mir/sudo
2
0
Fork 0
mirror of https://github.com/sudo-project/sudo.git synced 2025-08-22 18:08:23 +00:00
Code Issues Releases Wiki Activity

Make sure we don't go past the end of the string when out of range.

Browse Source
This commit is contained in:
Todd C. Miller 2019-10-16 10:08:33 -06:00
parent e339d9950d
commit 1037b685eb
1 changed files with 10 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
lib/util/strtonum.c
View File

@ -109,12 +109,16 @@ sudo_strtonumx(const char *str, long long minval, long long maxval, char **endp,
break; break;
ch -= '0'; ch -= '0';
if (result < lastval || (result == lastval && ch > remainder)) { if (result < lastval || (result == lastval && ch > remainder)) {
/* Skip remaining digits. */
do {
ch = *cp++;
} while (isdigit(ch));
errval = STN_TOOSMALL; errval = STN_TOOSMALL;
break; break;
} else { } else {
errval = STN_VALID;
result *= 10; result *= 10;
result -= ch; result -= ch;
errval = STN_VALID;
} }
} }
if (result > maxval) if (result > maxval)
@ -127,12 +131,16 @@ sudo_strtonumx(const char *str, long long minval, long long maxval, char **endp,
break; break;
ch -= '0'; ch -= '0';
if (result > lastval || (result == lastval && ch > remainder)) { if (result > lastval || (result == lastval && ch > remainder)) {
/* Skip remaining digits. */
do {
ch = *cp++;
} while (isdigit(ch));
errval = STN_TOOBIG; errval = STN_TOOBIG;
break; break;
} else { } else {
errval = STN_VALID;
result *= 10; result *= 10;
result += ch; result += ch;
errval = STN_VALID;
} }
} }
if (result < minval) if (result < minval)
@ -153,20 +161,12 @@ done:
*errstrp = N_("invalid value"); *errstrp = N_("invalid value");
break; break;
case STN_TOOSMALL: case STN_TOOSMALL:
/* Skip remaining digits. */
do {
ch = *cp++;
} while (isdigit(ch));
result = 0; result = 0;
errno = ERANGE; errno = ERANGE;
if (errstrp != NULL) if (errstrp != NULL)
*errstrp = N_("value too small"); *errstrp = N_("value too small");
break; break;
case STN_TOOBIG: case STN_TOOBIG:
/* Skip remaining digits. */
do {
ch = *cp++;
} while (isdigit(ch));
result = 0; result = 0;
errno = ERANGE; errno = ERANGE;
if (errstrp != NULL) if (errstrp != NULL)