diff options
| author | Theo de Raadt <deraadt@cvs.openbsd.org> | 2015-04-18 18:28:39 +0000 |
|---|---|---|
| committer | Theo de Raadt <deraadt@cvs.openbsd.org> | 2015-04-18 18:28:39 +0000 |
| commit | 82e40d211902d486d2871a1bc691d1768927efd5 (patch) | |
| tree | 73caeece4da00dad32b1e62383474772aae90893 | |
| parent | a15dfcc7862a97d34cf8fed2bb1292c14721e771 (diff) | |
Convert many atoi() calls to strtonum(), adding range checks and failure
handling along the way.
Reviews by Brendan MacDonell, Jeremy Devenport, florian, doug, millert
48 files changed, 423 insertions, 221 deletions
diff --git a/bin/csh/proc.c b/bin/csh/proc.c index b77197e1943..db11aada2df 100644 --- a/bin/csh/proc.c +++ b/bin/csh/proc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: proc.c,v 1.26 2015/02/08 06:09:50 tedu Exp $ */ +/* $OpenBSD: proc.c,v 1.27 2015/04/18 18:28:36 deraadt Exp $ */ /* $NetBSD: proc.c,v 1.9 1995/04/29 23:21:33 mycroft Exp $ */ /*- @@ -34,6 +34,7 @@ #include <sys/wait.h> #include <errno.h> #include <unistd.h> +#include <limits.h> #include <stdlib.h> #include <string.h> #include <stdarg.h> @@ -931,6 +932,7 @@ void dokill(Char **v, struct command *t) { int signum = SIGTERM; + const char *errstr; char *name; v++; @@ -940,8 +942,8 @@ dokill(Char **v, struct command *t) if (!Isdigit(v[1][0])) stderror(ERR_NAME | ERR_BADSIG); - signum = atoi(short2str(v[1])); - if (signum < 0 || signum >= NSIG) + signum = strtonum(short2str(v[1]), 0, NSIG-1, &errstr); + if (errstr) stderror(ERR_NAME | ERR_BADSIG); else if (signum == 0) (void) fputc('0', cshout); /* 0's symbolic name is '0' */ @@ -958,8 +960,8 @@ dokill(Char **v, struct command *t) return; } if (Isdigit(v[0][1])) { - signum = atoi(short2str(v[0] + 1)); - if (signum < 0 || signum >= NSIG) + signum = strtonum(short2str(v[0] + 1), 0, NSIG-1, &errstr); + if (errstr) stderror(ERR_NAME | ERR_BADSIG); } else { @@ -1147,12 +1149,18 @@ pfind(Char *cp) return (pprevious); } if (Isdigit(cp[1])) { - int idx = atoi(short2str(cp + 1)); + const char *errstr; + int idx = strtonum(short2str(cp + 1), 1, INT_MAX, &errstr); + if (errstr) { + stderror(ERR_NAME | ERR_NOSUCHJOB); + return (0); + } for (pp = proclist.p_next; pp; pp = pp->p_next) if (pp->p_index == idx && pp->p_pid == pp->p_jobid) return (pp); stderror(ERR_NAME | ERR_NOSUCHJOB); + return (0); } np = NULL; for (pp = proclist.p_next; pp; pp = pp->p_next) diff --git a/bin/ksh/exec.c b/bin/ksh/exec.c index a9ae9527cff..e12879fea33 100644 --- a/bin/ksh/exec.c +++ b/bin/ksh/exec.c @@ -1,4 +1,4 @@ -/* $OpenBSD: exec.c,v 1.50 2013/06/10 21:09:27 millert Exp $ */ +/* $OpenBSD: exec.c,v 1.51 2015/04/18 18:28:36 deraadt Exp $ */ /* * execute command tree @@ -1234,6 +1234,7 @@ do_selectargs(char **ap, bool print_menu) static const char *const read_args[] = { "read", "-r", "REPLY", (char *) 0 }; + const char *errstr; char *s; int i, argct; @@ -1252,8 +1253,10 @@ do_selectargs(char **ap, bool print_menu) return (char *) 0; s = str_val(global("REPLY")); if (*s) { - i = atoi(s); - return (i >= 1 && i <= argct) ? ap[i - 1] : null; + i = strtonum(s, 1, argct, &errstr); + if (errstr) + return null; + return ap[i - 1]; } print_menu = 1; } diff --git a/bin/ksh/jobs.c b/bin/ksh/jobs.c index 30763443626..1369e2fcf88 100644 --- a/bin/ksh/jobs.c +++ b/bin/ksh/jobs.c @@ -1,4 +1,4 @@ -/* $OpenBSD: jobs.c,v 1.40 2013/09/04 15:49:18 millert Exp $ */ +/* $OpenBSD: jobs.c,v 1.41 2015/04/18 18:28:36 deraadt Exp $ */ /* * Process and job control @@ -1428,11 +1428,17 @@ static Job * j_lookup(const char *cp, int *ecodep) { Job *j, *last_match; + const char *errstr; Proc *p; int len, job = 0; if (digit(*cp)) { - job = atoi(cp); + job = strtonum(cp, 1, INT_MAX, &errstr); + if (errstr) { + if (ecodep) + *ecodep = JL_NOSUCH; + return (Job *) 0; + } /* Look for last_proc->pid (what $! returns) first... */ for (j = job_list; j != (Job *) 0; j = j->next) if (j->last_proc && j->last_proc->pid == job) @@ -1467,7 +1473,9 @@ j_lookup(const char *cp, int *ecodep) case '0': case '1': case '2': case '3': case '4': case '5': case '6': case '7': case '8': case '9': - job = atoi(cp); + job = strtonum(cp, 1, INT_MAX, &errstr); + if (errstr) + break; for (j = job_list; j != (Job *) 0; j = j->next) if (j->job == job) return j; diff --git a/bin/ls/ls.c b/bin/ls/ls.c index 075677bb23c..2621788eaee 100644 --- a/bin/ls/ls.c +++ b/bin/ls/ls.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ls.c,v 1.39 2014/03/31 20:54:37 sobrado Exp $ */ +/* $OpenBSD: ls.c,v 1.40 2015/04/18 18:28:36 deraadt Exp $ */ /* $NetBSD: ls.c,v 1.18 1996/07/09 09:16:29 mycroft Exp $ */ /* @@ -47,6 +47,7 @@ #include <stdlib.h> #include <string.h> #include <unistd.h> +#include <limits.h> #include <util.h> #include "ls.h" @@ -99,22 +100,27 @@ ls_main(int argc, char *argv[]) static char dot[] = ".", *dotav[] = { dot, NULL }; struct winsize win; int ch, fts_options, notused; - int kflag = 0; + int kflag = 0, width = 0; char *p; /* Terminal defaults to -Cq, non-terminal defaults to -1. */ if (isatty(STDOUT_FILENO)) { if ((p = getenv("COLUMNS")) != NULL) - termwidth = atoi(p); - else if (ioctl(STDOUT_FILENO, TIOCGWINSZ, &win) == 0 && + width = strtonum(p, 1, INT_MAX, NULL); + if (width == 0 && + ioctl(STDOUT_FILENO, TIOCGWINSZ, &win) == 0 && win.ws_col > 0) - termwidth = win.ws_col; + width = win.ws_col; + if (width) + termwidth = width; f_column = f_nonprint = 1; } else { f_singlecol = 1; /* retrieve environment variable, in case of explicit -C */ if ((p = getenv("COLUMNS")) != NULL) - termwidth = atoi(p); + width = strtonum(p, 0, INT_MAX, NULL); + if (width) + termwidth = width; } /* Root is -A automatically. */ diff --git a/bin/pax/options.c b/bin/pax/options.c index 4d6fb63c62b..be2ffb2c245 100644 --- a/bin/pax/options.c +++ b/bin/pax/options.c @@ -1,4 +1,4 @@ -/* $OpenBSD: options.c,v 1.89 2015/03/15 21:53:09 guenther Exp $ */ +/* $OpenBSD: options.c,v 1.90 2015/04/18 18:28:37 deraadt Exp $ */ /* $NetBSD: options.c,v 1.6 1996/03/26 23:54:18 mrg Exp $ */ /*- @@ -223,6 +223,7 @@ pax_options(int argc, char **argv) unsigned i; unsigned int flg = 0; unsigned int bflg = 0; + const char *errstr; char *pt; /* @@ -462,9 +463,12 @@ pax_options(int argc, char **argv) flg |= CEF; if (strcmp(NONE, optarg) == 0) maxflt = -1; - else if ((maxflt = atoi(optarg)) < 0) { - paxwarn(1, "Error count value must be positive"); - pax_usage(); + else { + maxflt = strtonum(optarg, 0, INT_MAX, &errstr); + if (errstr) { + paxwarn(1, "Error count value: %s", errstr); + pax_usage(); + } } break; case 'G': @@ -1079,6 +1083,7 @@ mkpath(path) static void cpio_options(int argc, char **argv) { + const char *errstr; int c; unsigned i; char *str; @@ -1214,7 +1219,12 @@ cpio_options(int argc, char **argv) /* * set block size in bytes */ - wrblksz = atoi(optarg); + wrblksz = strtonum(optarg, 0, INT_MAX, &errstr); + if (errstr) { + paxwarn(1, "Invalid block size %s: %s", + optarg, errstr); + pax_usage(); + } break; case 'E': /* diff --git a/bin/systrace/filter.c b/bin/systrace/filter.c index d10299605ce..73e3e8f446f 100644 --- a/bin/systrace/filter.c +++ b/bin/systrace/filter.c @@ -1,4 +1,4 @@ -/* $OpenBSD: filter.c,v 1.35 2015/01/16 00:19:12 deraadt Exp $ */ +/* $OpenBSD: filter.c,v 1.36 2015/04/18 18:28:37 deraadt Exp $ */ /* * Copyright 2002 Niels Provos <provos@citi.umich.edu> * All rights reserved. @@ -615,9 +615,10 @@ filter_ask(int fd, struct intercept_tlq *tls, struct filterq *fls, filter_templates(emulation); continue; } else if (!strncasecmp(line, "template ", 9)) { - int count = atoi(line + 9); + const char *errstr; + int count = strtonum(line + 9, 1, INT_MAX, &errstr); - if (count == 0 || + if (errstr || filter_template(fd, policy, count) == -1) { printf("Syntax error.\n"); continue; diff --git a/bin/systrace/lex.l b/bin/systrace/lex.l index 87ab4ecddfd..e23d68f0b36 100644 --- a/bin/systrace/lex.l +++ b/bin/systrace/lex.l @@ -1,4 +1,4 @@ -/* $OpenBSD: lex.l,v 1.19 2015/01/16 00:19:12 deraadt Exp $ */ +/* $OpenBSD: lex.l,v 1.20 2015/04/18 18:28:37 deraadt Exp $ */ /* * Copyright 2002 Niels Provos <provos@citi.umich.edu> @@ -103,7 +103,14 @@ as { return AS; } "<" { return LESSER; } ">" { return GREATER; } [\_\$A-Za-z][\.\(\)\/A-Za-z_\-0-9]*\$? { yylval.string = strdup(yytext); return STRING; } -[0-9]+ { yylval.number = atoi(yytext); return NUMBER; } +[0-9]+ { + const char *errstr; + yylval.number = strtonum(yytext, 0, INT_MAX, &errstr); + if (errstr) { + yyerror("number %s: %s", yytext, errstr); + } + return NUMBER; + } \" { BEGIN(quote); *quotestr = '\0'; quoteescape = 0; diff --git a/bin/systrace/systrace.c b/bin/systrace/systrace.c index 2b701d9aa34..ce3b0ee90e1 100644 --- a/bin/systrace/systrace.c +++ b/bin/systrace/systrace.c @@ -1,4 +1,4 @@ -/* $OpenBSD: systrace.c,v 1.62 2015/01/16 00:19:12 deraadt Exp $ */ +/* $OpenBSD: systrace.c,v 1.63 2015/04/18 18:28:37 deraadt Exp $ */ /* * Copyright 2002 Niels Provos <provos@citi.umich.edu> * All rights reserved. @@ -647,6 +647,7 @@ main(int argc, char **argv) char **args; char *filename = NULL; char *policypath = NULL; + const char *errstr; struct timeval tv; pid_t pidattach = 0; int usex11 = 1; @@ -707,7 +708,8 @@ main(int argc, char **argv) case 'p': if (setcredentials) usage(); - if ((pidattach = atoi(optarg)) == 0) { + pidattach = strtonum(optarg, 1, INT_MAX, &errstr); + if (errstr) { warnx("bad pid: %s", optarg); usage(); } diff --git a/lib/libc/rpc/getrpcent.c b/lib/libc/rpc/getrpcent.c index ebe3031fe7b..75df6a8cfb9 100644 --- a/lib/libc/rpc/getrpcent.c +++ b/lib/libc/rpc/getrpcent.c @@ -1,4 +1,4 @@ -/* $OpenBSD: getrpcent.c,v 1.16 2014/09/15 06:15:48 guenther Exp $ */ +/* $OpenBSD: getrpcent.c,v 1.17 2015/04/18 18:28:37 deraadt Exp $ */ /* * Copyright (c) 2010, Oracle America, Inc. @@ -35,6 +35,7 @@ #include <stdlib.h> #include <sys/types.h> #include <string.h> +#include <limits.h> #include <rpc/rpc.h> /* @@ -147,6 +148,7 @@ getrpcent(void) static struct rpcent * interpret(char *val, int len) { + const char *errstr; struct rpcdata *d = _rpcdata(); char *p; char *cp, **q; @@ -170,7 +172,9 @@ interpret(char *val, int len) d->rpc.r_name = d->line; while (*cp == ' ' || *cp == '\t') cp++; - d->rpc.r_number = atoi(cp); + d->rpc.r_number = strtonum(cp, 0, INT_MAX, &errstr); + if (errstr) + return (0); q = d->rpc.r_aliases = d->rpc_aliases; cp = strpbrk(cp, " \t"); if (cp != NULL) diff --git a/lib/libskey/skeylogin.c b/lib/libskey/skeylogin.c index 45eef849d38..48b7b900cc5 100644 --- a/lib/libskey/skeylogin.c +++ b/lib/libskey/skeylogin.c @@ -10,7 +10,7 @@ * * S/Key verification check, lookups, and authentication. * - * $OpenBSD: skeylogin.c,v 1.56 2015/01/16 16:48:52 deraadt Exp $ + * $OpenBSD: skeylogin.c,v 1.57 2015/04/18 18:28:37 deraadt Exp $ */ #ifdef QUOTA @@ -95,6 +95,7 @@ skeygetent(int fd, struct skey *mp, const char *name) { char *cp, filename[PATH_MAX], *last; struct stat statbuf; + const char *errstr; size_t nread; FILE *keyfile; @@ -154,7 +155,9 @@ skeygetent(int fd, struct skey *mp, const char *name) goto bad_keyfile; if ((cp = strtok_r(NULL, " \t\n\r", &last)) == NULL) goto bad_keyfile; - mp->n = atoi(cp); /* XXX - use strtol() */ + mp->n = strtonum(cp, 0, UINT_MAX, &errstr); + if (errstr) + goto bad_keyfile; if ((mp->seed = strtok_r(NULL, " \t\n\r", &last)) == NULL) goto bad_keyfile; if ((mp->val = strtok_r(NULL, " \t\n\r", &last)) == NULL) diff --git a/libexec/comsat/comsat.c b/libexec/comsat/comsat.c index b77ef5aa13b..855221b756c 100644 --- a/libexec/comsat/comsat.c +++ b/libexec/comsat/comsat.c @@ -1,4 +1,4 @@ -/* $OpenBSD: comsat.c,v 1.38 2015/01/16 06:39:49 deraadt Exp $ */ +/* $OpenBSD: comsat.c,v 1.39 2015/04/18 18:28:37 deraadt Exp $ */ /* * Copyright (c) 1980, 1993 @@ -200,13 +200,16 @@ mailfor(char *name) { struct utmp *utp = &utmp[nutmp]; char utname[UT_NAMESIZE+1]; + const char *errstr; char *cp; off_t offset; if (!(cp = strchr(name, '@'))) return; *cp = '\0'; - offset = atoi(cp + 1); + offset = strtonum(cp + 1, 0, LLONG_MAX, &errstr); + if (errstr) + return; while (--utp >= utmp) { memcpy(utname, utp->ut_name, UT_NAMESIZE); utname[UT_NAMESIZE] = '\0'; diff --git a/libexec/rpc.rstatd/rstatd.c b/libexec/rpc.rstatd/rstatd.c index 237504393b2..fb37cb3c896 100644 --- a/libexec/rpc.rstatd/rstatd.c +++ b/libexec/rpc.rstatd/rstatd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: rstatd.c,v 1.26 2015/03/13 03:24:27 deraadt Exp $ */ +/* $OpenBSD: rstatd.c,v 1.27 2015/04/18 18:28:37 deraadt Exp $ */ /*- * Copyright (c) 1993, John Brezak @@ -34,6 +34,7 @@ #include <stdlib.h> #include <string.h> #include <unistd.h> +#include <limits.h> #include <signal.h> #include <pwd.h> #include <syslog.h> @@ -65,6 +66,7 @@ main(int argc, char *argv[]) socklen_t fromlen; struct passwd *pw; struct sockaddr_storage from; + const char *errstr; SVCXPRT *transp; openlog("rpc.rstatd", LOG_NDELAY|LOG_CONS|LOG_PID, LOG_DAEMON); @@ -88,8 +90,8 @@ main(int argc, char *argv[]) } if (argc == 2) - closedown = atoi(argv[1]); - if (closedown <= 0) + closedown = strtonum(argv[1], 1, INT_MAX, NULL); + if (closedown == 0) closedown = 20; /* diff --git a/libexec/spamd/spamd.c b/libexec/spamd/spamd.c index 8c1ddb0ec31..3f4933cf3ec 100644 --- a/libexec/spamd/spamd.c +++ b/libexec/spamd/spamd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: spamd.c,v 1.126 2015/03/12 20:07:20 millert Exp $ */ +/* $OpenBSD: spamd.c,v 1.127 2015/04/18 18:28:37 deraadt Exp $ */ /* * Copyright (c) 2015 Henning Brauer <henning@openbsd.org> @@ -1246,22 +1246,21 @@ main(int argc, char *argv[]) bind_address = optarg; break; case 'B': - i = atoi(optarg); - maxblack = i; + maxblack = strtonum(optarg, 0, INT_MAX, &errstr); + if (errstr) + errx(1, "-B %s: %s", optarg, errstr); break; case 'c': - i = atoi(optarg); - if (i > maxfiles) { - fprintf(stderr, - "%d > system max of %d connections\n", - i, maxfiles); + maxcon = strtonum(optarg, 1, maxfiles, &errstr); + if (errstr) { + fprintf(stderr, "-c %s: %sn", optarg, errstr); usage(); } - maxcon = i; break; case 'p': - i = atoi(optarg); - port = i; + port = strtonum(optarg, 1, USHRT_MAX, &errstr); + if (errstr) + errx(1, "-p %s: %s", optarg, errstr); break; case 'd': debug = 1; @@ -1290,16 +1289,14 @@ main(int argc, char *argv[]) errx(1, "-h arg too long"); break; case 's': - i = strtonum(optarg, 0, 10, &errstr); + stutter = strtonum(optarg, 0, 10, &errstr); if (errstr) usage(); - stutter = i; break; case 'S': - i = strtonum(optarg, 0, 90, &errstr); + grey_stutter = strtonum(optarg, 0, 90, &errstr); if (errstr) usage(); - grey_stutter = i; break; case 'M': low_prio_mx_ip = optarg; @@ -1311,9 +1308,9 @@ main(int argc, char *argv[]) verbose = 1; break; case 'w': - window = atoi(optarg); - if (window <= 0) - usage(); + window = strtonum(optarg, 1, INT_MAX, &errstr); + if (errstr) + errx(1, "-w %s: %s", optarg, errstr); break; case 'Y': if (sync_addhost(optarg, sync_port) != 0) diff --git a/sbin/fsck/fsck.c b/sbin/fsck/fsck.c index 6af8c324236..1600b49f6b8 100644 --- a/sbin/fsck/fsck.c +++ b/sbin/fsck/fsck.c @@ -1,4 +1,4 @@ -/* $OpenBSD: fsck.c,v 1.34 2015/03/20 01:53:05 millert Exp $ */ +/* $OpenBSD: fsck.c,v 1.35 2015/04/18 18:28:37 deraadt Exp $ */ /* $NetBSD: fsck.c,v 1.7 1996/10/03 20:06:30 christos Exp $ */ /* @@ -88,6 +88,7 @@ static int hasopt(const char *, const char *); int main(int argc, char *argv[]) { + const char *errstr; struct fstab *fs; int i, rval = 0; char *vfstype = NULL; @@ -139,7 +140,10 @@ main(int argc, char *argv[]) break; case 'l': - maxrun = atoi(optarg); + maxrun = strtonum(optarg, 0, INT_MAX, &errstr); + if (errstr) + errx(1, "-l %s: %s", optarg, errstr); + break; case 'T': diff --git a/sbin/growfs/growfs.c b/sbin/growfs/growfs.c index 67e7ed7afa6..d64891a2599 100644 --- a/sbin/growfs/growfs.c +++ b/sbin/growfs/growfs.c @@ -1,4 +1,4 @@ -/* $OpenBSD: growfs.c,v 1.38 2015/01/20 18:22:21 deraadt Exp $ */ +/* $OpenBSD: growfs.c,v 1.39 2015/04/18 18:28:37 deraadt Exp $ */ /* * Copyright (c) 2000 Christoph Herrmann, Thomas-Henning von Kamptz * Copyright (c) 1980, 1989, 1993 The Regents of the University of California. @@ -1865,7 +1865,7 @@ charsperline(void) columns = ws.ws_col; } if (columns == 0 && (cp = getenv("COLUMNS"))) { - columns = atoi(cp); + columns = strtonum(cp, 1, INT_MAX, NULL); } if (columns == 0) { columns = 80; /* last resort */ diff --git a/sbin/mount_msdos/mount_msdos.c b/sbin/mount_msdos/mount_msdos.c index 3057b45828f..6581bd34fed 100644 --- a/sbin/mount_msdos/mount_msdos.c +++ b/sbin/mount_msdos/mount_msdos.c @@ -1,4 +1,4 @@ -/* $OpenBSD: mount_msdos.c,v 1.29 2015/01/16 06:39:59 deraadt Exp $ */ +/* $OpenBSD: mount_msdos.c,v 1.30 2015/04/18 18:28:37 deraadt Exp $ */ /* $NetBSD: mount_msdos.c,v 1.16 1996/10/24 00:12:50 cgd Exp $ */ /* @@ -158,19 +158,15 @@ gid_t a_gid(char *s) { struct group *gr; + const char *errstr; char *gname; gid_t gid; if ((gr = getgrnam(s)) != NULL) - gid = gr->gr_gid; - else { - for (gname = s; isdigit((unsigned char)*s); ++s) - ; - if (!*s) - gid = atoi(gname); - else - errx(1, "unknown group id: %s", gname); - } + return gr->gr_gid; + gid = strtonum(s, 0, GID_MAX, &errstr); + if (errstr) + errx(1, "group is %s: %s", errstr, s); return (gid); } @@ -178,19 +174,15 @@ uid_t a_uid(char *s) { struct passwd *pw; + const char *errstr; char *uname; uid_t uid; if ((pw = getpwnam(s)) != NULL) - uid = pw->pw_uid; - else { - for (uname = s; isdigit((unsigned char)*s); ++s) - ; - if (!*s) - uid = atoi(uname); - else - errx(1, "unknown user id: %s", uname); - } + return pw->pw_uid; + uid = strtonum(s, 0, UID_MAX, &errstr); + if (errstr) + errx(1, "user is %s: %s", errstr, s); return (uid); } diff --git a/sbin/newfs/mkfs.c b/sbin/newfs/mkfs.c index 94ca0700952..d239bfc6c3a 100644 --- a/sbin/newfs/mkfs.c +++ b/sbin/newfs/mkfs.c @@ -1,4 +1,4 @@ -/* $OpenBSD: mkfs.c,v 1.90 2015/02/06 22:29:00 millert Exp $ */ +/* $OpenBSD: mkfs.c,v 1.91 2015/04/18 18:28:37 deraadt Exp $ */ /* $NetBSD: mkfs.c,v 1.25 1995/06/18 21:35:38 cgd Exp $ */ /* @@ -1149,7 +1149,7 @@ charsperline(void) if (ioctl(0, TIOCGWINSZ, &ws) != -1) columns = ws.ws_col; if (columns == 0 && (cp = getenv("COLUMNS"))) - columns = atoi(cp); + columns = strtonum(cp, 1, INT_MAX, NULL); if (columns == 0) columns = 80; /* last resort */ return columns; diff --git a/sbin/newfs_msdos/newfs_msdos.c b/sbin/newfs_msdos/newfs_msdos.c index 6006fe96e27..78495ebac99 100644 --- a/sbin/newfs_msdos/newfs_msdos.c +++ b/sbin/newfs_msdos/newfs_msdos.c @@ -1,4 +1,4 @@ -/* $OpenBSD: newfs_msdos.c,v 1.25 2015/01/16 06:40:00 deraadt Exp $ */ +/* $OpenBSD: newfs_msdos.c,v 1.26 2015/04/18 18:28:37 deraadt Exp $ */ /* * Copyright (c) 1998 Robert Nordier @@ -260,11 +260,9 @@ main(int argc, char *argv[]) opt_B = optarg; break; case 'F': - if (strcmp(optarg, "12") && - strcmp(optarg, "16") && - strcmp(optarg, "32")) + opt_F = strtonum(optarg, 1, INT_MAX, NULL); + if (!(opt_F == 12 || opt_F == 16 || opt_F == 32)) errx(1, "%s: bad FAT type", optarg); - opt_F = atoi(optarg); break; case 'I': opt_I = argto4(optarg, 0, "volume ID"); diff --git a/sbin/quotacheck/quotacheck.c b/sbin/quotacheck/quotacheck.c index 8b1966287fb..bbf4e0fbe85 100644 --- a/sbin/quotacheck/quotacheck.c +++ b/sbin/quotacheck/quotacheck.c @@ -1,4 +1,4 @@ -/* $OpenBSD: quotacheck.c,v 1.37 2015/02/07 02:09:14 deraadt Exp $ */ +/* $OpenBSD: quotacheck.c,v 1.38 2015/04/18 18:28:37 deraadt Exp $ */ /* $NetBSD: quotacheck.c,v 1.12 1996/03/30 22:34:25 mark Exp $ */ /* @@ -136,6 +136,7 @@ main(int argc, char *argv[]) struct quotaname *auxdata; int i, argnum, maxrun, errs, ch; u_int64_t done = 0; /* XXX supports maximum 64 filesystems */ + const char *errstr; char *name; errs = maxrun = 0; @@ -151,7 +152,9 @@ main(int argc, char *argv[]) gflag = 1; break; case 'l': - maxrun = atoi(optarg); + maxrun = strtonum(optarg, 0, INT_MAX, &errstr); + if (errstr) + errx(1, "-l %s: %s", optarg, errstr); break; case 'u': uflag = 1; diff --git a/sbin/savecore/savecore.c b/sbin/savecore/savecore.c index d186c59f2b6..53cc2a7dac2 100644 --- a/sbin/savecore/savecore.c +++ b/sbin/savecore/savecore.c @@ -1,4 +1,4 @@ -/* $OpenBSD: savecore.c,v 1.51 2015/03/15 