From: djm <djm>
Date: Fri, 31 Mar 2006 12:09:41 +0000 (+0000)
Subject:    - deraadt@cvs.openbsd.org 2006/03/27 13:03:54
X-Git-Tag: V_4_4_P1~280
X-Git-Url: http://andersk.mit.edu/gitweb/openssh.git/commitdiff_plain/fd06fbe0c37836f19058c3128e9f97679d34dbd4

   - deraadt@cvs.openbsd.org 2006/03/27 13:03:54
     [dh.c]
     use strtonum() instead of atoi(), limit dhg size to 64k; ok djm
---

diff --git a/ChangeLog b/ChangeLog
index ef6dd49e..ec793536 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -4,6 +4,9 @@
      [xmalloc.c]
      we can do the size & nmemb check before the integer overflow check; 
      evol
+   - deraadt@cvs.openbsd.org 2006/03/27 13:03:54
+     [dh.c]
+     use strtonum() instead of atoi(), limit dhg size to 64k; ok djm
 
 20060326
  - OpenBSD CVS Sync
diff --git a/dh.c b/dh.c
index 4db3b0b2..b32a7efb 100644
--- a/dh.c
+++ b/dh.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: dh.c,v 1.34 2006/03/25 13:17:01 djm Exp $ */
+/* $OpenBSD: dh.c,v 1.35 2006/03/27 13:03:54 deraadt Exp $ */
 /*
  * Copyright (c) 2000 Niels Provos.  All rights reserved.
  *
@@ -44,6 +44,7 @@ parse_prime(int linenum, char *line, struct dhgroup *dhg)
 {
 	char *cp, *arg;
 	char *strsize, *gen, *prime;
+	const char *errstr = NULL;
 
 	cp = line;
 	if ((arg = strdelim(&cp)) == NULL)
@@ -68,7 +69,8 @@ parse_prime(int linenum, char *line, struct dhgroup *dhg)
 		goto fail;
 	strsize = strsep(&cp, " "); /* size */
 	if (cp == NULL || *strsize == '\0' ||
-	    (dhg->size = atoi(strsize)) == 0)
+	    (dhg->size = (u_int)strtonum(strsize, 0, 64*1024, &errstr)) == 0 ||
+	    errstr)
 		goto fail;
 	/* The whole group is one bit larger */
 	dhg->size++;