# HG changeset patch
# User Chong Yidong <cyd@stupidchicken.com>
# Date 1199979232 0
# Node ID 2e70121a65957251790b2743260045b091001bd5
# Parent  9b166b6978895f62b8bd05d6af66acb95a15f9e4
(pop_stat, pop_last): Check validity of string-to-integer
conversion.  Mistakes spotted by Nico Golde.

diff -r 9b166b697889 -r 2e70121a6595 lib-src/pop.c
--- a/lib-src/pop.c	Thu Jan 10 15:31:25 2008 +0000
+++ b/lib-src/pop.c	Thu Jan 10 15:33:52 2008 +0000
@@ -352,6 +352,7 @@
      int *size;
 {
   char *fromserver;
+  char *end_ptr;
 
   if (server->in_multi)
     {
@@ -377,7 +378,15 @@
       return (-1);
     }
 
-  *count = atoi (&fromserver[4]);
+  errno = 0;
+  *count = strtol (&fromserver[4], &end_ptr, 10);
+  /* Check validity of string-to-integer conversion. */
+  if (fromserver[4] == 0 || *end_ptr != 0 || errno)
+    {
+      strcpy (pop_error, "Unexpected response from POP server in pop_stat");
+      pop_trash (server);
+      return (-1);
+    }
 
   fromserver = index (&fromserver[4], ' ');
   if (! fromserver)
@@ -388,7 +397,14 @@
       return (-1);
     }
 
-  *size = atoi (fromserver + 1);
+  errno = 0;
+  *size = strtol (fromserver + 1, &end_ptr, 10);
+  if (*(fromserver + 1) == 0 || *end_ptr != 0 || errno)
+    {
+      strcpy (pop_error, "Unexpected response from POP server in pop_stat");
+      pop_trash (server);
+      return (-1);
+    }
 
   return (0);
 }
@@ -913,7 +929,17 @@
     }
   else
     {
-      return (atoi (&fromserver[4]));
+      char *end_ptr;
+      int count;
+      errno = 0;
+      count = strtol (&fromserver[4], &end_ptr, 10);
+      if (fromserver[4] == 0 || *end_ptr != 0 || errno)
+	{
+	  strcpy (pop_error, "Unexpected response from server in pop_last");
+	  pop_trash (server);
+	  return (-1);
+	}
+      return count;
     }
 }