From cd420706fe34572f88c6bf1739565b844a0ecedf Mon Sep 17 00:00:00 2001
From: bapt <bapt@FreeBSD.org>
Date: Mon, 13 Jul 2015 05:56:27 +0000
Subject: Prevent potential integer overflow

PR:		192971
Submitted by:	David Carlier <david.carlier@hardenedbsd.org>
---
 bin/ls/ls.c | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

(limited to 'bin/ls')

diff --git a/bin/ls/ls.c b/bin/ls/ls.c
index 926d2bc..df8cc2d 100644
--- a/bin/ls/ls.c
+++ b/bin/ls/ls.c
@@ -158,6 +158,7 @@ main(int argc, char *argv[])
 	struct winsize win;
 	int ch, fts_options, notused;
 	char *p;
+	const char *errstr = NULL;
 #ifdef COLORLS
 	char termcapbuf[1024];	/* termcap definition buffer */
 	char tcapbuf[512];	/* capability buffer */
@@ -170,7 +171,7 @@ main(int argc, char *argv[])
 	if (isatty(STDOUT_FILENO)) {
 		termwidth = 80;
 		if ((p = getenv("COLUMNS")) != NULL && *p != '\0')
-			termwidth = atoi(p);
+			termwidth = strtonum(p, 0, INT_MAX, &errstr);
 		else if (ioctl(STDOUT_FILENO, TIOCGWINSZ, &win) != -1 &&
 		    win.ws_col > 0)
 			termwidth = win.ws_col;
@@ -180,9 +181,12 @@ main(int argc, char *argv[])
 		/* retrieve environment variable, in case of explicit -C */
 		p = getenv("COLUMNS");
 		if (p)
-			termwidth = atoi(p);
+			termwidth = strtonum(p, 0, INT_MAX, &errstr);
 	}
 
+	if (errstr)
+		termwidth = 80;
+
 	fts_options = FTS_PHYSICAL;
 	if (getenv("LS_SAMESORT"))
 		f_samesort = 1;
-- 
cgit v1.1