Mercurial > emacs
changeset 79817:dd778207ebb2
(pop_stat, pop_last): Check validity of string-to-integer
conversion. Mistakes spotted by Nico Golde.
author | Chong Yidong <cyd@stupidchicken.com> |
---|---|
date | Thu, 10 Jan 2008 15:25:28 +0000 |
parents | b33e623b1133 |
children | 08040e512897 |
files | lib-src/pop.c |
diffstat | 1 files changed, 29 insertions(+), 3 deletions(-) [+] |
line wrap: on
line diff
--- a/lib-src/pop.c Thu Jan 10 15:24:58 2008 +0000 +++ b/lib-src/pop.c Thu Jan 10 15:25:28 2008 +0000 @@ -352,6 +352,7 @@ int *size; { char *fromserver; + char *end_ptr; if (server->in_multi) { @@ -377,7 +378,15 @@ return (-1); } - *count = atoi (&fromserver[4]); + errno = 0; + *count = strtol (&fromserver[4], &end_ptr, 10); + /* Check validity of string-to-integer conversion. */ + if (fromserver[4] == 0 || *end_ptr != 0 || errno) + { + strcpy (pop_error, "Unexpected response from POP server in pop_stat"); + pop_trash (server); + return (-1); + } fromserver = index (&fromserver[4], ' '); if (! fromserver) @@ -388,7 +397,14 @@ return (-1); } - *size = atoi (fromserver + 1); + errno = 0; + *size = strtol (fromserver + 1, &end_ptr, 10); + if (*(fromserver + 1) == 0 || *end_ptr != 0 || errno) + { + strcpy (pop_error, "Unexpected response from POP server in pop_stat"); + pop_trash (server); + return (-1); + } return (0); } @@ -913,7 +929,17 @@ } else { - return (atoi (&fromserver[4])); + char *end_ptr; + int count; + errno = 0; + count = strtol (&fromserver[4], &end_ptr, 10); + if (fromserver[4] == 0 || *end_ptr != 0 || errno) + { + strcpy (pop_error, "Unexpected response from server in pop_last"); + pop_trash (server); + return (-1); + } + return count; } }