Author: jilles
Date: Sat Jul 5 21:50:59 2014
New Revision: 268304
URL: http://svnweb.freebsd.org/changeset/base/268304
Log:
sh: Fix overflow checking on 'ulimit' operand.
Modified:
head/bin/sh/miscbltin.c
Modified: head/bin/sh/miscbltin.c
==============================================================================
--- head/bin/sh/miscbltin.c Sat Jul 5 21:34:37 2014 (r268303)
+++ head/bin/sh/miscbltin.c Sat Jul 5 21:50:59 2014 (r268304)
@@ -414,7 +414,6 @@ static const struct limits limits[] = {
int
ulimitcmd(int argc __unused, char **argv __unused)
{
- int c;
rlim_t val = 0;
enum { SOFT = 0x1, HARD = 0x2 }
how = SOFT | HARD;
@@ -453,17 +452,22 @@ ulimitcmd(int argc __unused, char **argv
if (strcmp(p, "unlimited") == 0)
val = RLIM_INFINITY;
else {
- val = 0;
+ char *end;
+ uintmax_t uval;
- while ((c = *p++) >= '0' && c <= '9')
- {
- val = (val * 10) + (long)(c - '0');
- if (val < 0)
- break;
- }
- if (c)
+ if (*p < '0' || *p > '9')
+ error("bad number");
+ errno = 0;
+ uval = strtoumax(p, &end, 10);
+ if (errno != 0 || *end != '\0')
+ error("bad number");
+ if (uval > UINTMAX_MAX / l->factor)
+ error("bad number");
+ uval *= l->factor;
+ val = (rlim_t)uval;
+ if (val < 0 || (uintmax_t)val != uval ||
+ val == RLIM_INFINITY)
error("bad number");
- val *= l->factor;
}
}
if (all) {
_______________________________________________
svn-src-head@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
