diff options
author | Matt Johnston <matt@codeconstruct.com.au> | 2021-10-12 23:31:09 +0800 |
---|---|---|
committer | Matt Johnston <matt@codeconstruct.com.au> | 2021-10-12 23:31:09 +0800 |
commit | 110b55214b005b8667eb5612981cf62ccd4f5127 (patch) | |
tree | 203ea858730091032a31209244892b901604fb1d /dbutil.c | |
parent | c08177a3af6dd7f6c74360c1cd10933c98457bee (diff) | |
download | dropbear-110b55214b005b8667eb5612981cf62ccd4f5127.tar.gz |
Partial strings from strtoul should return error
Diffstat (limited to 'dbutil.c')
-rw-r--r-- | dbutil.c | 11 |
1 files changed, 9 insertions, 2 deletions
@@ -583,8 +583,15 @@ void disallow_core() { /* Returns DROPBEAR_SUCCESS or DROPBEAR_FAILURE, with the result in *val */ int m_str_to_uint(const char* str, unsigned int *val) { unsigned long l; - errno = 0; - l = strtoul(str, NULL, 10); + char *endp; + + l = strtoul(str, &endp, 10); + + if (endp == str || *endp != '\0') { + // parse error + return DROPBEAR_FAILURE; + } + /* The c99 spec doesn't actually seem to define EINVAL, but most platforms * I've looked at mention it in their manpage */ if ((l == 0 && errno == EINVAL) |