commit 7d26fc695d548b5a73305a97dce274a313e0f602
parent dff98c0bcaef7be220c563ebaebd66f8c6704197
Author: Laslo Hunhold <dev@frign.de>
Date: Sun, 1 Nov 2020 01:47:11 +0100
Prevent overflow in strtonum()-parameters
Make sure not to overflow the long long value. Given the standard
doesn't bring any tangible guarantees for the upper limits of size_t,
we just determine which (long long or size_t) is larger at compile time.
Thanks José Miguel Sánchez García for reporting this!
Signed-off-by: Laslo Hunhold <dev@frign.de>
Diffstat:
1 file changed, 6 insertions(+), 3 deletions(-)
diff --git a/http.c b/http.c
@@ -491,10 +491,13 @@ parse_range(const char *str, size_t size, size_t *lower, size_t *upper)
* last byte if 'last' is not given),
* inclusively, and byte-numbering beginning at 0
*/
- *lower = strtonum(first, 0, SIZE_MAX, &err);
+ *lower = strtonum(first, 0, MIN(SIZE_MAX, LLONG_MAX),
+ &err);
if (!err) {
if (last[0] != '\0') {
- *upper = strtonum(last, 0, SIZE_MAX, &err);
+ *upper = strtonum(last, 0,
+ MIN(SIZE_MAX, LLONG_MAX),
+ &err);
} else {
*upper = size - 1;
}
@@ -526,7 +529,7 @@ parse_range(const char *str, size_t size, size_t *lower, size_t *upper)
* use upper as a temporary storage for 'num',
* as we know 'upper' is size - 1
*/
- *upper = strtonum(last, 0, SIZE_MAX, &err);
+ *upper = strtonum(last, 0, MIN(SIZE_MAX, LLONG_MAX), &err);
if (err) {
return S_BAD_REQUEST;
}
