diff options
Diffstat (limited to 'readconf.c')
-rw-r--r-- | readconf.c | 29 |
1 files changed, 22 insertions, 7 deletions
diff --git a/readconf.c b/readconf.c index 1fbf59793..bc5cf6188 100644 --- a/readconf.c +++ b/readconf.c | |||
@@ -12,7 +12,7 @@ | |||
12 | */ | 12 | */ |
13 | 13 | ||
14 | #include "includes.h" | 14 | #include "includes.h" |
15 | RCSID("$OpenBSD: readconf.c,v 1.145 2005/12/08 18:34:11 reyk Exp $"); | 15 | RCSID("$OpenBSD: readconf.c,v 1.146 2006/02/12 10:44:18 djm Exp $"); |
16 | 16 | ||
17 | #include "ssh.h" | 17 | #include "ssh.h" |
18 | #include "xmalloc.h" | 18 | #include "xmalloc.h" |
@@ -306,7 +306,8 @@ process_config_line(Options *options, const char *host, | |||
306 | int *activep) | 306 | int *activep) |
307 | { | 307 | { |
308 | char *s, **charptr, *endofnumber, *keyword, *arg, *arg2, fwdarg[256]; | 308 | char *s, **charptr, *endofnumber, *keyword, *arg, *arg2, fwdarg[256]; |
309 | int opcode, *intptr, value, value2; | 309 | int opcode, *intptr, value, value2, scale; |
310 | long long orig, val64; | ||
310 | size_t len; | 311 | size_t len; |
311 | Forward fwd; | 312 | Forward fwd; |
312 | 313 | ||
@@ -479,22 +480,36 @@ parse_yesnoask: | |||
479 | fatal("%.200s line %d: Missing argument.", filename, linenum); | 480 | fatal("%.200s line %d: Missing argument.", filename, linenum); |
480 | if (arg[0] < '0' || arg[0] > '9') | 481 | if (arg[0] < '0' || arg[0] > '9') |
481 | fatal("%.200s line %d: Bad number.", filename, linenum); | 482 | fatal("%.200s line %d: Bad number.", filename, linenum); |
482 | value = strtol(arg, &endofnumber, 10); | 483 | orig = val64 = strtoll(arg, &endofnumber, 10); |
483 | if (arg == endofnumber) | 484 | if (arg == endofnumber) |
484 | fatal("%.200s line %d: Bad number.", filename, linenum); | 485 | fatal("%.200s line %d: Bad number.", filename, linenum); |
485 | switch (toupper(*endofnumber)) { | 486 | switch (toupper(*endofnumber)) { |
487 | case '\0': | ||
488 | scale = 1; | ||
489 | break; | ||
486 | case 'K': | 490 | case 'K': |
487 | value *= 1<<10; | 491 | scale = 1<<10; |
488 | break; | 492 | break; |
489 | case 'M': | 493 | case 'M': |
490 | value *= 1<<20; | 494 | scale = 1<<20; |
491 | break; | 495 | break; |
492 | case 'G': | 496 | case 'G': |
493 | value *= 1<<30; | 497 | scale = 1<<30; |
494 | break; | 498 | break; |
499 | default: | ||
500 | fatal("%.200s line %d: Invalid RekeyLimit suffix", | ||
501 | filename, linenum); | ||
495 | } | 502 | } |
503 | val64 *= scale; | ||
504 | /* detect integer wrap and too-large limits */ | ||
505 | if ((val64 / scale) != orig || val64 > INT_MAX) | ||
506 | fatal("%.200s line %d: RekeyLimit too large", | ||
507 | filename, linenum); | ||
508 | if (val64 < 16) | ||
509 | fatal("%.200s line %d: RekeyLimit too small", | ||
510 | filename, linenum); | ||
496 | if (*activep && *intptr == -1) | 511 | if (*activep && *intptr == -1) |
497 | *intptr = value; | 512 | *intptr = (int)val64; |
498 | break; | 513 | break; |
499 | 514 | ||
500 | case oIdentityFile: | 515 | case oIdentityFile: |