summaryrefslogtreecommitdiffstats
path: root/extensions
diff options
context:
space:
mode:
authorJan Engelhardt <jengelh@inai.de>2012-07-13 23:18:29 +0200
committerPablo Neira Ayuso <pablo@netfilter.org>2012-07-31 13:31:44 +0200
commitdc23c2d7afd2103cbc589372769c2f6723ea5235 (patch)
tree438c2582996a1966e9abc6fcc6948c27e70e980b /extensions
parenta3c1c206a665d81afa2363507a5e162c20694311 (diff)
libxt_u32: do bounds checking for @'s operands
Using only strtoul is prone to accept all values, including negative ones which are not explicitly allowed. Therefore, use xtables_strtoui with bounds checking. Signed-off-by: Jan Engelhardt <jengelh@inai.de>
Diffstat (limited to 'extensions')
-rw-r--r--extensions/libxt_u32.c12
1 files changed, 4 insertions, 8 deletions
diff --git a/extensions/libxt_u32.c b/extensions/libxt_u32.c
index 6d024fb6..2a7f5d80 100644
--- a/extensions/libxt_u32.c
+++ b/extensions/libxt_u32.c
@@ -88,17 +88,13 @@ static void u32_dump(const struct xt_u32 *data)
/* string_to_number() is not quite what we need here ... */
static uint32_t parse_number(const char **s, int pos)
{
- uint32_t number;
+ unsigned int number;
char *end;
- errno = 0;
- number = strtoul(*s, &end, 0);
- if (end == *s)
+ if (!xtables_strtoui(*s, &end, &number, 0, UINT32_MAX) ||
+ end == *s)
xtables_error(PARAMETER_PROBLEM,
- "u32: at char %d: expected number", pos);
- if (errno != 0)
- xtables_error(PARAMETER_PROBLEM,
- "u32: at char %d: error reading number", pos);
+ "u32: at char %d: not a number or out of range", pos);
*s = end;
return number;
}