00:41:27 millert Exp $ */ +/* $OpenBSD: savecore.c,v 1.52 2015/04/18 18:28:37 deraadt Exp $ */ /* $NetBSD: savecore.c,v 1.26 1996/03/18 21:16:05 leo Exp $ */ /*- @@ -34,7 +34,6 @@ #include <sys/stat.h> #include <sys/mount.h> #include <sys/syslog.h> -#include <sys/types.h> #include <sys/time.h> #include <sys/resource.h> @@ -390,8 +389,13 @@ save_core(void) if (ferror(fp)) err1: syslog(LOG_WARNING, "%s: %s", path, strerror(errno)); bounds = 0; - } else - bounds = atoi(buf); + } else { + const char *errstr; + + bounds = strtonum(buf, 0, INT_MAX, &errstr); + if (errstr) + syslog(LOG_WARNING, "bounds was corrupt: %s", errstr); + } if (fp != NULL) (void)fclose(fp); if ((fp = fopen(path, "w")) == NULL) @@ -607,8 +611,13 @@ check_space(void) else { if (fgets(buf, sizeof(buf), fp) == NULL) minfree = 0; - else - minfree = atoi(buf); + else { + const char *errstr; + + minfree = strtonum(buf, 0, LLONG_MAX, &errstr); + syslog(LOG_WARNING, + "minfree was corrupt: %s", errstr); + } (void)fclose(fp); } diff --git a/sbin/shutdown/shutdown.c b/sbin/shutdown/shutdown.c index f9eae2ca01d..07f9fb22206 100644 --- a/sbin/shutdown/shutdown.c +++ b/sbin/shutdown/shutdown.c @@ -1,4 +1,4 @@ -/* $OpenBSD: shutdown.c,v 1.41 2015/03/15 00:41:27 millert Exp $ */ +/* $OpenBSD: shutdown.c,v 1.42 2015/04/18 18:28:37 deraadt Exp $ */ /* $NetBSD: shutdown.c,v 1.9 1995/03/18 15:01:09 cgd Exp $ */ /* @@ -437,9 +437,12 @@ getoffset(char *timearg) (void)time(&now); if (*timearg == '+') { /* +minutes */ - if (!isdigit((unsigned char)*++timearg)) + const char *errstr; + + offset = strtonum(++timearg, 0, INT_MAX, &errstr); + if (errstr); badtime(); - offset = atoi(timearg) * 60; + offset *= 60; shuttime = now + offset; return; } diff --git a/sbin/swapctl/swapctl.c b/sbin/swapctl/swapctl.c index 0b561f2b483..94f749850bb 100644 --- a/sbin/swapctl/swapctl.c +++ b/sbin/swapctl/swapctl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: swapctl.c,v 1.19 2015/01/16 06:40:01 deraadt Exp $ */ +/* $OpenBSD: swapctl.c,v 1.20 2015/04/18 18:28:37 deraadt Exp $ */ /* $NetBSD: swapctl.c,v 1.9 1998/07/26 20:23:15 mycroft Exp $ */ /* @@ -58,6 +58,7 @@ #include <errno.h> #include <stdio.h> #include <stdlib.h> +#include <limits.h> #include <string.h> #include <fstab.h> #include <util.h> @@ -116,6 +117,7 @@ extern char *__progname; /* from crt0.o */ int main(int argc, char *argv[]) { + const char *errstr; int c; if (strcmp(__progname, "swapon") == 0) @@ -149,8 +151,9 @@ main(int argc, char *argv[]) case 'p': pflag = 1; - /* XXX strtol() */ - pri = atoi(optarg); + pri = strtonum(optarg, 0, INT_MAX, &errstr); + if (errstr) + errx(1, "-p %s: %s", errstr, optarg); break; case 's': diff --git a/sbin/sysctl/sysctl.c b/sbin/sysctl/sysctl.c index c8b322f944d..457c259300f 100644 --- a/sbin/sysctl/sysctl.c +++ b/sbin/sysctl/sysctl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sysctl.c,v 1.210 2015/02/13 00:02:21 guenther Exp $ */ +/* $OpenBSD: sysctl.c,v 1.211 2015/04/18 18:28:37 deraadt Exp $ */ /* $NetBSD: sysctl.c,v 1.9 1995/09/30 07:12:50 thorpej Exp $ */ /* @@ -102,6 +102,7 @@ #include <stdlib.h> #include <string.h> #include <ctype.h> +#include <limits.h> #include <unistd.h> #include <machine/cpu.h> @@ -1297,6 +1298,8 @@ sysctl_bios(char *string, char **bufpp, int mib[], int flags, int *typep) return (-1); mib[2] = indx; if (indx == BIOS_DISKINFO) { + const char *errstr; + if (*bufpp == NULL) { char name[BUFSIZ]; @@ -1312,7 +1315,11 @@ sysctl_bios(char *string, char **bufpp, int mib[], int flags, int *typep) warnx("%s: incomplete specification", string); return (-1); } - mib[3] = atoi(name); + mib[3] = strtonum(name, 0, INT_MAX, &errstr); + if (errstr) { + warnx("%s: %s", string, errstr); + return (-1); + } *typep = CTLTYPE_STRUCT; return (4); } else { @@ -1802,6 +1809,7 @@ sysctl_malloc(char *string, char **bufpp, int mib[], int flags, int *typep) { int indx, stor, i; char *name, bufp[SYSCTL_BUFSIZ], *buf, *ptr; + const char *errstr; struct list lp; size_t size; @@ -1839,7 +1847,9 @@ sysctl_malloc(char *string, char **bufpp, int mib[], int flags, int *typep) free(lp.list); return (-1); } - mib[3] = atoi(name); + mib[3] = strtonum(name, 0, INT_MAX, &errstr); + if (errstr) + return -1; return (4); } else if (mib[2] == KERN_MALLOC_BUCKETS) { *typep = CTLTYPE_STRING; @@ -2398,7 +2408,13 @@ sysctl_sensors(char *string, char **bufpp, int mib[], int flags, int *typep) numt = -1; for (i = 0; typename[i] != '\0'; i++) if (isdigit((unsigned char)typename[i])) { - numt = atoi(&typename[i]); + const char *errstr; + + numt = strtonum(&typename[i], 0, INT_MAX, &errstr); + if (errstr) { + warnx("%s: %s", string, errstr); + return (-1); + } typename[i] = '\0'; break; } @@ -2702,7 +2718,14 @@ sysctl_emul(char *string, char *newval, int flags) mib[2] = emul_names[i].index; len = sizeof(int); if (newval) { - enabled = atoi(newval); + const char *errstr; + + enabled = strtonum(newval, 0, INT_MAX, &errstr); + if (errstr) { + warnx("%s: %s is %s", string, newval, errstr); + print = 0; + continue; + } if (sysctl(mib, 4, &old, &len, &enabled, len) == -1) { warn("%s", string); print = 0; diff --git a/sbin/wsconsctl/map_scan.l b/sbin/wsconsctl/map_scan.l index ec5e172cc74..60172cc9d45 100644 --- a/sbin/wsconsctl/map_scan.l +++ b/sbin/wsconsctl/map_scan.l @@ -1,4 +1,4 @@ -/* $OpenBSD: map_scan.l,v 1.4 2012/07/14 08:28:47 shadchin Exp $ */ +/* $OpenBSD: map_scan.l,v 1.5 2015/04/18 18:28:37 deraadt Exp $ */ /* $NetBSD: map_scan.l 1.1 1998/12/28 14:01:17 hannken Exp $ */ /*- @@ -34,6 +34,7 @@ #include <dev/wscons/wsksymdef.h> #include <dev/wscons/wsksymvar.h> +#include <limits.h> #include <err.h> #include "wsconsctl.h" #include "y.tab.h" @@ -81,7 +82,11 @@ keysym { } [0-9]+ { - yylval.ival = atoi(yytext); + const char *errstr; + + yylval.ival = strtonum(yytext, 0, INT_MAX, &errstr); + if (errstr) + errx(1, "%s: %s", yytext, errstr); return(T_NUMBER); } diff --git a/usr.bin/calendar/calendar.c b/usr.bin/calendar/calendar.c index 85c28be895d..fcab233ec86 100644 --- a/usr.bin/calendar/calendar.c +++ b/usr.bin/calendar/calendar.c @@ -1,4 +1,4 @@ -/* $OpenBSD: calendar.c,v 1.30 2015/03/15 00:41:28 millert Exp $ */ +/* $OpenBSD: calendar.c,v 1.31 2015/04/18 18:28:37 deraadt Exp $ */ /* * Copyright (c) 1989, 1993, 1994 @@ -41,6 +41,7 @@ #include <stdio.h> #include <stdlib.h> #include <string.h> +#include <limits.h> #include <time.h> #include <unistd.h> @@ -68,6 +69,7 @@ int main(int argc, char *argv[]) { int ch; + const char *errstr; char *caldir; (void)setlocale(LC_ALL, ""); @@ -95,12 +97,16 @@ main(int argc, char *argv[]) break; case 'A': /* days after current date */ - f_dayAfter = atoi(optarg); + f_dayAfter = strtonum(optarg, 