From: Omar Polo Subject: Re: usr.bin/patch: use strtonum instead of atoi() To: Theo de Raadt Cc: Alexander Bluhm , tech@openbsd.org Date: Thu, 29 Aug 2024 22:59:33 +0200 On 2024/08/29 11:00:14 -0600, "Theo de Raadt" wrote: > The bounds are pretty high, but it looks reasonable. my other idea was to use 10000, would it be preferred? It's difficult to come up with tight bounds here, nor desiderable, but yeah, INT_MAX is way too much. 10k should be still way, wayyy more than needed but still far away from INT_MAX to avoid overflows. diff 5a1af3cffe24ad9d9a983a89b5a57b51a5cc18b3 debbbbdb66ccdd01868b59f04122ff2e5eb72798 commit - 5a1af3cffe24ad9d9a983a89b5a57b51a5cc18b3 commit + debbbbdb66ccdd01868b59f04122ff2e5eb72798 blob - 96da0572381e10ed35a0196c6425fc0a5ec4f0c6 blob + d39a3e6113a9b4d0269f3d9a9f413bf22da77a17 --- usr.bin/patch/patch.c +++ usr.bin/patch/patch.c @@ -542,6 +542,7 @@ get_some_switches(void) {NULL, 0, 0, 0} }; int ch; + const char *errstr; rejname[0] = '\0'; Argc_last = Argc; @@ -598,7 +599,10 @@ get_some_switches(void) force = true; break; case 'F': - maxfuzz = atoi(optarg); + maxfuzz = strtonum(optarg, 0, 10000, &errstr); + if (errstr != NULL) + fatal("maximum fuzz is %s: %s\n", + errstr, optarg); break; case 'i': if (++filec == MAXFILEC) @@ -618,7 +622,10 @@ get_some_switches(void) outname = xstrdup(optarg); break; case 'p': - strippath = atoi(optarg); + strippath = strtonum(optarg, 0, 10000, &errstr); + if (errstr != NULL) + fatal("strip count is %s: %s\n", + errstr, optarg); break; case 'r': if (strlcpy(rejname, optarg, @@ -647,7 +654,10 @@ get_some_switches(void) break; #ifdef DEBUGGING case 'x': - debug = atoi(optarg); + debug = strtonum(optarg, 0, 10000, &errstr); + if (errstr != NULL) + fatal("debug number is %s: %s\n", + errstr, optarg); break; #endif default: