From: Damien Miller <djm@mindrot.org>
Subject: Re: openssh: fractional-second PerSourcePenalties part 1
To: Theo de Raadt <deraadt@openbsd.org>
Cc: tech@openbsd.org, openssh@openssh.com
Date: Mon, 1 Dec 2025 17:10:11 +1100

On Sun, 30 Nov 2025, Theo de Raadt wrote:

> I think
> 
>   Nan(Bull.shit)
> 
> is also valid input nowadays.
> 
> The standards groups are commited to making things worse.

sigh, we really can't have nice things. I think this avoids all
of these wacky forms. I guess sscanf() would be no better here either.

We don't setlocale(LC_NUMERIC, ...) in OpenSSH, so 0,111 shouldn't
be a problem. If that somehow snuck in, then with the below it would
fail reasonably safely AFAIK.

Unless you want to do a strtodnum :)

diff --git a/misc.c b/misc.c
index 20eb305..b2276bb 100644
--- a/misc.c
+++ b/misc.c
@@ -619,6 +619,9 @@ convtime_usec(const char *s)
 		errno = 0;
 		if ((val = strtod(p, &endp)) < 0 || errno != 0 || p == endp)
 			return -1;
+		/* Allow only decimal forms */
+		if (p + strspn(p, "0123456789.") != endp)
+			return -1;
 		start_p = p;
 		p = endp;