0, INT_MAX, &errstr); + if (errstr) + errx(1, "-A %s: %s", optarg, errstr); f_SetdayAfter = 1; break; case 'B': /* days before current date */ - f_dayBefore = atoi(optarg); + f_dayBefore = strtonum(optarg, 0, INT_MAX, &errstr); + if (errstr) + errx(1, "-B %s: %s", optarg, errstr); break; default: diff --git a/usr.bin/calendar/io.c b/usr.bin/calendar/io.c index d0a5e5847be..1e1950b2d30 100644 --- a/usr.bin/calendar/io.c +++ b/usr.bin/calendar/io.c @@ -1,4 +1,4 @@ -/* $OpenBSD: io.c,v 1.38 2015/03/15 00:41:28 millert Exp $ */ +/* $OpenBSD: io.c,v 1.39 2015/04/18 18:28:37 deraadt Exp $ */ /* * Copyright (c) 1989, 1993, 1994 @@ -281,12 +281,16 @@ getfield(char *p, char **endp, int *flags) } } if (i > NUMEV) { - switch(*start) { + const char *errstr; + + switch (*start) { case '-': case '+': - var = atoi(start); - if (var > 365 || var < -365) + var = strtonum(start + 1, 0, 365, &errstr); + if (errstr) return (0); /* Someone is just being silly */ + if (*start == '-') + var = -var; val += (NUMEV + 1) * var; /* We add one to the matching event and multiply by * (NUMEV + 1) so as not to return 0 if there's a match. diff --git a/usr.bin/find/function.c b/usr.bin/find/function.c index 6037db0b287..585ce2a1fed 100644 --- a/usr.bin/find/function.c +++ b/usr.bin/find/function.c @@ -1,4 +1,4 @@ -/* $OpenBSD: function.c,v 1.43 2015/03/15 00:41:28 millert Exp $ */ +/* $OpenBSD: function.c,v 1.44 2015/04/18 18:28:37 deraadt Exp $ */ /*- * Copyright (c) 1990, 1993 @@ -883,8 +883,10 @@ c_group(char *gname, char ***ignored, int unused) g = getgrnam(gname); if (g == NULL) { - gid = atoi(gname); - if (gid == 0 && gname[0] != '0') + const char *errstr; + + gid = strtonum(gname, 0, GID_MAX, &errstr); + if (errstr) errx(1, "-group: %s: no such group", gname); } else gid = g->gr_gid; @@ -1014,9 +1016,12 @@ PLAN * c_mindepth(char *arg, char ***ignored, int unused) { PLAN *new; + const char *errstr = NULL; new = palloc(N_MINDEPTH, f_mindepth); - new->min_data = atoi(arg); + new->min_data = strtonum(arg, 0, INT_MAX, &errstr); + if (errstr) + errx(1, "-mindepth: %s: value %s", arg, errstr); return (new); } @@ -1488,8 +1493,10 @@ c_user(char *username, char ***ignored, int unused) p = getpwnam(username); if (p == NULL) { - uid = atoi(username); - if (uid == 0 && username[0] != '0') + const char *errstr; + + uid = strtonum(username, 0, UID_MAX, &errstr); + if (errstr) errx(1, "-user: %s: no such user", username); } else uid = p->pw_uid; diff --git a/usr.bin/ipcrm/ipcrm.c b/usr.bin/ipcrm/ipcrm.c index aa11580cbf4..4f70c629848 100644 --- a/usr.bin/ipcrm/ipcrm.c +++ b/usr.bin/ipcrm/ipcrm.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ipcrm.c,v 1.10 2005/12/19 19:13:50 millert Exp $*/ +/* $OpenBSD: ipcrm.c,v 1.11 2015/04/18 18:28:37 deraadt Exp $*/ /* * Copyright (c) 1994 Adam Glass @@ -39,6 +39,7 @@ #include <sys/shm.h> #include <stdio.h> #include <unistd.h> +#include <limits.h> #include <stdlib.h> #include <ctype.h> #include <err.h> @@ -112,6 +113,7 @@ int main(int argc, char *argv[]) { int c, result, errflg, target_id; + const char *errstr; key_t target_key; errflg = 0; @@ -122,7 +124,9 @@ main(int argc, char *argv[]) case 'q': case 'm': case 's': - target_id = atoi(optarg); + target_id = strtonum(optarg, 0, INT_MAX, &errstr); + if (errstr) + errx(1, "-%c %s: %s\n", c, optarg, &errstr); if (c == 'q') result = msgrm(0, target_id); else if (c == 'm') diff --git a/usr.bin/kdump/kdump.c b/usr.bin/kdump/kdump.c index 45ebeeadde0..6fe9653bb99 100644 --- a/usr.bin/kdump/kdump.c +++ b/usr.bin/kdump/kdump.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kdump.c,v 1.100 2015/04/17 06:33:30 guenther Exp $ */ +/* $OpenBSD: kdump.c,v 1.101 2015/04/18 18:28:37 deraadt Exp $ */ /*- * Copyright (c) 1988, 1993 @@ -170,6 +170,7 @@ main(int argc, char *argv[]) int ch, silent; size_t ktrlen, size; int trpoints = ALL_POINTS; + const char *errstr; void *m; def_emul = current = &emulations[0]; /* native */ @@ -193,13 +194,17 @@ main(int argc, char *argv[]) tail = 1; break; case 'm': - maxdata = atoi(optarg); + maxdata = strtonum(optarg, 0, INT_MAX, &errstr); + if (errstr) + errx(1, "-m %s: %s", optarg, errstr); break; case 'n': fancy = 0; break; case 'p': - pid_opt = atoi(optarg); + pid_opt = strtonum(optarg, 1, INT_MAX, &errstr); + if (errstr) + errx(1, "-p %s: %s", optarg, errstr); break; case 'R': timestamp = 2; /* relative timestamp */ diff --git a/usr.bin/ktrace/ktrace.c b/usr.bin/ktrace/ktrace.c index 178180822eb..94180ca769a 100644 --- a/usr.bin/ktrace/ktrace.c +++ b/usr.bin/ktrace/ktrace.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ktrace.c,v 1.31 2015/01/16 06:40:09 deraadt Exp $ */ +/* $OpenBSD: ktrace.c,v 1.32 2015/04/18 18:28:37 deraadt Exp $ */ /* $NetBSD: ktrace.c,v 1.4 1995/08/31 23:01:44 jtc Exp $ */ /*- @@ -211,7 +211,9 @@ main(int argc, char *argv[]) static int rpid(const char *p) { + const char *errstr; static int first; + pid_t pid; if (first++) { warnx("only one -g or -p flag is permitted."); @@ -221,7 +223,12 @@ rpid(const char *p) warnx("illegal process id."); usage(); } - return(atoi(p)); + pid = strtonum(p, 1, INT_MAX, &errstr); + if (errstr) { + warnx("illegal process id: %s", errstr); + usage(); + } + return pid; } static void diff --git a/usr.bin/logger/logger.c b/usr.bin/logger/logger.c index 9146d678419..41d6e1fc569 100644 --- a/usr.bin/logger/logger.c +++ b/usr.bin/logger/logger.c @@ -1,4 +1,4 @@ -/* $OpenBSD: logger.c,v 1.13 2013/11/27 13:32:02 okan Exp $ */ +/* $OpenBSD: logger.c,v 1.14 2015/04/18 18:28:37 deraadt Exp $ */ /* $NetBSD: logger.c,v 1.4 1994/12/22 06:27:00 jtc Exp $ */ /* @@ -32,6 +32,7 @@ #include <errno.h> #include <unistd.h> +#include <limits.h> #include <stdlib.h> #include <stdio.h> #include <ctype.h> @@ -155,10 +156,15 @@ pencode(char *s) int decode(char *name, CODE *codetab) { + int n; CODE *c; - if (isdigit((unsigned char)*name)) - return (atoi(name)); + if (isdigit((unsigned char)*name)) { + const char *errstr; + int n = strtonum(name, 0, INT_MAX, &errstr); + if (!errstr) + return (n); + } for (c = codetab; c->c_name; c++) if (!strcasecmp(name, c->c_name)) diff --git a/usr.bin/make/generate.c b/usr.bin/make/generate.c index 9e63e600877..a162e3ed1fb 100644 --- a/usr.bin/make/generate.c +++ b/usr.bin/make/generate.c @@ -1,4 +1,4 @@ -/* $OpenBSD: generate.c,v 1.16 2014/05/18 08:08:50 espie Exp $ */ +/* $OpenBSD: generate.c,v 1.17 2015/04/18 18:28:37 deraadt Exp $ */ /* * Copyright (c) 2001 Marc Espie. @@ -29,6 +29,7 @@ #include <stdint.h> #include <stdio.h> #include <stdlib.h> +#include <limits.h> #include <ohash.h> #include "stats.h" @@ -137,6 +138,7 @@ main(int argc, char *argv[]) uint32_t v; uint32_t h; uint32_t slots; + const