Mercurial > dropbear
diff dbutil.c @ 1833:870f6e386a0b
Partial strings from strtoul should return error
author | Matt Johnston <matt@codeconstruct.com.au> |
---|---|
date | Tue, 12 Oct 2021 23:31:09 +0800 |
parents | a339b1c4b9f2 |
children | 90ac15aeac43 |
line wrap: on
line diff
--- a/dbutil.c Tue Oct 12 21:29:42 2021 +0800 +++ b/dbutil.c Tue Oct 12 23:31:09 2021 +0800 @@ -583,8 +583,15 @@ /* Returns DROPBEAR_SUCCESS or DROPBEAR_FAILURE, with the result in *val */ int m_str_to_uint(const char* str, unsigned int *val) { unsigned long l; - errno = 0; - l = strtoul(str, NULL, 10); + char *endp; + + l = strtoul(str, &endp, 10); + + if (endp == str || *endp != '\0') { + // parse error + return DROPBEAR_FAILURE; + } + /* The c99 spec doesn't actually seem to define EINVAL, but most platforms * I've looked at mention it in their manpage */ if ((l == 0 && errno == EINVAL)