Range check default values so that a range like

'[1 - 0] [1]' can no longer return '1'. Issue reported by Alexi Malinin via bugs@. Thanks!
author: krw <krw@openbsd.org> 2017-11-16 11:08:28 +0000
committer: krw <krw@openbsd.org> 2017-11-16 11:08:28 +0000
commit: 47b814cf713ca15f07fb2e6871bbb61828755144 (patch)
tree: 49500e9a0af5ca103f6f8101331de884d38ddf2e
parent: Add error checking to some calls to __find_arguments(). Matches similar (diff)
download: wireguard-openbsd-47b814cf713ca15f07fb2e6871bbb61828755144.tar.xz
wireguard-openbsd-47b814cf713ca15f07fb2e6871bbb61828755144.zip
1 files changed, 5 insertions, 3 deletions
diff --git a/sbin/fdisk/misc.c b/sbin/fdisk/misc.c
index c4a8b979e20..d2920f00bea 100644
--- a/sbin/fdisk/misc.c
+++ b/sbin/fdisk/misc.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: misc.c,v 1.61 2015/11/26 08:15:07 tim Exp $	*/
+/*	$OpenBSD: misc.c,v 1.62 2017/11/16 11:08:28 krw Exp $	*/
 
 /*
  * Copyright (c) 1997 Tobias Weingartner
@@ -210,7 +210,7 @@ getuint64(char *prompt, u_int64_t oval, u_int64_t minval, u_int64_t maxval)
 	size_t n;
 	int64_t mult = 1;
 	double d, d2;
-	int secpercyl, saveerr;
+	int rslt, secpercyl, saveerr;
 	char unit;
 
 	if (oval > maxval)
@@ -228,7 +228,9 @@ getuint64(char *prompt, u_int64_t oval, u_int64_t minval, u_int64_t maxval)
 			errx(1, "eof");
 
 		if (buf[0] == '\0') {
-			return (oval);
+			rslt = snprintf(buf, sizeof(buf), "%llu", oval);
+			if (rslt == -1 || rslt >= sizeof(buf))
+				errx(1, "default value too long");
 		} else if (buf[0] == '*' && buf[1] == '\0') {
 			return (maxval);
 		}
author	krw <krw@openbsd.org>	2017-11-16 11:08:28 +0000
committer	krw <krw@openbsd.org>	2017-11-16 11:08:28 +0000
commit	47b814cf713ca15f07fb2e6871bbb61828755144 (patch)
tree	49500e9a0af5ca103f6f8101331de884d38ddf2e
parent	Add error checking to some calls to __find_arguments(). Matches similar (diff)
download	wireguard-openbsd-47b814cf713ca15f07fb2e6871bbb61828755144.tar.xz wireguard-openbsd-47b814cf713ca15f07fb2e6871bbb61828755144.zip