diff options
| author | Theo de Raadt <deraadt@cvs.openbsd.org> | 2015-04-18 18:28:39 +0000 |
|---|---|---|
| committer | Theo de Raadt <deraadt@cvs.openbsd.org> | 2015-04-18 18:28:39 +0000 |
| commit | 82e40d211902d486d2871a1bc691d1768927efd5 (patch) | |
| tree | 73caeece4da00dad32b1e62383474772aae90893 /usr.bin/calendar | |
| parent | a15dfcc7862a97d34cf8fed2bb1292c14721e771 (diff) | |
Convert many atoi() calls to strtonum(), adding range checks and failure
handling along the way.
Reviews by Brendan MacDonell, Jeremy Devenport, florian, doug, millert
Diffstat (limited to 'usr.bin/calendar')
| -rw-r--r-- | usr.bin/calendar/calendar.c | 12 | ||||
| -rw-r--r-- | usr.bin/calendar/io.c | 12 |
2 files changed, 17 insertions, 7 deletions
diff --git a/usr.bin/calendar/calendar.c b/usr.bin/calendar/calendar.c index 85c28be895d..fcab233ec86 100644 --- a/usr.bin/calendar/calendar.c +++ b/usr.bin/calendar/calendar.c @@ -1,4 +1,4 @@ -/* $OpenBSD: calendar.c,v 1.30 2015/03/15 00:41:28 millert Exp $ */ +/* $OpenBSD: calendar.c,v 1.31 2015/04/18 18:28:37 deraadt Exp $ */ /* * Copyright (c) 1989, 1993, 1994 @@ -41,6 +41,7 @@ #include <stdio.h> #include <stdlib.h> #include <string.h> +#include <limits.h> #include <time.h> #include <unistd.h> @@ -68,6 +69,7 @@ int main(int argc, char *argv[]) { int ch; + const char *errstr; char *caldir; (void)setlocale(LC_ALL, ""); @@ -95,12 +97,16 @@ main(int argc, char *argv[]) break; case 'A': /* days after current date */ - f_dayAfter = atoi(optarg); + f_dayAfter = strtonum(optarg, 0, INT_MAX, &errstr); + if (errstr) + errx(1, "-A %s: %s", optarg, errstr); f_SetdayAfter = 1; break; case 'B': /* days before current date */ - f_dayBefore = atoi(optarg); + f_dayBefore = strtonum(optarg, 0, INT_MAX, &errstr); + if (errstr) + errx(1, "-B %s: %s", optarg, errstr); break; default: diff --git a/usr.bin/calendar/io.c b/usr.bin/calendar/io.c index d0a5e5847be..1e1950b2d30 100644 --- a/usr.bin/calendar/io.c +++ b/usr.bin/calendar/io.c @@ -1,4 +1,4 @@ -/* $OpenBSD: io.c,v 1.38 2015/03/15 00:41:28 millert Exp $ */ +/* $OpenBSD: io.c,v 1.39 2015/04/18 18:28:37 deraadt Exp $ */ /* * Copyright (c) 1989, 1993, 1994 @@ -281,12 +281,16 @@ getfield(char *p, char **endp, int *flags) } } if (i > NUMEV) { - switch(*start) { + const char *errstr; + + switch (*start) { case '-': case '+': - var = atoi(start); - if (var > 365 || var < -365) + var = strtonum(start + 1, 0, 365, &errstr); + if (errstr) return (0); /* Someone is just being silly */ + if (*start == '-') + var = -var; val += (NUMEV + 1) * var; /* We add one to the matching event and multiply by * (NUMEV + 1) so as not to return 0 if there's a match. |