changeset 87700:2e70121a6595

(pop_stat, pop_last): Check validity of string-to-integer conversion. Mistakes spotted by Nico Golde.
author Chong Yidong <cyd@stupidchicken.com>
date Thu, 10 Jan 2008 15:33:52 +0000
parents 9b166b697889
children e4ad77d14806
files lib-src/pop.c
diffstat 1 files changed, 29 insertions(+), 3 deletions(-) [+]
line wrap: on
line diff
--- a/lib-src/pop.c	Thu Jan 10 15:31:25 2008 +0000
+++ b/lib-src/pop.c	Thu Jan 10 15:33:52 2008 +0000
@@ -352,6 +352,7 @@
      int *size;
 {
   char *fromserver;
+  char *end_ptr;
 
   if (server->in_multi)
     {
@@ -377,7 +378,15 @@
       return (-1);
     }
 
-  *count = atoi (&fromserver[4]);
+  errno = 0;
+  *count = strtol (&fromserver[4], &end_ptr, 10);
+  /* Check validity of string-to-integer conversion. */
+  if (fromserver[4] == 0 || *end_ptr != 0 || errno)
+    {
+      strcpy (pop_error, "Unexpected response from POP server in pop_stat");
+      pop_trash (server);
+      return (-1);
+    }
 
   fromserver = index (&fromserver[4], ' ');
   if (! fromserver)
@@ -388,7 +397,14 @@
       return (-1);
     }
 
-  *size = atoi (fromserver + 1);
+  errno = 0;
+  *size = strtol (fromserver + 1, &end_ptr, 10);
+  if (*(fromserver + 1) == 0 || *end_ptr != 0 || errno)
+    {
+      strcpy (pop_error, "Unexpected response from POP server in pop_stat");
+      pop_trash (server);
+      return (-1);
+    }
 
   return (0);
 }
@@ -913,7 +929,17 @@
     }
   else
     {
-      return (atoi (&fromserver[4]));
+      char *end_ptr;
+      int count;
+      errno = 0;
+      count = strtol (&fromserver[4], &end_ptr, 10);
+      if (fromserver[4] == 0 || *end_ptr != 0 || errno)
+	{
+	  strcpy (pop_error, "Unexpected response from server in pop_last");
+	  pop_trash (server);
+	  return (-1);
+	}
+      return count;
     }
 }