From 827fa8b76d437e0cd6261409e7785c2caa11c84d Mon Sep 17 00:00:00 2001
From: "Todd C. Miller" <Todd.Miller@sudo.ws>
Date: Tue, 13 Aug 2024 12:43:10 -0600
Subject: [PATCH] Use sudo_strtonum() instead of strtoull().

Fixes building on systems that lack strtoull().  While dev_t is
unsigned on most systems, we can still use sudo_strtonum() here as
long as we allow the full range of values [LLONG_MIN,LLONG_MAX].
We don't use strtoul() here since some 32-bit systems have 64-bit
dev_t.
---
 plugins/sudoers/policy.c | 15 ++++++++-------
 1 file changed, 8 insertions(+), 7 deletions(-)

diff --git a/plugins/sudoers/policy.c b/plugins/sudoers/policy.c
index a6582975f..5a1d1c73a 100644
--- a/plugins/sudoers/policy.c
+++ b/plugins/sudoers/policy.c
@@ -466,18 +466,19 @@ sudoers_policy_deserialize_info(struct sudoers_context *ctx, void *v,
 	    continue;
 	}
 	if (MATCHES(*cur, "ttydev=")) {
-	    unsigned long long ullval;
-	    char *ep;
+	    long long llval;
 
+	    /*
+	     * dev_t is unsigned but sudo_strtonum() deals with signed values.
+	     * This is not a problem in practice since we allow the full range.
+	     */
 	    p = *cur + sizeof("ttydev=") - 1;
-	    errno = 0;
-	    ullval = strtoull(p, &ep, 10);
-	    if ((*p == '\0' || *ep != '\0') ||
-		    (errno == ERANGE && ullval == ULLONG_MAX)) {
+	    llval = sudo_strtonum(p, LLONG_MIN, LLONG_MAX, &errstr);
+	    if (errstr != NULL) {
 		INVALID("ttydev=");
 		goto bad;
 	    }
-	    ctx->user.ttydev = (dev_t)ullval;
+	    ctx->user.ttydev = (dev_t)llval;
 	    continue;
 	}
 	if (MATCHES(*cur, "host=")) {