Catch integer underflow in scan_scaled reported by Nicolas Iooss.

ok deraadt@ djm@
author: dtucker <dtucker@openbsd.org> 2017-03-15 00:13:18 +0000
committer: dtucker <dtucker@openbsd.org> 2017-03-15 00:13:18 +0000
commit: ab2f187959a5ab6f85a15f663428b25e0ed70d12 (patch)
tree: 4bd0f20a7b0e502a9b28fbebdfd1d3b498538ef8
parent: a few more characters that are safe to print (diff)
download: wireguard-openbsd-ab2f187959a5ab6f85a15f663428b25e0ed70d12.tar.xz
wireguard-openbsd-ab2f187959a5ab6f85a15f663428b25e0ed70d12.zip
1 files changed, 6 insertions, 1 deletions
diff --git a/lib/libutil/fmt_scaled.c b/lib/libutil/fmt_scaled.c
index bbeb01fdd0e..76085153752 100644
--- a/lib/libutil/fmt_scaled.c
+++ b/lib/libutil/fmt_scaled.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: fmt_scaled.c,v 1.13 2017/03/11 23:37:23 djm Exp $	*/
+/*	$OpenBSD: fmt_scaled.c,v 1.14 2017/03/15 00:13:18 dtucker Exp $	*/
 
 /*
  * Copyright (c) 2001, 2002, 2003 Ian F. Darwin.  All rights reserved.
@@ -171,6 +171,11 @@ scan_scaled(char *scaled, long long *result)
 				return -1;
 			}
 
+			if (whole <= LLONG_MIN / scale_fact) {
+				errno = ERANGE;
+				return -1;
+			}
+
 			/* scale whole part */
 			whole *= scale_fact;
author	dtucker <dtucker@openbsd.org>	2017-03-15 00:13:18 +0000
committer	dtucker <dtucker@openbsd.org>	2017-03-15 00:13:18 +0000
commit	ab2f187959a5ab6f85a15f663428b25e0ed70d12 (patch)
tree	4bd0f20a7b0e502a9b28fbebdfd1d3b498538ef8
parent	a few more characters that are safe to print (diff)
download	wireguard-openbsd-ab2f187959a5ab6f85a15f663428b25e0ed70d12.tar.xz wireguard-openbsd-ab2f187959a5ab6f85a15f663428b25e0ed70d12.zip