char *errstr; const char *e; char **occupied; char **t; @@ -146,11 +148,13 @@ main(int argc, char *argv[]) if (argc != 3) exit(1); - tn = atoi(argv[1]); - if (!tn) + tn = strtonum(argv[1], 1, INT_MAX, &errstr); + if (errstr) exit(1); t = table[tn-1]; - slots = atoi(argv[2]); + slots = strtonum(argv[2], 0, INT_MAX, &errstr); + if (errstr) + exit(1); if (slots) { occupied = calloc(slots, sizeof(char *)); if (!occupied) diff --git a/usr.bin/sed/process.c b/usr.bin/sed/process.c index 12385b844a4..aa7ea51d0c4 100644 --- a/usr.bin/sed/process.c +++ b/usr.bin/sed/process.c @@ -1,4 +1,4 @@ -/* $OpenBSD: process.c,v 1.22 2015/04/13 05:11:23 deraadt Exp $ */ +/* $OpenBSD: process.c,v 1.23 2015/04/18 18:28:37 deraadt Exp $ */ /*- * Copyright (c) 1992 Diomidis Spinellis. @@ -457,12 +457,14 @@ lputs(char *s) static int termwidth = -1; if (termwidth == -1) { + termwidth = 0; if ((p = getenv("COLUMNS"))) - termwidth = atoi(p); - else if (ioctl(STDOUT_FILENO, TIOCGWINSZ, &win) == 0 && + termwidth = strtonum(p, 0, INT_MAX, NULL); + if (termwidth == 0 && + ioctl(STDOUT_FILENO, TIOCGWINSZ, &win) == 0 && win.ws_col > 0) termwidth = win.ws_col; - else + if (termwidth == 0) termwidth = 60; } diff --git a/usr.bin/skey/skey.c b/usr.bin/skey/skey.c index 352e02356e3..a019f15c634 100644 --- a/usr.bin/skey/skey.c +++ b/usr.bin/skey/skey.c @@ -1,4 +1,4 @@ -/* $OpenBSD: skey.c,v 1.27 2014/03/20 20:39:13 naddy Exp $ */ +/* $OpenBSD: skey.c,v 1.28 2015/04/18 18:28:38 deraadt Exp $ */ /* * OpenBSD S/Key (skey.c) * @@ -27,6 +27,7 @@ #include <string.h> #include <err.h> #include <unistd.h> +#include <limits.h> #include <skey.h> void usage(char *); @@ -37,6 +38,7 @@ main(int argc, char *argv[]) int n, i, cnt = 1, pass = 0, hexmode = 0; char passwd[SKEY_MAX_PW_LEN+1], key[SKEY_BINKEY_SIZE]; char buf[33], *seed, *slash; + const char *errstr; /* If we were called as otp-METHOD, set algorithm based on that */ if ((slash = strrchr(argv[0], '/'))) @@ -56,7 +58,9 @@ main(int argc, char *argv[]) case 'n': if (++i == argc) usage(argv[0]); - cnt = atoi(argv[i]); + cnt = strtonum(argv[i], 1, SKEY_MAX_SEQ -1, &errstr); + if (errstr) + usage(argv[0]); break; case 'p': if (++i == argc) @@ -96,19 +100,15 @@ main(int argc, char *argv[]) *slash++ = '\0'; seed = slash; - if ((n = atoi(argv[i])) < 0) { - warnx("%d not positive", n); - usage(argv[0]); - } else if (n > SKEY_MAX_SEQ) { - warnx("%d is larger than max (%d)", n, SKEY_MAX_SEQ); + n = strtonum(argv[i], 0, SKEY_MAX_SEQ, &errstr); + if (errstr) { + warnx("%s: %s", argv[i], errstr); usage(argv[0]); } } else { - if ((n = atoi(argv[i])) < 0) { - warnx("%d not positive", n); - usage(argv[0]); - } else if (n > SKEY_MAX_SEQ) { - warnx("%d is larger than max (%d)", n, SKEY_MAX_SEQ); + n = strtonum(argv[i], 0, SKEY_MAX_SEQ, &errstr); + if (errstr) { + warnx("%s: %s", argv[i], errstr); usage(argv[0]); } seed = argv[++i]; diff --git a/usr.bin/skeyinit/skeyinit.c b/usr.bin/skeyinit/skeyinit.c index 96698358826..abbba66c07e 100644 --- a/usr.bin/skeyinit/skeyinit.c +++ b/usr.bin/skeyinit/skeyinit.c @@ -1,4 +1,4 @@ -/* $OpenBSD: skeyinit.c,v 1.56 2015/01/16 06:40:11 deraadt Exp $ */ +/* $OpenBSD: skeyinit.c,v 1.57 2015/04/18 18:28:38 deraadt Exp $ */ /* OpenBSD S/Key (skeyinit.c) * @@ -52,6 +52,7 @@ main(int argc, char **argv) char seed[SKEY_MAX_SEED_LEN + 1]; char buf[256], key[SKEY_BINKEY_SIZE], filename[PATH_MAX], *ht; char lastc, me[UT_NAMESIZE + 1], *p, *auth_type; + const char *errstr; u_int32_t noise; struct skey skey; struct passwd *pp; @@ -108,7 +109,8 @@ main(int argc, char **argv) case 'n': if (argv[++i] == NULL || argv[i][0] == '\0') usage(); - if ((n = atoi(argv[i])) < 1 || n >= SKEY_MAX_SEQ) + n = strtonum(argv[i], 1, SKEY_MAX_SEQ - 1, &errstr); + if (errstr) errx(1, "count must be > 0 and < %d", SKEY_MAX_SEQ); break; @@ -324,6 +326,7 @@ secure_mode(int *count, char *key, char *seed, size_t seedlen, char *buf, size_t bufsiz) { char *p, newseed[SKEY_MAX_SEED_LEN + 2]; + const char *errstr; int i, n; (void)puts("You need the 6 words generated from the \"skey\" command."); @@ -335,11 +338,11 @@ secure_mode(int *count, char *key, char *seed, size_t seedlen, SKEY_MAX_SEQ); (void)fgets(buf, bufsiz, stdin); clearerr(stdin); - n = atoi(buf); - if (n > 0 && n < SKEY_MAX_SEQ) + n = strtonum(buf, 1, SKEY_MAX_SEQ-1, &errstr); + if (!errstr) break; /* Valid range */ - (void)fprintf(stderr, "ERROR: Count must be between 1 and %d\n", - SKEY_MAX_SEQ); + fprintf(stderr, "ERROR: Count must be between 1 and %d\n", + SKEY_MAX_SEQ - 1); } for (i = 0; ; i++) { @@ -492,6 +495,7 @@ convert_db(void) FILE *newfile; char buf[256], *logname, *hashtype, *seed, *val, *cp; char filename[PATH_MAX]; + const char *errstr; int fd, n; if ((keyfile = fopen(_PATH_SKEYKEYS, "r")) == NULL) @@ -516,7 +520,9 @@ convert_db(void) hashtype = cp; if ((cp = strtok(NULL, " \t")) == NULL) continue; - n = atoi(cp); + n = strtonum(cp, 0, SKEY_MAX_SEQ, &errstr); + if (errstr) + continue; if ((seed = strtok(NULL, " \t")) == NULL) continue; if ((val = strtok(NULL, " \t")) == NULL) diff --git a/usr.bin/systat/main.c b/usr.bin/systat/main.c index c61954ae643..692d022dfec 100644 --- a/usr.bin/systat/main.c +++ b/usr.bin/systat/main.c @@ -1,4 +1,4 @@ -/* $Id: main.c,v 1.62 2015/03/12 01:03:00 claudio Exp $ */ +/* $Id: main.c,v 1.63 2015/04/18 18:28:38 deraadt Exp $ */ /* * Copyright (c) 2001, 2007 Can Erkin Acar * Copyright (c) 2001 Daniel Hartmeier @@ -296,13 +296,12 @@ cmd_delay(const char *buf) void cmd_count(const char *buf) { + const char *errstr; int ms; - ms = atoi(buf); - if (ms <= 0 || ms > lines - HEADER_LINES) + maxprint = strtonum(buf, 1, lines - HEADER_LINES, &errstr); + if (errstr) maxprint = lines - HEADER_LINES; - else - maxprint = ms; } @@ -380,6 +379,7 @@ int main(int argc, char *argv[]) { char errbuf[_POSIX2_LINE_MAX]; + const char *errstr; extern char *optarg; extern int optind; double delay = 5; @@ -418,9 +418,9 @@ main(int argc, char *argv[]) interactive = 0; break; case 'd': - countmax = atoi(optarg); - if (countmax < 0) - countmax = 0; + countmax = strtonum(optarg, 1, INT_MAX, &errstr); + if (errstr) + errx(1, "-d %s: %s", optarg, errstr); break; case 'i': interactive = 1; @@ -438,11 +438,9 @@ main(int argc, char *argv[]) delay = 5; break; case 'w': - rawwidth = atoi(optarg); - if (rawwidth < 1) - rawwidth = DEFAULT_WIDTH; - if (rawwidth >= MAX_LINE_BUF) - rawwidth = MAX_LINE_BUF - 1; + rawwidth = strtonum(optarg, 1, MAX_LINE_BUF-1, &errstr); + if (errstr) + errx(1, "-w %s: %s", optarg, errstr); break; default: usage(); diff --git a/usr.bin/tip/tip.c b/usr.bin/tip/tip.c index 98727ab64d1..6497828cc82 100644 --- a/usr.bin/tip/tip.c +++ b/usr.bin/tip/tip.