diff options
author | jilles <jilles@FreeBSD.org> | 2014-07-05 21:50:59 +0000 |
---|---|---|
committer | jilles <jilles@FreeBSD.org> | 2014-07-05 21:50:59 +0000 |
commit | df3c34c7bdb3972fd2c119ee73762a066a2f6e4b (patch) | |
tree | e6bd15f67118c878b7f1bdd679fb9cf42dd8cc67 /bin/sh | |
parent | f62356bcf8a3e383ff73a112cef93d082efdcb3d (diff) | |
download | FreeBSD-src-df3c34c7bdb3972fd2c119ee73762a066a2f6e4b.zip FreeBSD-src-df3c34c7bdb3972fd2c119ee73762a066a2f6e4b.tar.gz |
sh: Fix overflow checking on 'ulimit' operand.
Diffstat (limited to 'bin/sh')
-rw-r--r-- | bin/sh/miscbltin.c | 24 |
1 files changed, 14 insertions, 10 deletions
diff --git a/bin/sh/miscbltin.c b/bin/sh/miscbltin.c index 27fa53d..54b41cc 100644 --- a/bin/sh/miscbltin.c +++ b/bin/sh/miscbltin.c @@ -414,7 +414,6 @@ static const struct limits limits[] = { int ulimitcmd(int argc __unused, char **argv __unused) { - int c; rlim_t val = 0; enum { SOFT = 0x1, HARD = 0x2 } how = SOFT | HARD; @@ -453,17 +452,22 @@ ulimitcmd(int argc __unused, char **argv __unused) if (strcmp(p, "unlimited") == 0) val = RLIM_INFINITY; else { - val = 0; + char *end; + uintmax_t uval; - while ((c = *p++) >= '0' && c <= '9') - { - val = (val * 10) + (long)(c - '0'); - if (val < 0) - break; - } - if (c) + if (*p < '0' || *p > '9') + error("bad number"); + errno = 0; + uval = strtoumax(p, &end, 10); + if (errno != 0 || *end != '\0') + error("bad number"); + if (uval > UINTMAX_MAX / l->factor) + error("bad number"); + uval *= l->factor; + val = (rlim_t)uval; + if (val < 0 || (uintmax_t)val != uval || + val == RLIM_INFINITY) error("bad number"); - val *= l->factor; } } if (all) { |