diff options
author | Robert James Kaes <rjk@wormbytes.ca> | 2008-06-16 20:52:40 -0400 |
---|---|---|
committer | Mukund Sivaraman <muks@banu.com> | 2008-06-17 13:32:20 +0530 |
commit | c8cf89a954983b92fe4ea94706cccadfe6a148c0 (patch) | |
tree | 9d5b0e2c26a83f7badc5e444418dfa686df9a779 /src | |
parent | 51fb15be2c4c9ae7646659fad93358a3b080a521 (diff) | |
download | tinyproxy-c8cf89a954983b92fe4ea94706cccadfe6a148c0.tar.gz tinyproxy-c8cf89a954983b92fe4ea94706cccadfe6a148c0.zip |
Add strtol conversion error checking
Moved the strtol() call into fill_netmask_array() and added additional
error checking to ensure that the strtol() call succeeded.
Error checking code taken from strtol() manpage.
Signed-off-by: Robert James Kaes <rjk@wormbytes.ca>
Diffstat (limited to 'src')
-rw-r--r-- | src/acl.c | 19 |
1 files changed, 15 insertions, 4 deletions
@@ -67,13 +67,26 @@ static vector_t access_list = NULL; * */ inline static int -fill_netmask_array(long int mask, unsigned char array[], unsigned int len) +fill_netmask_array(char *bitmask_string, unsigned char array[], unsigned int len) { unsigned int i; + long int mask; + char *endptr; + + errno = 0; /* to distinguish success/failure after call */ + mask = strtol(bitmask_string, &endptr, 10); + /* check for various conversion errors */ + if ((errno == ERANGE && (mask == LONG_MIN || mask == LONG_MAX)) + || (errno != 0 && mask == 0) + || (endptr == bitmask_string)) + return -1; + + /* valid range for a bit mask */ if (mask < 0 || mask > (8 * len)) return -1; + /* we have a valid range to fill in the array */ for (i = 0; i != len; ++i) { if (mask >= 8) { array[i] = 0xff; @@ -106,7 +119,6 @@ insert_acl(char *location, acl_access_t access_type) { struct acl_s acl; int ret; - long int mask; char *p, ip_dst[IPV6_LEN]; assert(location != NULL); @@ -154,8 +166,7 @@ insert_acl(char *location, acl_access_t access_type) acl.type = ACL_NUMERIC; memcpy(acl.address.ip.octet, ip_dst, IPV6_LEN); - mask = strtol(p + 1, NULL, 10); - if (fill_netmask_array(mask, &(acl.address.ip.mask[0]), IPV6_LEN) < 0) + if (fill_netmask_array(p + 1, &(acl.address.ip.mask[0]), IPV6_LEN) < 0) return -1; } else { /* In all likelihood a string */ |