Date: Sat, 5 Jul 2014 21:50:59 +0000 (UTC) From: Jilles Tjoelker <jilles@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r268304 - head/bin/sh Message-ID: <201407052150.s65LoxMR091253@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: jilles Date: Sat Jul 5 21:50:59 2014 New Revision: 268304 URL: http://svnweb.freebsd.org/changeset/base/268304 Log: sh: Fix overflow checking on 'ulimit' operand. Modified: head/bin/sh/miscbltin.c Modified: head/bin/sh/miscbltin.c ============================================================================== --- head/bin/sh/miscbltin.c Sat Jul 5 21:34:37 2014 (r268303) +++ head/bin/sh/miscbltin.c Sat Jul 5 21:50:59 2014 (r268304) @@ -414,7 +414,6 @@ static const struct limits limits[] = { int ulimitcmd(int argc __unused, char **argv __unused) { - int c; rlim_t val = 0; enum { SOFT = 0x1, HARD = 0x2 } how = SOFT | HARD; @@ -453,17 +452,22 @@ ulimitcmd(int argc __unused, char **argv if (strcmp(p, "unlimited") == 0) val = RLIM_INFINITY; else { - val = 0; + char *end; + uintmax_t uval; - while ((c = *p++) >= '0' && c <= '9') - { - val = (val * 10) + (long)(c - '0'); - if (val < 0) - break; - } - if (c) + if (*p < '0' || *p > '9') + error("bad number"); + errno = 0; + uval = strtoumax(p, &end, 10); + if (errno != 0 || *end != '\0') + error("bad number"); + if (uval > UINTMAX_MAX / l->factor) + error("bad number"); + uval *= l->factor; + val = (rlim_t)uval; + if (val < 0 || (uintmax_t)val != uval || + val == RLIM_INFINITY) error("bad number"); - val *= l->factor; } } if (all) {
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201407052150.s65LoxMR091253>