Prevent integer overflow of very large escape sequence params. Fixes #274.

2012-05-16 12:16:50 -04:00
parent b0e05776f1
commit 1cf12f9e9b
1 changed files with 14 additions and 6 deletions
@@ -81,10 +81,16 @@ void Dispatcher::parse_params( void )

    errno = 0;
    char *endptr;
-    int val = strtol( segment_begin, &endptr, 10 );
+    long val = strtol( segment_begin, &endptr, 10 );
    if ( endptr == segment_begin ) {
      val = -1;
    }
+
+    if ( val > PARAM_MAX || errno == ERANGE ) {
+      val = -1;
+      errno = 0;
+    }
+
    if ( errno == 0 || segment_begin == endptr ) {
      parsed_params.push_back( val );
    }
@@ -95,10 +101,16 @@ void Dispatcher::parse_params( void )
  /* get last param */
  errno = 0;
  char *endptr;
-  int val = strtol( segment_begin, &endptr, 10 );
+  long val = strtol( segment_begin, &endptr, 10 );
  if ( endptr == segment_begin ) {
    val = -1;
  }
+
+  if ( val > PARAM_MAX || errno == ERANGE ) {
+    val = -1;
+    errno = 0;
+  }
+
  if ( errno == 0 || segment_begin == endptr ) {
    parsed_params.push_back( val );
  }
@@ -117,10 +129,6 @@ int Dispatcher::getparam( size_t N, int defaultval )
    ret = parsed_params[ N ];
  }

-  if ( ret > PARAM_MAX ) {
-    ret = defaultval;
-  }
-
  if ( ret < 1 ) ret = defaultval;

  return ret;