Stricter checking for skip1 and skip2.

As we do elsewhere in the tree, make sure we (a) got a number at all,
(b) that it doesn't have non-digits dangling off the end, (c) that it's
positive, and (d) that it didn't overflow.

ok tb@

1 files changed, 23 insertions, 3 deletions

diff --git a/usr.bin/cmp/cmp.c b/usr.bin/cmp/cmp.c
index 3af0d0caa66..1634f58eecf 100644
--- a/usr.bin/cmp/cmp.c
+++ b/usr.bin/cmp/cmp.c
@@ -1,4 +1,4 @@
-/*      $OpenBSD: cmp.c,v 1.17 2018/03/05 16:53:39 cheloha Exp $      */
+/*      $OpenBSD: cmp.c,v 1.18 2018/03/05 16:57:37 cheloha Exp $      */
 /*      $NetBSD: cmp.c,v 1.7 1995/09/08 03:22:56 tls Exp $      */
 
 /*
@@ -34,7 +34,9 @@
 #include <sys/stat.h>
 
 #include <err.h>
+#include <errno.h>
 #include <fcntl.h>
+#include <limits.h>
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
@@ -44,6 +46,7 @@
 
 int	lflag, sflag;
 
+static off_t get_skip(const char *, const char *);
 static void __dead usage(void);
 
 int
@@ -98,8 +101,8 @@ main(int argc, char *argv[])
 	if (pledge("stdio", NULL) == -1)
 		err(ERR_EXIT, "pledge");
 
-	skip1 = argc > 2 ? strtoll(argv[2], NULL, 0) : 0;
-	skip2 = argc == 4 ? strtoll(argv[3], NULL, 0) : 0;
+	skip1 = (argc > 2) ? get_skip(argv[2], "skip1") : 0;
+	skip2 = (argc == 4) ? get_skip(argv[3], "skip2") : 0;
 
 	if (!special) {
 		if (fstat(fd1, &sb1) == -1)
@@ -122,6 +125,23 @@ main(int argc, char *argv[])
 	return 0;
 }
 
+static off_t
+get_skip(const char *arg, const char *name)
+{
+	off_t skip;
+	char *ep;
+
+	errno = 0;
+	skip = strtoll(arg, &ep, 0);
+	if (arg[0] == '\0' || *ep != '\0')
+		fatalx("%s is invalid: %s", name, arg);
+	if (skip < 0)
+		fatalx("%s is too small: %s", name, arg);
+	if (skip == LLONG_MAX && errno == ERANGE)
+		fatalx("%s is too large: %s", name, arg);
+	return skip;
+}
+
 static void __dead
 usage(void)
 {