diff options
| author |   guenther <guenther@openbsd.org> | 2017-09-20 05:08:11 +0000 |
|---|---|---|
| committer | guenther <guenther@openbsd.org> | 2017-09-20 05:08:11 +0000 |
| commit | 0a7f810856cbfbb2117cdb2ef66974a8d764c50e (patch) | |
| tree | 6cea45c04c9960e9f1b7690a3d57c11c1d19bba1 /usr.sbin/lpr | |
| parent | remove unused GZIPEXT (diff) | |
| download | wireguard-openbsd-0a7f810856cbfbb2117cdb2ef66974a8d764c50e.tar.xz wireguard-openbsd-0a7f810856cbfbb2117cdb2ef66974a8d764c50e.zip | |
Avoid overflow/truncation during string->integer converion by eliminating
the 'int' temporary variable.
problem reported by Jacob Zimmermann (jacobz (at) senseofsecurity.com.au)
ok deraadt@
Diffstat (limited to 'usr.sbin/lpr')
| -rw-r--r-- | usr.sbin/lpr/lpd/printjob.c | 22 |
1 files changed, 9 insertions, 13 deletions
diff --git a/usr.sbin/lpr/lpd/printjob.c b/usr.sbin/lpr/lpd/printjob.c index 1e7b2471e97..280e1850aa9 100644 --- a/usr.sbin/lpr/lpd/printjob.c +++ b/usr.sbin/lpr/lpd/printjob.c @@ -1,4 +1,4 @@ -/* $OpenBSD: printjob.c,v 1.58 2016/11/22 16:03:57 millert Exp $ */ +/* $OpenBSD: printjob.c,v 1.59 2017/09/20 05:08:11 guenther Exp $ */ /* $NetBSD: printjob.c,v 1.31 2002/01/21 14:42:30 wiz Exp $ */ /* @@ -417,15 +417,13 @@ printit(char *file) case 'S': cp = line+1; - i = 0; + fdev = 0; while (*cp >= '0' && *cp <= '9') - i = i * 10 + (*cp++ - '0'); - fdev = i; + fdev = fdev * 10 + (*cp++ - '0'); cp++; - i = 0; + fino = 0; while (*cp >= '0' && *cp <= '9') - i = i * 10 + (*cp++ - '0'); - fino = i; + fino = fino * 10 + (*cp++ - '0'); continue; case 'J': @@ -826,15 +824,13 @@ sendit(char *file) again: if (line[0] == 'S') { cp = line+1; - i = 0; + fdev = 0; while (*cp >= '0' && *cp <= '9') - i = i * 10 + (*cp++ - '0'); - fdev = i; + fdev = fdev * 10 + (*cp++ - '0'); cp++; - i = 0; + fino = 0; while (*cp >= '0' && *cp <= '9') - i = i * 10 + (*cp++ - '0'); - fino = i; + fino = fino * 10 + (*cp++ - '0'); continue; } if (line[0] >= 'a' && line[0] <= 'z') { |