From: "Theo de Raadt" Subject: Re: openssh: fractional-second PerSourcePenalties part 1 To: Damien Miller Cc: tech@openbsd.org, openssh@openssh.com Date: Mon, 01 Dec 2025 09:28:44 -0700 Damien Miller wrote: > On Sun, 30 Nov 2025, Theo de Raadt wrote: > > > I think > > > > Nan(Bull.shit) > > > > is also valid input nowadays. > > > > The standards groups are commited to making things worse. > > sigh, we really can't have nice things. I think this avoids all > of these wacky forms. I guess sscanf() would be no better here either. > > We don't setlocale(LC_NUMERIC, ...) in OpenSSH, so 0,111 shouldn't > be a problem. If that somehow snuck in, then with the below it would > fail reasonably safely AFAIK. > > Unless you want to do a strtodnum :) > > diff --git a/misc.c b/misc.c > index 20eb305..b2276bb 100644 > --- a/misc.c > +++ b/misc.c > @@ -619,6 +619,9 @@ convtime_usec(const char *s) > errno = 0; > if ((val = strtod(p, &endp)) < 0 || errno != 0 || p == endp) > return -1; > + /* Allow only decimal forms */ > + if (p + strspn(p, "0123456789.") != endp) > + return -1; > start_p = p; > p = endp; That looks like a reasonable way of catching the problem. It removes the ability to exercise -, +, NaN Infinity, ( ). It assumes the whitespace is earlier. It pins the trailing multiplier character.