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tip.c,v 1.55 2015/02/07 10:07:15 deraadt Exp $ */ +/* $OpenBSD: tip.c,v 1.56 2015/04/18 18:28:38 deraadt Exp $ */ /* $NetBSD: tip.c,v 1.13 1997/04/20 00:03:05 mellon Exp $ */ /* @@ -50,6 +50,8 @@ int main(int argc, char *argv[]) { char *sys = NULL; + const char *errstr; + int baud; int i, pair[2]; vinit(); @@ -81,7 +83,12 @@ main(int argc, char *argv[]) case '0': case '1': case '2': case '3': case '4': case '5': case '6': case '7': case '8': case '9': - vsetnum(BAUDRATE, atoi(&argv[1][1])); + baud = strtonum(&argv[1][1], 0, INT_MAX, &errstr); + if (errstr) { + fprintf(stderr, "incorrect speed: %s\n", errstr); + exit(1); + } + vsetnum(BAUDRATE, baud); break; default: diff --git a/usr.bin/unifdef/unifdef.c b/usr.bin/unifdef/unifdef.c index 89df19740aa..fa751572814 100644 --- a/usr.bin/unifdef/unifdef.c +++ b/usr.bin/unifdef/unifdef.c @@ -47,7 +47,7 @@ static const char copyright[] = #include "version.h" - "@(#) $Author: miod $\n" + "@(#) $Author: deraadt $\n" "@(#) $URL: http://dotat.at/prog/unifdef $\n" ; @@ -252,6 +252,7 @@ static const char *xstrdup(const char *, const char *); int main(int argc, char *argv[]) { + const char *errstr; int opt; while ((opt = getopt(argc, argv, "i:D:U:f:I:M:o:x:bBcdehKklmnsStV")) != -1) @@ -332,9 +333,9 @@ main(int argc, char *argv[]) version(); break; case 'x': - exitmode = atoi(optarg); - if(exitmode < 0 || exitmode > 2) - usage(); + exitmode = strtonum(optarg, 0, 2, &errstr); + if (errstr) + errx(1, "-x %s: %s", optarg, errstr); break; default: usage(); diff --git a/usr.bin/vis/vis.c b/usr.bin/vis/vis.c index b32ccef190d..fe40eed012d 100644 --- a/usr.bin/vis/vis.c +++ b/usr.bin/vis/vis.c @@ -1,4 +1,4 @@ -/* $OpenBSD: vis.c,v 1.16 2015/02/08 23:40:34 deraadt Exp $ */ +/* $OpenBSD: vis.c,v 1.17 2015/04/18 18:28:38 deraadt Exp $ */ /* $NetBSD: vis.c,v 1.4 1994/12/20 16:13:03 jtc Exp $ */ /*- @@ -34,6 +34,7 @@ #include <string.h> #include <stdlib.h> #include <unistd.h> +#include <limits.h> #include <err.h> #include <vis.h> @@ -50,6 +51,7 @@ __dead void usage(void); int main(int argc, char *argv[]) { + const char *errstr; FILE *fp; int ch; @@ -80,10 +82,11 @@ main(int argc, char *argv[]) eflags |= VIS_NOSLASH; break; case 'F': - if ((foldwidth = atoi(optarg))<5) { + foldwidth = strtonum(optarg, 1, INT_MAX, &errstr); + if (errstr) + errx(1, "%s: %s", optarg, errstr); + if (foldwidth < 5) errx(1, "can't fold lines to less than 5 cols"); - /* NOTREACHED */ - } /*FALLTHROUGH*/ case 'f': fold = 1; /* fold output lines to 80 cols */ diff --git a/usr.bin/vmstat/vmstat.c b/usr.bin/vmstat/vmstat.c index dbaf096f05d..3ed634ed663 100644 --- a/usr.bin/vmstat/vmstat.c +++ b/usr.bin/vmstat/vmstat.c @@ -1,5 +1,5 @@ /* $NetBSD: vmstat.c,v 1.29.4.1 1996/06/05 00:21:05 cgd Exp $ */ -/* $OpenBSD: vmstat.c,v 1.137 2015/01/30 19:00:56 tedu Exp $ */ +/* $OpenBSD: vmstat.c,v 1.138 2015/04/18 18:28:38 deraadt Exp $ */ /* * Copyright (c) 1980, 1986, 1991, 1993 @@ -766,7 +766,13 @@ domem(void) siz = sizeof(struct kmembuckets); i = 0; while ((ap = strsep(&bufp, ",")) != NULL) { - mib[3] = atoi(ap); + const char *errstr; + + mib[3] = strtonum(ap, 0, INT_MAX, &errstr); + if (errstr) { + warnx("kernel lied about %d being a number", mib[3]); + return; + } if (sysctl(mib, 4, &buckets[MINBUCKET + i], &siz, NULL, 0) < 0) { diff --git a/usr.bin/xargs/xargs.c b/usr.bin/xargs/xargs.c index dded1c6a11b..ed0ada5138a 100644 --- a/usr.bin/xargs/xargs.c +++ b/usr.bin/xargs/xargs.c @@ -1,4 +1,4 @@ -/* $OpenBSD: xargs.c,v 1.28 2015/01/16 06:40:14 deraadt Exp $ */ +/* $OpenBSD: xargs.c,v 1.29 2015/04/18 18:28:38 deraadt Exp $ */ /* $FreeBSD: xargs.c,v 1.51 2003/05/03 19:09:11 obrien Exp $ */ /*- @@ -50,6 +50,7 @@ #include <stdlib.h> #include <string.h> #include <unistd.h> +#include <limits.h> #include "pathnames.h" @@ -78,6 +79,7 @@ main(int argc, char *argv[]) int ch, Jflag, nargs, nflag, nline; size_t linelen; char *endptr; + const char *errstr; inpline = replstr = NULL; ep = environ; @@ -125,19 +127,23 @@ main(int argc, char *argv[]) replstr = optarg; break; case 'L': - Lflag = atoi(optarg); + Lflag = strtonum(optarg, 0, INT_MAX, &errstr); + if (errstr) + errx(1, "-L %s: %s", optarg, errstr); break; case 'n': nflag = 1; - if ((nargs = atoi(optarg)) <= 0) - errx(1, "illegal argument count"); + nargs = strtonum(optarg, 1, INT_MAX, &errstr); + if (errstr) + errx(1, "-n %s: %s", optarg, errstr); break; case 'o': oflag = 1; break; case 'P': - if ((maxprocs = atoi(optarg)) <= 0) - errx(1, "max. processes must be >0"); + maxprocs = strtonum(optarg, 1, INT_MAX, &errstr); + if (errstr) + errx(1, "-P %s: %s", optarg, errstr); break; case 'p': pflag = 1; @@ -151,7 +157,9 @@ main(int argc, char *argv[]) errx(1, "replacements must be a number"); break; case 's': - nline = atoi(optarg); + nline = strtonum(optarg, 0, INT_MAX, &errstr); + if (errstr) + errx(1, "-s %s: %s", optarg, errstr); break; case 't': tflag = 1; diff --git a/usr.sbin/fdformat/fdformat.c b/usr.sbin/fdformat/fdformat.c index edf83e8460c..372e62bd94b 100644 --- a/usr.sbin/fdformat/fdformat.c +++ b/usr.sbin/fdformat/fdformat.c @@ -1,4 +1,4 @@ -/* $OpenBSD: fdformat.c,v 1.19 2014/10/08 04:55:03 deraadt Exp $ */ +/* $OpenBSD: fdformat.c,v 1.20 2015/04/18 18:28:38 deraadt Exp $ */ /* * Copyright (C) 1992-1994 by Joerg Wunsch, Dresden @@ -45,6 +45,7 @@ #include <unistd.h> #include <fcntl.h> #include <string.h> +#include <limits.h> #include <ctype.h> #include <err.h> #include <util.h> @@ -181,33 +182,46 @@ main(int argc, char *argv[]) int rate = -1, gaplen = -1, secsize = -1, steps = -1; int fill = 0xf6, quiet = 0, verify = 1, verify_only = 0; int fd, c, track, error, tracks_per_dot, bytes_per_track, errs; + const char *errstr; char *devname; struct fd_type fdt; while((c = getopt(argc, argv, "c:s:h:r:g:S:F:t:i:qvn")) != -1) switch (c) { case 'c': /* # of cyls */ - cyls = atoi(optarg); + cyls = strtonum(optarg, 1, INT_MAX, &errstr); + if (errstr) + errx(1, "-c %s: %s", optarg, errstr); break; case 's': /* # of secs per track */ - secs = atoi(optarg); + secs = strtonum(optarg, 1, INT_MAX, &errstr); + if (errstr) + errx(1, "-s %s: %s", optarg, errstr); break; case 'h': /* # of heads */ - heads = atoi(optarg); + heads = strtonum(optarg, 1, INT_MAX, &errstr); + if (errstr) + errx(1, "-h %s: %s", optarg, errstr); break; case 'r': /* transfer rate, kilobyte/sec */ - rate = atoi(optarg); + rate = strtonum(optarg, 1, INT_MAX, &errstr); + if (errstr) + errx(1, "-r %s: %s", optarg, errstr); break; case 'g': /* length of GAP3 to format with */ - gaplen = atoi(optarg); + gaplen = strtonum(optarg, 1, INT_MAX, &errstr); + if (errstr) + errx(1, "-g %s: %s", optarg, errstr); break; case 