Convert many atoi() calls to strtonum(), adding range checks and failure

handling along the way.
Reviews by Brendan MacDonell, Jeremy Devenport, florian, doug, millert

1 files changed, 5 insertions, 2 deletions

diff --git a/libexec/comsat/comsat.c b/libexec/comsat/comsat.c
index b77ef5aa13b..855221b756c 100644
--- a/libexec/comsat/comsat.c
+++ b/libexec/comsat/comsat.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: comsat.c,v 1.38 2015/01/16 06:39:49 deraadt Exp $	*/
+/*	$OpenBSD: comsat.c,v 1.39 2015/04/18 18:28:37 deraadt Exp $	*/
 
 /*
  * Copyright (c) 1980, 1993
@@ -200,13 +200,16 @@ mailfor(char *name)
 {
 	struct utmp *utp = &utmp[nutmp];
 	char utname[UT_NAMESIZE+1];
+	const char *errstr;
 	char *cp;
 	off_t offset;
 
 	if (!(cp = strchr(name, '@')))
 		return;
 	*cp = '\0';
-	offset = atoi(cp + 1);
+	offset = strtonum(cp + 1, 0, LLONG_MAX, &errstr);
+	if (errstr)
+		return;
 	while (--utp >= utmp) {
 		memcpy(utname, utp->ut_name, UT_NAMESIZE);
 		utname[UT_NAMESIZE] = '\0';