 |
Prevent overflow in strtonum()-parameters - quark - quark web server |
 |
git clone git://git.suckless.org/quark |
 |
Log |
|
Files |
|
Refs |
|
LICENSE |
|
--- |
|
commit 7d26fc695d548b5a73305a97dce274a313e0f602 |
|
parent dff98c0bcaef7be220c563ebaebd66f8c6704197 |
|
Author: Laslo Hunhold <[email protected]> |
|
Date: Sun, 1 Nov 2020 01:47:11 +0100 |
|
|
|
Prevent overflow in strtonum()-parameters |
|
|
|
Make sure not to overflow the long long value. Given the standard |
|
doesn't bring any tangible guarantees for the upper limits of size_t, |
|
we just determine which (long long or size_t) is larger at compile time. |
|
|
|
Thanks José Miguel Sánchez García for reporting this! |
|
|
|
Signed-off-by: Laslo Hunhold <[email protected]> |
|
|
|
Diffstat: |
|
M http.c | 9 ++++++--- |
|
|
|
1 file changed, 6 insertions(+), 3 deletions(-) |
|
--- |
|
diff --git a/http.c b/http.c |
|
@@ -491,10 +491,13 @@ parse_range(const char *str, size_t size, size_t *lower, … |
|
* last byte if 'last' is not given), |
|
* inclusively, and byte-numbering beginning at 0 |
|
*/ |
|
- *lower = strtonum(first, 0, SIZE_MAX, &err); |
|
+ *lower = strtonum(first, 0, MIN(SIZE_MAX, LLONG_MAX), |
|
+ &err); |
|
if (!err) { |
|
if (last[0] != '\0') { |
|
- *upper = strtonum(last, 0, SIZE_MAX, &err); |
|
+ *upper = strtonum(last, 0, |
|
+ MIN(SIZE_MAX, LLONG_MAX), |
|
+ &err); |
|
} else { |
|
*upper = size - 1; |
|
} |
|
@@ -526,7 +529,7 @@ parse_range(const char *str, size_t size, size_t *lower, si… |
|
* use upper as a temporary storage for 'num', |
|
* as we know 'upper' is size - 1 |
|
*/ |
|
- *upper = strtonum(last, 0, SIZE_MAX, &err); |
|
+ *upper = strtonum(last, 0, MIN(SIZE_MAX, LLONG_MAX), &err); |
|
if (err) { |
|
return S_BAD_REQUEST; |
|
} |
