summaryrefslogtreecommitdiff
path: root/src/common/util.c
diff options
context:
space:
mode:
authorNick Mathewson <nickm@torproject.org>2012-05-07 12:25:59 -0400
committerNick Mathewson <nickm@torproject.org>2012-05-07 12:25:59 -0400
commit9b344628ed8f15543dc7780cc2a5cdd1b8f656cf (patch)
tree6356e826688bbdec9002070da2bdf236ccee39ad /src/common/util.c
parentf6afd4efa6c24fab8ace710fc0eac4c8811b93dd (diff)
downloadtor-9b344628ed8f15543dc7780cc2a5cdd1b8f656cf.tar.gz
tor-9b344628ed8f15543dc7780cc2a5cdd1b8f656cf.zip
Handle out-of-range values in tor_parse_* integer functions
The underlying strtoX functions handle overflow by saturating and setting errno to ERANGE. If the min/max arguments to the tor_parse_* functions are equal to the minimum/maximum of the underlying type, then with the old approach, we wouldn't treat a too-large value as genuinely broken. Found this while looking at bug 5786; bugfix on 19da1f36 (in Tor 0.0.9), which introduced these functions.
Diffstat (limited to 'src/common/util.c')
-rw-r--r--src/common/util.c7
1 files changed, 7 insertions, 0 deletions
diff --git a/src/common/util.c b/src/common/util.c
index e3cd154b93..7d2fc4dea8 100644
--- a/src/common/util.c
+++ b/src/common/util.c
@@ -764,6 +764,9 @@ tor_digest256_is_zero(const char *digest)
/* Helper: common code to check whether the result of a strtol or strtoul or
* strtoll is correct. */
#define CHECK_STRTOX_RESULT() \
+ /* Did an overflow occur? */ \
+ if (errno == ERANGE) \
+ goto err; \
/* Was at least one character converted? */ \
if (endptr == s) \
goto err; \
@@ -800,6 +803,7 @@ tor_parse_long(const char *s, int base, long min, long max,
char *endptr;
long r;
+ errno = 0;
r = strtol(s, &endptr, base);
CHECK_STRTOX_RESULT();
}
@@ -812,6 +816,7 @@ tor_parse_ulong(const char *s, int base, unsigned long min,
char *endptr;
unsigned long r;
+ errno = 0;
r = strtoul(s, &endptr, base);
CHECK_STRTOX_RESULT();
}
@@ -823,6 +828,7 @@ tor_parse_double(const char *s, double min, double max, int *ok, char **next)
char *endptr;
double r;
+ errno = 0;
r = strtod(s, &endptr);
CHECK_STRTOX_RESULT();
}
@@ -836,6 +842,7 @@ tor_parse_uint64(const char *s, int base, uint64_t min,
char *endptr;
uint64_t r;
+ errno = 0;
#ifdef HAVE_STRTOULL
r = (uint64_t)strtoull(s, &endptr, base);
#elif defined(MS_WINDOWS)