- deraadt@cvs.openbsd.org 2006/03/27 13:03:54

     [dh.c]
     use strtonum() instead of atoi(), limit dhg size to 64k; ok djm

diff --git a/ChangeLog b/ChangeLog
index ef6dd49e1b3eff48790805871356dbd871251048..ec793536abfa0ac23dde3b438f327cbea7092773 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -4,6 +4,9 @@
      [xmalloc.c]
      we can do the size & nmemb check before the integer overflow check; 
      evol
+   - deraadt@cvs.openbsd.org 2006/03/27 13:03:54
+     [dh.c]
+     use strtonum() instead of atoi(), limit dhg size to 64k; ok djm
 
 20060326
  - OpenBSD CVS Sync

diff --git a/dh.c b/dh.c
index 4db3b0b2a3a5e34f8254528e768f6f4a727d49bf..b32a7efb556228c5623baa80b2f9f7787c8d2394 100644 (file)
--- a/dh.c
+++ b/dh.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: dh.c,v 1.34 2006/03/25 13:17:01 djm Exp $ */
+/* $OpenBSD: dh.c,v 1.35 2006/03/27 13:03:54 deraadt Exp $ */
 /*
  * Copyright (c) 2000 Niels Provos.  All rights reserved.
  *
@@ -44,6 +44,7 @@ parse_prime(int linenum, char *line, struct dhgroup *dhg)
 {
        char *cp, *arg;
        char *strsize, *gen, *prime;
+       const char *errstr = NULL;
 
        cp = line;
        if ((arg = strdelim(&cp)) == NULL)
@@ -68,7 +69,8 @@ parse_prime(int linenum, char *line, struct dhgroup *dhg)
                goto fail;
        strsize = strsep(&cp, " "); /* size */
        if (cp == NULL || *strsize == '\0' ||
-           (dhg->size = atoi(strsize)) == 0)
+           (dhg->size = (u_int)strtonum(strsize, 0, 64*1024, &errstr)) == 0 ||
+           errstr)
                goto fail;
        /* The whole group is one bit larger */
        dhg->size++;