summaryrefslogtreecommitdiff
path: root/usr.bin/sort/sort.c
diff options
context:
space:
mode:
authorTobias Stoeckmann <tobias@cvs.openbsd.org>2015-04-02 21:09:52 +0000
committerTobias Stoeckmann <tobias@cvs.openbsd.org>2015-04-02 21:09:52 +0000
commit3b3e2458469c3b7a54a16224bfa57e6e0c0d6b73 (patch)
tree7aeceaabf0f25ad7441c445b2c6363ba968dec7a /usr.bin/sort/sort.c
parent64ee1cd4a192376e6745215bef44b3ea6d27cd5a (diff)
Prevent integer overflow when parsing -S argument as percentage.
Also make sure that the parsed memory amount, stored in a long long, won't be larger than SIZE_MAX to properly support 32 bit systems. with input by and ok millert@
Diffstat (limited to 'usr.bin/sort/sort.c')
-rw-r--r--usr.bin/sort/sort.c8
1 files changed, 7 insertions, 1 deletions
diff --git a/usr.bin/sort/sort.c b/usr.bin/sort/sort.c
index a6d07cdbe59..e303eb9fcc3 100644
--- a/usr.bin/sort/sort.c
+++ b/usr.bin/sort/sort.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sort.c,v 1.73 2015/04/02 21:04:06 tobias Exp $ */
+/* $OpenBSD: sort.c,v 1.74 2015/04/02 21:09:51 tobias Exp $ */
/*-
* Copyright (C) 2009 Gabor Kovesdan <gabor@FreeBSD.org>
@@ -41,6 +41,7 @@
#include <regex.h>
#include <signal.h>
#include <stdbool.h>
+#include <stdint.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
@@ -368,6 +369,9 @@ parse_memory_buffer_value(const char *value)
case 'b':
break;
case '%':
+ if (available_free_memory != 0 &&
+ membuf > ULLONG_MAX / available_free_memory)
+ goto invalid;
membuf = (available_free_memory * membuf) /
100;
break;
@@ -375,6 +379,8 @@ parse_memory_buffer_value(const char *value)
warnc(EINVAL, "%s", optarg);
membuf = available_free_memory;
}
+ if (membuf > SIZE_MAX)
+ goto invalid;
return membuf;
invalid:
errx(2, "invalid memory buffer size: %s", value);