 0) |
@@ -1441,10 +1442,9 @@ process_server_config_line(ServerOptions *options, char *line, | |||
1441 | intptr = &options->x11_display_offset; | 1442 | intptr = &options->x11_display_offset; |
1442 | parse_int: | 1443 | parse_int: |
1443 | arg = strdelim(&cp); | 1444 | arg = strdelim(&cp); |
1444 | if (!arg || *arg == '\0') | 1445 | if ((errstr = atoi_err(arg, &value)) != NULL) |
1445 | fatal("%s line %d: missing integer value.", | 1446 | fatal("%s line %d: integer value %s.", |
1446 | filename, linenum); | 1447 | filename, linenum, errstr); |
1447 | value = atoi(arg); | ||
1448 | if (*activep && *intptr == -1) | 1448 | if (*activep && *intptr == -1) |
1449 | *intptr = value; | 1449 | *intptr = value; |
1450 | break; | 1450 | break; |