upstream commit

Check for integer overflow when parsing times in convtime(). Reported by nicolas.iooss at m4x.org, ok djm@ Upstream-ID: 35e6a4e98f6fa24df50bfb8ba1307cf70e966f13
author: dtucker@openbsd.org <dtucker@openbsd.org> 2017-03-14 00:25:03 +0000
committer: Darren Tucker <dtucker@zip.com.au> 2017-03-14 13:45:14 +1100
commit: f5746b40cfe6d767c8e128fe50c43274b31cd594 (patch)
tree: b8db53618053d0bb22cd7ed9491ade78849286fc /misc.c
parent: f5907982f42a8d88a430b8a46752cbb7859ba979 (diff)
1 files changed, 11 insertions, 6 deletions
diff --git a/misc.c b/misc.c
index 65c9222a..08fcb38c 100644
--- a/misc.c
+++ b/misc.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: misc.c,v 1.107 2016/11/30 00:28:31 dtucker Exp $ */
+/* $OpenBSD: misc.c,v 1.108 2017/03/14 00:25:03 dtucker Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
  * Copyright (c) 2005,2006 Damien Miller.  All rights reserved.
@@ -306,7 +306,7 @@ a2tun(const char *s, int *remote)
 long
 convtime(const char *s)
 {
-	long total, secs;
+	long total, secs, multiplier = 1;
 	const char *p;
 	char *endp;
 
@@ -333,23 +333,28 @@ convtime(const char *s)
 			break;
 		case 'm':
 		case 'M':
-			secs *= MINUTES;
+			multiplier = MINUTES;
 			break;
 		case 'h':
 		case 'H':
-			secs *= HOURS;
+			multiplier = HOURS;
 			break;
 		case 'd':
 		case 'D':
-			secs *= DAYS;
+			multiplier = DAYS;
 			break;
 		case 'w':
 		case 'W':
-			secs *= WEEKS;
+			multiplier = WEEKS;
 			break;
 		default:
 			return -1;
 		}
+		if (secs > LONG_MAX / multiplier)
+			return -1;
+		secs *= multiplier;
+		if  (total > LONG_MAX - secs)
+			return -1;
 		total += secs;
 		if (total < 0)
 			return -1;
author	dtucker@openbsd.org <dtucker@openbsd.org>	2017-03-14 00:25:03 +0000
committer	Darren Tucker <dtucker@zip.com.au>	2017-03-14 13:45:14 +1100
commit	f5746b40cfe6d767c8e128fe50c43274b31cd594 (patch)
tree	b8db53618053d0bb22cd7ed9491ade78849286fc /misc.c
parent	f5907982f42a8d88a430b8a46752cbb7859ba979 (diff)