[hackers] [quark] Import strtonum() and get rid of atoi() || Laslo Hunhold
commit 7f391b613419d6addf710392fa1ce64950f83f78
Author: Laslo Hunhold <dev_AT_frign.de>
AuthorDate: Tue Jul 4 22:21:36 2017 +0200
Commit: Laslo Hunhold <dev_AT_frign.de>
CommitDate: Tue Jul 4 22:21:36 2017 +0200
Import strtonum() and get rid of atoi()
diff --git a/quark.c b/quark.c
index b0708cf..af70cd4 100644
--- a/quark.c
+++ b/quark.c
_AT_@ -95,6 +95,8 @@ static char *status_str[] = {
[S_VERSION_NOT_SUPPORTED] = "HTTP Version not supported",
};
+long long strtonum(const char *, long long, long long, const char **);
+
static char *
timestamp(time_t t, char buf[TIMESTAMP_LEN])
{
_AT_@ -546,6 +548,7 @@ sendresponse(int fd, struct request *r)
off_t lower, upper;
static char realtarget[PATH_MAX], tmptarget[PATH_MAX], t[TIMESTAMP_LEN];
char *p, *q, *mime;
+ const char *err;
/* normalize target */
memcpy(realtarget, r->target, sizeof(realtarget));
_AT_@ -659,10 +662,13 @@ sendresponse(int fd, struct request *r)
}
*(q++) = '\0';
if (p[0]) {
- lower = atoi(p);
+ lower = strtonum(p, 0, LLONG_MAX, &err);
+ }
+ if (!err && q[0]) {
+ upper = strtonum(q, 0, LLONG_MAX, &err);
}
- if (q[0]) {
- upper = atoi(q);
+ if (err) {
+ return sendstatus(fd, S_BAD_REQUEST);
}
/* check range */
_AT_@ -967,3 +973,62 @@ main(int argc, char *argv[])
return 0;
}
+
+/*
+ * Copyright (c) 2004 Ted Unangst and Todd Miller
+ * All rights reserved.
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+#define INVALID 1
+#define TOOSMALL 2
+#define TOOLARGE 3
+
+long long
+strtonum(const char *numstr, long long minval, long long maxval,
+ const char **errstrp)
+{
+ long long ll = 0;
+ int error = 0;
+ char *ep;
+ struct errval {
+ const char *errstr;
+ int err;
+ } ev[4] = {
+ { NULL, 0 },
+ { "invalid", EINVAL },
+ { "too small", ERANGE },
+ { "too large", ERANGE },
+ };
+
+ ev[0].err = errno;
+ errno = 0;
+ if (minval > maxval) {
+ error = INVALID;
+ } else {
+ ll = strtoll(numstr, &ep, 10);
+ if (numstr == ep || *ep != '\0')
+ error = INVALID;
+ else if ((ll == LLONG_MIN && errno == ERANGE) || ll < minval)
+ error = TOOSMALL;
+ else if ((ll == LLONG_MAX && errno == ERANGE) || ll > maxval)
+ error = TOOLARGE;
+ }
+ if (errstrp != NULL)
+ *errstrp = ev[error].errstr;
+ errno = ev[error].err;
+ if (error)
+ ll = 0;
+
+ return (ll);
+}
Received on Tue Jul 04 2017 - 22:22:12 CEST
This archive was generated by hypermail 2.3.0
: Tue Jul 04 2017 - 22:24:47 CEST