Use getint() instead of intval() for parsing the columns variable,

allowing the addition of more accurate bounds and garbage checks.
ok millert

1 files changed, 13 insertions, 3 deletions

diff --git a/bin/ksh/var.c b/bin/ksh/var.c
index 540adc1caa0..e747f2ea55a 100644
--- a/bin/ksh/var.c
+++ b/bin/ksh/var.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: var.c,v 1.40 2014/12/12 05:00:55 jsg Exp $	*/
+/*	$OpenBSD: var.c,v 1.41 2015/04/17 17:20:41 deraadt Exp $	*/
 
 #include "sh.h"
 #include <time.h>
@@ -1007,8 +1007,18 @@ setspec(struct tbl *vp)
 			set_editmode(str_val(vp));
 		break;
 	case V_COLUMNS:
-		if ((x_cols = intval(vp)) <= MIN_COLS)
-			x_cols = MIN_COLS;
+		{
+			long l;
+
+			if (getint(vp, &l, false) == -1) {
+				x_cols = MIN_COLS;
+				break;
+			}
+			if (l <= MIN_COLS || l > INT_MAX)
+				x_cols = MIN_COLS;
+			else
+				x_cols = l;
+		}
 		break;
 #endif /* EDIT */
 	case V_MAIL: