From: "Theo de Raadt" <deraadt@openbsd.org>
Subject: Re: smtpd: implement RFC9422 LIMITS extension utilization
To: "Omar Polo" <op@omarpolo.com>
Cc: Martijn van Duren <openbsd+tech@list.imperialat.at>, "Kirill A. Korinsky" <kirill@korins.ky>, tech@openbsd.org
Date: Sun, 15 Mar 2026 11:18:48 -0600

Omar Polo <op@omarpolo.com> wrote:

> > > +					if (limit != NULL) {
> > > +						errno = 0;
> > > +						l = strtol(p0, &p, 10);
> > > +
> > > +						fail = errno != 0 || p0 == p;
> > > +						fail |= l <= 0;
> > > +						fail |=
> > > +						    p[0] != ' ' && p[0] != '\0';

That strtol chunk is terrible, and pretty much NOONE can validate that
this doesn't have a bug.  There's some seriously dangerous "noone else needs
to check my work later on" vibe going on here.  Doing things of this complexity
from first principles is the wrong way to write code.

If anyone HAS to use strtol, they should copy the chunk directly out of
the manual page and adapt it minimally for variable names, so that someone
else can validate ALL the weird cases of this API have been followed.
"Oh yes, this accurately matches the pattern my eyes are used to looking for".

Alternatively, take the damn advice in the manual page and realize it
is too difficult to use correctly, too difficult for other people to
evaluage for correctness, and use something else which is easier.  Something
plugged into 100's of other places to avoid this cannot-audit problem.