'S': /* sector size shift factor (1 << S)*128 */ - secsize = atoi(optarg); + secsize = strtonum(optarg, 0, INT_MAX, &errstr); + if (errstr) + errx(1, "-S %s: %s", optarg, errstr); break; case 'F': /* fill byte, C-like notation allowed */ @@ -215,11 +229,15 @@ main(int argc, char *argv[]) break; case 't': /* steps per track */ - steps = atoi(optarg); + steps = strtonum(optarg, 1, INT_MAX, &errstr); + if (errstr) + errx(1, "-t %s: %s", optarg, errstr); break; case 'i': /* interleave factor */ - intleave = atoi(optarg); + intleave = strtonum(optarg, 1, INT_MAX, &errstr); + if (errstr) + errx(1, "-i %s: %s", optarg, errstr); break; case 'q': diff --git a/usr.sbin/ndp/ndp.c b/usr.sbin/ndp/ndp.c index bd8b76f8505..ce75ef718a0 100644 --- a/usr.sbin/ndp/ndp.c +++ b/usr.sbin/ndp/ndp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ndp.c,v 1.59 2015/01/16 06:40:18 deraadt Exp $ */ +/* $OpenBSD: ndp.c,v 1.60 2015/04/18 18:28:38 deraadt Exp $ */ /* $KAME: ndp.c,v 1.101 2002/07/17 08:46:33 itojun Exp $ */ /* @@ -102,6 +102,7 @@ #include <stdlib.h> #include <string.h> #include <unistd.h> +#include <limits.h> #include <err.h> #include "gmt2local.h" @@ -202,8 +203,8 @@ main(int argc, char *argv[]) /*NOTREACHED*/ } mode = 'a'; - repeat = atoi(optarg); - if (repeat < 0) { + repeat = strtonum(optarg, 1, INT_MAX, &errstr); + if (errstr) { usage(); /*NOTREACHED*/ } diff --git a/usr.sbin/rbootd/bpf.c b/usr.sbin/rbootd/bpf.c index f6c37be1bde..523a9553219 100644 --- a/usr.sbin/rbootd/bpf.c +++ b/usr.sbin/rbootd/bpf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: bpf.c,v 1.21 2015/01/16 06:40:19 deraadt Exp $ */ +/* $OpenBSD: bpf.c,v 1.22 2015/04/18 18:28:38 deraadt Exp $ */ /* $NetBSD: bpf.c,v 1.5.2.1 1995/11/14 08:45:42 thorpej Exp $ */ /* @@ -58,6 +58,7 @@ #include <string.h> #include <syslog.h> #include <unistd.h> +#include <limits.h> #include <ifaddrs.h> #include "defs.h" #include "pathnames.h" @@ -261,6 +262,7 @@ BpfGetIntfName(char **errmsg) { int minunit = 999, n; char *cp; + const char *errstr; static char device[IFNAMSIZ]; static char errbuf[128] = "No Error!"; struct ifaddrs *ifap, *ifa, *mp = NULL; @@ -288,8 +290,8 @@ BpfGetIntfName(char **errmsg) for (cp = ifa->ifa_name; !isdigit((unsigned char)*cp); ++cp) ; - n = atoi(cp); - if (n < minunit) { + n = strtonum(cp, 0, INT_MAX, &errstr); + if (errstr == NULL && n < minunit) { minunit = n; mp = ifa; } diff --git a/usr.sbin/rip6query/rip6query.c b/usr.sbin/rip6query/rip6query.c index fc67ae09ce4..72de4aa864e 100644 --- a/usr.sbin/rip6query/rip6query.c +++ b/usr.sbin/rip6query/rip6query.c @@ -1,4 +1,4 @@ -/* $OpenBSD: rip6query.c,v 1.14 2014/03/19 14:02:24 mpi Exp $ */ +/* $OpenBSD: rip6query.c,v 1.15 2015/04/18 18:28:38 deraadt Exp $ */ /* $KAME: rip6query.c,v 1.17 2002/09/08 01:35:17 itojun Exp $ */ /* @@ -38,6 +38,7 @@ #include <ctype.h> #include <signal.h> #include <errno.h> +#include <limits.h> #include <err.h> #include <sys/types.h> @@ -76,6 +77,7 @@ main(int argc, char *argv[]) int c; int ifidx = -1; int error; + const char *errstr; char pbuf[NI_MAXSERV]; struct addrinfo hints, *res; @@ -89,7 +91,9 @@ main(int argc, char *argv[]) } break; case 'w': - query_wait = atoi(optarg); + query_wait = strtonum(optarg, 1, INT_MAX, &errstr); + if (errstr) + errx(1, "-w %s: %s", optarg, errstr); break; default: usage(); diff --git a/usr.sbin/rpc.lockd/lockd.c b/usr.sbin/rpc.lockd/lockd.c index f0c8fbd943f..4b7397e3fd5 100644 --- a/usr.sbin/rpc.lockd/lockd.c +++ b/usr.sbin/rpc.lockd/lockd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: lockd.c,v 1.13 2015/01/16 06:40:20 deraadt Exp $ */ +/* $OpenBSD: lockd.c,v 1.14 2015/04/18 18:28:38 deraadt Exp $ */ /* * Copyright (c) 1995 @@ -46,6 +46,7 @@ #include <err.h> #include <errno.h> #include <signal.h> +#include <limits.h> #include <string.h> #include <unistd.h> #include <netdb.h> @@ -68,6 +69,7 @@ int main(int argc, char *argv[]) { SVCXPRT *transp; + const char *errstr; int ch; struct sigaction sigchild, sigalarm; int grace_period = 30; @@ -75,15 +77,15 @@ main(int argc, char *argv[]) while ((ch = getopt(argc, argv, "d:g:")) != (-1)) { switch (ch) { case 'd': - debug_level = atoi(optarg); - if (!debug_level) { + debug_level = strtonum(optarg, 1, INT_MAX, &errstr); + if (errstr) { usage(); /* NOTREACHED */ } break; case 'g': - grace_period = atoi(optarg); - if (!grace_period) { + grace_period = strtonum(optarg, 1, INT_MAX, &errstr); + if (errstr) { usage(); /* NOTREACHED */ } diff --git a/usr.sbin/sa/main.c b/usr.sbin/sa/main.c index f7c0f1c4f15..f64f03c7265 100644 --- a/usr.sbin/sa/main.c +++ b/usr.sbin/sa/main.c @@ -1,4 +1,4 @@ -/* $OpenBSD: main.c,v 1.12 2013/11/24 01:06:19 deraadt Exp $ */ +/* $OpenBSD: main.c,v 1.13 2015/04/18 18:28:38 deraadt Exp $ */ /* * Copyright (c) 1994 Christopher G. Demetriou * All rights reserved. @@ -72,6 +72,7 @@ main(int argc, char **argv) { int ch; int error = 0; + const char *errstr; extern char *__progname; while ((ch = getopt(argc, argv, "abcdDfijkKlmnqrstuv:")) != -1) @@ -156,7 +157,10 @@ main(int argc, char **argv) case 'v': /* cull junk */ vflag = 1; - cutoff = atoi(optarg); + /* XXX cutoff could be converted to quad_t? */ + cutoff = strtonum(optarg, 1, INT_MAX, &errstr); + if (errstr) + errx(1, "-v $s: %s", optarg, errstr); break; case '?': default: diff --git a/usr.sbin/tcpdump/tcpdump.c b/usr.sbin/tcpdump/tcpdump.c index e9b35ef8201..d96658b356c 100644 --- a/usr.sbin/tcpdump/tcpdump.c +++ b/usr.sbin/tcpdump/tcpdump.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tcpdump.c,v 1.69 2015/04/15 02:32:28 deraadt Exp $ */ +/* $OpenBSD: tcpdump.c,v 1.70 2015/04/18 18:28:38 deraadt Exp $ */ /* * Copyright (c) 1988, 1989, 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997 @@ -42,6 +42,7 @@ #include <stdlib.h> #include <string.h> #include <unistd.h> +#include <limits.h> #include <ctype.h> #include <err.h> #include <errno.h> @@ -209,6 +210,7 @@ main(int argc, char **argv) struct bpf_program *fcode; u_char *pcap_userdata; u_int dirfilt = 0, dlt = (u_int) -1; + const char *errstr; if ((cp = strrchr(argv[0], '/')) != NULL) program_name = cp + 1; @@ -235,9 +237,10 @@ main(int argc, char **argv) break; case 'c': - cnt = atoi(optarg); - if (cnt <= 0) - error("invalid packet count %s", optarg); + cnt = strtonum(optarg, 1, INT_MAX, &errstr); + if (errstr) + error("invalid packet count %s: %s", + optarg, errstr); break; case 'D': @@ -307,9 +310,9 @@ main(int argc, char **argv) break; case 's': - snaplen = atoi(optarg); - if (snaplen <= 0) - error("invalid snaplen %s", optarg); + snaplen = strtonum(optarg, 1, INT_MAX, &errstr); + if (errstr) + error("invalid snaplen %s: %s", optarg, errstr); break; case 'S': |