diff options
author | dtucker@openbsd.org <dtucker@openbsd.org> | 2017-03-14 00:25:03 +0000 |
---|---|---|
committer | Darren Tucker <dtucker@zip.com.au> | 2017-03-14 13:45:14 +1100 |
commit | f5746b40cfe6d767c8e128fe50c43274b31cd594 (patch) | |
tree | b8db53618053d0bb22cd7ed9491ade78849286fc /misc.c | |
parent | f5907982f42a8d88a430b8a46752cbb7859ba979 (diff) |
upstream commit
Check for integer overflow when parsing times in
convtime(). Reported by nicolas.iooss at m4x.org, ok djm@
Upstream-ID: 35e6a4e98f6fa24df50bfb8ba1307cf70e966f13
Diffstat (limited to 'misc.c')
-rw-r--r-- | misc.c | 17 |
1 files changed, 11 insertions, 6 deletions
@@ -1,4 +1,4 @@ -/* $OpenBSD: misc.c,v 1.107 2016/11/30 00:28:31 dtucker Exp $ */ +/* $OpenBSD: misc.c,v 1.108 2017/03/14 00:25:03 dtucker Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2005,2006 Damien Miller. All rights reserved. @@ -306,7 +306,7 @@ a2tun(const char *s, int *remote) long convtime(const char *s) { - long total, secs; + long total, secs, multiplier = 1; const char *p; char *endp; @@ -333,23 +333,28 @@ convtime(const char *s) break; case 'm': case 'M': - secs *= MINUTES; + multiplier = MINUTES; break; case 'h': case 'H': - secs *= HOURS; + multiplier = HOURS; break; case 'd': case 'D': - secs *= DAYS; + multiplier = DAYS; break; case 'w': case 'W': - secs *= WEEKS; + multiplier = WEEKS; break; default: return -1; } + if (secs > LONG_MAX / multiplier) + return -1; + secs *= multiplier; + if (total > LONG_MAX - secs) + return -1; total += secs; if (total < 0) return -1; |