|
|
| Applications |
| Mailing Lists |
| Miscellaneous |
| Operating Systems |
| Programming |
strto_ audit in ping(8)
From: Andrushock <andrushock(at)korovino.net>
Date: Mon Dec 09 2002 - 21:00:00 EST
@@ -195,7 +195,7 @@
#ifdef IP_OPTIONS
@@ -215,8 +215,11 @@
@@ -1308,23 +1327,23 @@
}
Date: Mon Dec 09 2002 - 21:00:00 EST
Changes the following:
- add missed checks for strtod, strtol, strtoul failure
- do some KNF
- src/sbin/ping/ping.c.orig Tue Dec 10 05:32:33 2002
+++ src/sbin/ping/ping.c Tue Dec 10 07:29:06 2002
@@ -140,7 +140,7 @@
char rcvd_tbl[MAX_DUP_CHK / 8];
struct sockaddr whereto; /* who to ping */ -struct sockaddr_in whence; /* Which interface we come from */ +struct sockaddr_in whence; /* Which interface we come from */ int datalen = DEFDATALEN; int s; /* socket file descriptor */u_char outpackhdr[IP_MAXPACKET]; /* Max packet size = 65535 */
@@ -195,7 +195,7 @@
int maxsize, fdmasks;
socklen_t maxsizelen;
u_char *datap, *packet;
- char *target, hnamebuf[MAXHOSTNAMELEN];
+ char *cp, *target, hnamebuf[MAXHOSTNAMELEN];
u_char ttl = MAXTTL, loop = 1, df = 0;
int tos = 0;
#ifdef IP_OPTIONS
@@ -215,8 +215,11 @@
while ((ch = getopt(argc, argv, "DI:LRS:c:dfh:i:l:np:qrs:T:t:vw:")) != -1)
switch(ch) {
case 'c':
- npackets = strtol(optarg, NULL, 0);
- if (npackets <= 0)
+ errno = 0;
+ cp = NULL;
+ npackets = strtol(optarg, &cp, 10);
+ if (*optarg == '\0' || *cp != '\0' || errno == ERANGE ||
+ npackets <= 0)
errx(1, "bad number of packets to transmit: %s",
optarg);
break;
@@ -244,11 +247,12 @@
options |= F_SADDR;
break;
case 'i': /* wait between sending packets */
- interval = strtod(optarg, NULL);
-
- if (interval <= 0 || interval >= INT_MAX)
+ errno = 0;
+ cp = NULL;
+ interval = strtod(optarg, &cp);
+ if (*optarg == '\0' || *cp != '\0' || interval <= 0 ||
+ interval >= INT_MAX)
errx(1, "bad timing interval: %s", optarg);
-
if (interval < 1)
if (getuid())
errx(1, "%s: only root may use interval < 1s",
@@ -266,8 +270,11 @@
case 'l':
if (getuid())
errx(1, "%s", strerror(EPERM));
- preload = strtol(optarg, NULL, 0);
- if (preload < 0)
+ errno = 0;
+ cp = NULL;
+ preload = strtol(optarg, &cp, 10);
+ if (*optarg == '\0' || *cp != '\0' || errno == ERANGE ||
+ preload < 0)
errx(1, "bad preload value: %s", optarg);
break;
case 'n':
@@ -287,22 +294,31 @@
options |= F_SO_DONTROUTE;
break;
case 's': /* size of packet to send */
- datalen = strtol(optarg, NULL, 0);
- if (datalen <= 0)
+ errno = 0;
+ cp = NULL;
+ datalen = strtol(optarg, &cp, 10);
+ if (*optarg == '\0' || *cp != '\0' || errno == ERANGE ||
+ datalen <= 0)
errx(1, "bad packet size: %s", optarg);
if (datalen > MAXPAYLOAD)
errx(1, "packet size too large: %s", optarg);
break;
case 'T':
options |= F_HDRINCL;
- tos = strtoul(optarg, NULL, 0);
- if (tos > 0xFF)
+ errno = 0;
+ cp = NULL;
+ tos = strtoul(optarg, &cp, 16);
+ if (*optarg == '\0' || *cp != '\0' || errno == ERANGE ||
+ tos > 0xFF)
errx(1, "bad tos value: %s", optarg);
break;
case 't':
options |= F_TTL;
- ttl = strtol(optarg, NULL, 0);
- if (ttl <= 0)
+ errno = 0;
+ cp = NULL;
+ ttl = strtol(optarg, &cp, 10);
+ if (*optarg == '\0' || *cp != '\0' || errno == ERANGE ||
+ ttl <= 0)
errx(1, "bad ttl value: %s", optarg);
if (ttl > 255)
errx(1, "ttl value too large: %s", optarg);
@@ -311,8 +327,11 @@
options |= F_VERBOSE;
break;
case 'w':
- maxwait = strtol(optarg, NULL, 0);
- if (maxwait <= 0)
+ errno = 0;
+ cp = NULL;
+ maxwait = strtol(optarg, &cp, 10);
+ if (*optarg == '\0' || *cp != '\0' || errno == ERANGE ||
+ maxwait <= 0)
errx(1, "bad maxwait value: %s", optarg);
break;
default:
@@ -354,7 +373,7 @@
if (datalen >= sizeof(struct tvi)) /* can we time transfer */
timing = 1;
packlen = datalen + MAXIPLEN + MAXICMPLEN;
- if (!(packet = (u_char *)malloc((u_int)packlen)))
+ if ((packet = (u_char *)malloc((u_int)packlen)) == NULL)
err(1, "malloc");
if (!(options & F_PINGFILLED))
for (i = sizeof(struct tvi); i < datalen; ++i)
@@ -1308,23 +1327,23 @@
/* only allow IP version 4 */
if (iph->ip_v != 4)
- return 0;
+ return (0);
/* Only allow ICMP */
if (iph->ip_p != IPPROTO_ICMP)
- return 0;
+ return (0);
icmph = (struct icmp *) (iph + (4 * iph->ip_hl));
/* make sure it is in response to an ECHO request */
if (icmph->icmp_type != 8)
- return 0;
+ return (0);
/* ok, make sure it has the right id on it */
if (icmph->icmp_hun.ih_idseq.icd_id != ident)
- return 0;
+ return (0);
- return 1;
+ return (1);
}
void Received on Tue Dec 10 21:02:35 2002
This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 13:29:39 EDT
|
Contact Us Legal Notices Order Services Online Pantek Home Privacy Policy IT news Site Map Pantek Library |