Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 5 Jul 2014 21:50:59 +0000 (UTC)
From:      Jilles Tjoelker <jilles@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org
Subject:   svn commit: r268304 - head/bin/sh
Message-ID:  <201407052150.s65LoxMR091253@svn.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: jilles
Date: Sat Jul  5 21:50:59 2014
New Revision: 268304
URL: http://svnweb.freebsd.org/changeset/base/268304

Log:
  sh: Fix overflow checking on 'ulimit' operand.

Modified:
  head/bin/sh/miscbltin.c

Modified: head/bin/sh/miscbltin.c
==============================================================================
--- head/bin/sh/miscbltin.c	Sat Jul  5 21:34:37 2014	(r268303)
+++ head/bin/sh/miscbltin.c	Sat Jul  5 21:50:59 2014	(r268304)
@@ -414,7 +414,6 @@ static const struct limits limits[] = {
 int
 ulimitcmd(int argc __unused, char **argv __unused)
 {
-	int	c;
 	rlim_t val = 0;
 	enum { SOFT = 0x1, HARD = 0x2 }
 			how = SOFT | HARD;
@@ -453,17 +452,22 @@ ulimitcmd(int argc __unused, char **argv
 		if (strcmp(p, "unlimited") == 0)
 			val = RLIM_INFINITY;
 		else {
-			val = 0;
+			char *end;
+			uintmax_t uval;
 
-			while ((c = *p++) >= '0' && c <= '9')
-			{
-				val = (val * 10) + (long)(c - '0');
-				if (val < 0)
-					break;
-			}
-			if (c)
+			if (*p < '0' || *p > '9')
+				error("bad number");
+			errno = 0;
+			uval = strtoumax(p, &end, 10);
+			if (errno != 0 || *end != '\0')
+				error("bad number");
+			if (uval > UINTMAX_MAX / l->factor)
+				error("bad number");
+			uval *= l->factor;
+			val = (rlim_t)uval;
+			if (val < 0 || (uintmax_t)val != uval ||
+			    val == RLIM_INFINITY)
 				error("bad number");
-			val *= l->factor;
 		}
 	}
 	if (all) {



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201407052150.s65LoxMR091253>