diff options
author | Nick Mathewson <nickm@torproject.org> | 2012-05-07 12:25:59 -0400 |
---|---|---|
committer | Nick Mathewson <nickm@torproject.org> | 2012-05-07 12:25:59 -0400 |
commit | 9b344628ed8f15543dc7780cc2a5cdd1b8f656cf (patch) | |
tree | 6356e826688bbdec9002070da2bdf236ccee39ad /src/common/util.c | |
parent | f6afd4efa6c24fab8ace710fc0eac4c8811b93dd (diff) | |
download | tor-9b344628ed8f15543dc7780cc2a5cdd1b8f656cf.tar.gz tor-9b344628ed8f15543dc7780cc2a5cdd1b8f656cf.zip |
Handle out-of-range values in tor_parse_* integer functions
The underlying strtoX functions handle overflow by saturating and
setting errno to ERANGE. If the min/max arguments to the
tor_parse_* functions are equal to the minimum/maximum of the
underlying type, then with the old approach, we wouldn't treat a
too-large value as genuinely broken.
Found this while looking at bug 5786; bugfix on 19da1f36 (in Tor
0.0.9), which introduced these functions.
Diffstat (limited to 'src/common/util.c')
-rw-r--r-- | src/common/util.c | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/src/common/util.c b/src/common/util.c index e3cd154b93..7d2fc4dea8 100644 --- a/src/common/util.c +++ b/src/common/util.c @@ -764,6 +764,9 @@ tor_digest256_is_zero(const char *digest) /* Helper: common code to check whether the result of a strtol or strtoul or * strtoll is correct. */ #define CHECK_STRTOX_RESULT() \ + /* Did an overflow occur? */ \ + if (errno == ERANGE) \ + goto err; \ /* Was at least one character converted? */ \ if (endptr == s) \ goto err; \ @@ -800,6 +803,7 @@ tor_parse_long(const char *s, int base, long min, long max, char *endptr; long r; + errno = 0; r = strtol(s, &endptr, base); CHECK_STRTOX_RESULT(); } @@ -812,6 +816,7 @@ tor_parse_ulong(const char *s, int base, unsigned long min, char *endptr; unsigned long r; + errno = 0; r = strtoul(s, &endptr, base); CHECK_STRTOX_RESULT(); } @@ -823,6 +828,7 @@ tor_parse_double(const char *s, double min, double max, int *ok, char **next) char *endptr; double r; + errno = 0; r = strtod(s, &endptr); CHECK_STRTOX_RESULT(); } @@ -836,6 +842,7 @@ tor_parse_uint64(const char *s, int base, uint64_t min, char *endptr; uint64_t r; + errno = 0; #ifdef HAVE_STRTOULL r = (uint64_t)strtoull(s, &endptr, base); #elif defined(MS_WINDOWS) |