sh: Reject integer overflow in number and is_number.

author: jilles <jilles@FreeBSD.org> 2014-08-17 16:40:29 +0000
committer: jilles <jilles@FreeBSD.org> 2014-08-17 16:40:29 +0000
commit: 111223ceeb0e298f0da75e61dcb81550bab1ef01 (patch)
tree: 8bc372a4d3854febe0b26f9ea973812a0638f56b /bin/sh
parent: 7f580421d9cf07f502a2a520cc39d458bacfbc82 (diff)
download: FreeBSD-src-111223ceeb0e298f0da75e61dcb81550bab1ef01.zip
FreeBSD-src-111223ceeb0e298f0da75e61dcb81550bab1ef01.tar.gz
1 files changed, 11 insertions, 3 deletions
diff --git a/bin/sh/mystring.c b/bin/sh/mystring.c
index 03ea8ba..19de78d 100644
--- a/bin/sh/mystring.c
+++ b/bin/sh/mystring.c
@@ -82,9 +82,17 @@ number(const char *s)
 int
 is_number(const char *p)
 {
-	do {
-		if (! is_digit(*p))
+	const char *q;
+
+	if (*p == '\0')
+		return 0;
+	while (*p == '0')
+		p++;
+	for (q = p; *q != '\0'; q++)
+		if (! is_digit(*q))
 			return 0;
-	} while (*++p != '\0');
+	if (q - p > 10 ||
+	    (q - p == 10 && memcmp(p, "2147483647", 10) > 0))
+		return 0;
 	return 1;
 }
author	jilles <jilles@FreeBSD.org>	2014-08-17 16:40:29 +0000
committer	jilles <jilles@FreeBSD.org>	2014-08-17 16:40:29 +0000
commit	111223ceeb0e298f0da75e61dcb81550bab1ef01 (patch)
tree	8bc372a4d3854febe0b26f9ea973812a0638f56b /bin/sh
parent	7f580421d9cf07f502a2a520cc39d458bacfbc82 (diff)
download	FreeBSD-src-111223ceeb0e298f0da75e61dcb81550bab1ef01.zip FreeBSD-src-111223ceeb0e298f0da75e61dcb81550bab1ef01.tar.gz