diff options
| author | Theo de Raadt <deraadt@cvs.openbsd.org> | 2015-04-18 18:28:39 +0000 |
|---|---|---|
| committer | Theo de Raadt <deraadt@cvs.openbsd.org> | 2015-04-18 18:28:39 +0000 |
| commit | 82e40d211902d486d2871a1bc691d1768927efd5 (patch) | |
| tree | 73caeece4da00dad32b1e62383474772aae90893 /bin/systrace | |
| parent | a15dfcc7862a97d34cf8fed2bb1292c14721e771 (diff) | |
Convert many atoi() calls to strtonum(), adding range checks and failure
handling along the way.
Reviews by Brendan MacDonell, Jeremy Devenport, florian, doug, millert
Diffstat (limited to 'bin/systrace')
| -rw-r--r-- | bin/systrace/filter.c | 7 | ||||
| -rw-r--r-- | bin/systrace/lex.l | 11 | ||||
| -rw-r--r-- | bin/systrace/systrace.c | 6 |
3 files changed, 17 insertions, 7 deletions
diff --git a/bin/systrace/filter.c b/bin/systrace/filter.c index d10299605ce..73e3e8f446f 100644 --- a/bin/systrace/filter.c +++ b/bin/systrace/filter.c @@ -1,4 +1,4 @@ -/* $OpenBSD: filter.c,v 1.35 2015/01/16 00:19:12 deraadt Exp $ */ +/* $OpenBSD: filter.c,v 1.36 2015/04/18 18:28:37 deraadt Exp $ */ /* * Copyright 2002 Niels Provos <provos@citi.umich.edu> * All rights reserved. @@ -615,9 +615,10 @@ filter_ask(int fd, struct intercept_tlq *tls, struct filterq *fls, filter_templates(emulation); continue; } else if (!strncasecmp(line, "template ", 9)) { - int count = atoi(line + 9); + const char *errstr; + int count = strtonum(line + 9, 1, INT_MAX, &errstr); - if (count == 0 || + if (errstr || filter_template(fd, policy, count) == -1) { printf("Syntax error.\n"); continue; diff --git a/bin/systrace/lex.l b/bin/systrace/lex.l index 87ab4ecddfd..e23d68f0b36 100644 --- a/bin/systrace/lex.l +++ b/bin/systrace/lex.l @@ -1,4 +1,4 @@ -/* $OpenBSD: lex.l,v 1.19 2015/01/16 00:19:12 deraadt Exp $ */ +/* $OpenBSD: lex.l,v 1.20 2015/04/18 18:28:37 deraadt Exp $ */ /* * Copyright 2002 Niels Provos <provos@citi.umich.edu> @@ -103,7 +103,14 @@ as { return AS; } "<" { return LESSER; } ">" { return GREATER; } [\_\$A-Za-z][\.\(\)\/A-Za-z_\-0-9]*\$? { yylval.string = strdup(yytext); return STRING; } -[0-9]+ { yylval.number = atoi(yytext); return NUMBER; } +[0-9]+ { + const char *errstr; + yylval.number = strtonum(yytext, 0, INT_MAX, &errstr); + if (errstr) { + yyerror("number %s: %s", yytext, errstr); + } + return NUMBER; + } \" { BEGIN(quote); *quotestr = '\0'; quoteescape = 0; diff --git a/bin/systrace/systrace.c b/bin/systrace/systrace.c index 2b701d9aa34..ce3b0ee90e1 100644 --- a/bin/systrace/systrace.c +++ b/bin/systrace/systrace.c @@ -1,4 +1,4 @@ -/* $OpenBSD: systrace.c,v 1.62 2015/01/16 00:19:12 deraadt Exp $ */ +/* $OpenBSD: systrace.c,v 1.63 2015/04/18 18:28:37 deraadt Exp $ */ /* * Copyright 2002 Niels Provos <provos@citi.umich.edu> * All rights reserved. @@ -647,6 +647,7 @@ main(int argc, char **argv) char **args; char *filename = NULL; char *policypath = NULL; + const char *errstr; struct timeval tv; pid_t pidattach = 0; int usex11 = 1; @@ -707,7 +708,8 @@ main(int argc, char **argv) case 'p': if (setcredentials) usage(); - if ((pidattach = atoi(optarg)) == 0) { + pidattach = strtonum(optarg, 1, INT_MAX, &errstr); + if (errstr) { warnx("bad pid: %s", optarg); usage(); } |