Partial strings from strtoul should return error

author: Matt Johnston <matt@codeconstruct.com.au> 2021-10-12 23:31:09 +0800
committer: Matt Johnston <matt@codeconstruct.com.au> 2021-10-12 23:31:09 +0800
commit: 110b55214b005b8667eb5612981cf62ccd4f5127 (patch)
tree: 203ea858730091032a31209244892b901604fb1d /dbutil.c
parent: c08177a3af6dd7f6c74360c1cd10933c98457bee (diff)
download: dropbear-110b55214b005b8667eb5612981cf62ccd4f5127.tar.gz
1 files changed, 9 insertions, 2 deletions
diff --git a/dbutil.c b/dbutil.c
index 53256a2..f278efa 100644
--- a/dbutil.c
+++ b/dbutil.c
@@ -583,8 +583,15 @@ void disallow_core() {
 /* Returns DROPBEAR_SUCCESS or DROPBEAR_FAILURE, with the result in *val */
 int m_str_to_uint(const char* str, unsigned int *val) {
 	unsigned long l;
-	errno = 0;
-	l = strtoul(str, NULL, 10);
+	char *endp;
+
+	l = strtoul(str, &endp, 10);
+
+	if (endp == str || *endp != '\0') {
+		// parse error
+		return DROPBEAR_FAILURE;
+	}
+
 	/* The c99 spec doesn't actually seem to define EINVAL, but most platforms
 	 * I've looked at mention it in their manpage */
 	if ((l == 0 && errno == EINVAL)
author	Matt Johnston <matt@codeconstruct.com.au>	2021-10-12 23:31:09 +0800
committer	Matt Johnston <matt@codeconstruct.com.au>	2021-10-12 23:31:09 +0800
commit	110b55214b005b8667eb5612981cf62ccd4f5127 (patch)
tree	203ea858730091032a31209244892b901604fb1d /dbutil.c
parent	c08177a3af6dd7f6c74360c1cd10933c98457bee (diff)
download	dropbear-110b55214b005b8667eb5612981cf62ccd4f5127.tar.gz