From e4f95966495f097ca1bf9874d25f98da77a04062 Mon Sep 17 00:00:00 2001 From: jsing <> Date: Sun, 18 Nov 2012 04:13:39 +0000 Subject: [PATCH] Ensure that the base provided to strtol(3) is between 2 and 36 inclusive, or the special value of 0. ok deraadt@ otto@ --- src/lib/libc/stdlib/strtol.c | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/src/lib/libc/stdlib/strtol.c b/src/lib/libc/stdlib/strtol.c index 5a244766..745bc4c2 100644 --- a/src/lib/libc/stdlib/strtol.c +++ b/src/lib/libc/stdlib/strtol.c @@ -1,4 +1,4 @@ -/* $OpenBSD: strtol.c,v 1.7 2005/08/08 08:05:37 espie Exp $ */ +/* $OpenBSD: strtol.c,v 1.8 2012/11/18 04:13:39 jsing Exp $ */ /*- * Copyright (c) 1990 The Regents of the University of California. * All rights reserved. @@ -48,6 +48,17 @@ strtol(const char *nptr, char **endptr, int base) int c; int neg, any, cutlim; + /* + * Ensure that base is between 2 and 36 inclusive, or the special + * value of 0. + */ + if (base != 0 && (base < 2 || base > 36)) { + if (endptr != 0) + *endptr = nptr; + errno = EINVAL; + return 0; + } + /* * Skip white space and pick up leading +/- sign if any. * If base is 0, allow 0x for hex and 0 for octal, else