[openssh-commits] [openssh] 01/05: upstream commit
git+noreply at mindrot.org
git+noreply at mindrot.org
Tue Mar 14 14:20:01 AEDT 2017
This is an automated email from the git hooks/post-receive script.
dtucker pushed a commit to branch master
in repository openssh.
commit f5746b40cfe6d767c8e128fe50c43274b31cd594
Author: dtucker at openbsd.org <dtucker at openbsd.org>
Date: Tue Mar 14 00:25:03 2017 +0000
upstream commit
Check for integer overflow when parsing times in
convtime(). Reported by nicolas.iooss at m4x.org, ok djm@
Upstream-ID: 35e6a4e98f6fa24df50bfb8ba1307cf70e966f13
---
misc.c | 17 +++++++++++------
1 file changed, 11 insertions(+), 6 deletions(-)
diff --git a/misc.c b/misc.c
index 65c9222..08fcb38 100644
--- a/misc.c
+++ b/misc.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: misc.c,v 1.107 2016/11/30 00:28:31 dtucker Exp $ */
+/* $OpenBSD: misc.c,v 1.108 2017/03/14 00:25:03 dtucker Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
* Copyright (c) 2005,2006 Damien Miller. All rights reserved.
@@ -306,7 +306,7 @@ a2tun(const char *s, int *remote)
long
convtime(const char *s)
{
- long total, secs;
+ long total, secs, multiplier = 1;
const char *p;
char *endp;
@@ -333,23 +333,28 @@ convtime(const char *s)
break;
case 'm':
case 'M':
- secs *= MINUTES;
+ multiplier = MINUTES;
break;
case 'h':
case 'H':
- secs *= HOURS;
+ multiplier = HOURS;
break;
case 'd':
case 'D':
- secs *= DAYS;
+ multiplier = DAYS;
break;
case 'w':
case 'W':
- secs *= WEEKS;
+ multiplier = WEEKS;
break;
default:
return -1;
}
+ if (secs > LONG_MAX / multiplier)
+ return -1;
+ secs *= multiplier;
+ if (total > LONG_MAX - secs)
+ return -1;
total += secs;
if (total < 0)
return -1;
--
To stop receiving notification emails like this one, please contact
djm at mindrot.org.
More information about the openssh-commits
mailing list