mirror/freebsd
1
0
Fork 0
mirror of https://git.FreeBSD.org/src.git synced 2025-01-17 15:27:36 +00:00
Code Issues Releases Activity

sh: Fix overflow checking on 'ulimit' operand.

Browse Source
This commit is contained in:
Jilles Tjoelker 2014-07-05 21:50:59 +00:00
parent 764442e03d
commit 2d70c63720
Notes: svn2git 2020-12-20 02:59:44 +00:00 
svn path=/head/; revision=268304
1 changed files with 14 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
bin/sh/miscbltin.c
View File

@ -414,7 +414,6 @@ static const struct limits limits[] = {
int
ulimitcmd(int argc __unused, char **argv __unused)
{
int c;
rlim_t val = 0;
enum { SOFT = 0x1, HARD = 0x2 }
how = SOFT | HARD;
@ -453,17 +452,22 @@ ulimitcmd(int argc __unused, char **argv __unused)
if (strcmp(p, "unlimited") == 0)
val = RLIM_INFINITY;
else {
val = 0;
char *end;
uintmax_t uval;
while ((c = *p++) >= '0' && c <= '9')
{
val = (val * 10) + (long)(c - '0');
if (val < 0)
break;
}
if (c)
if (*p < '0' || *p > '9')
error("bad number");
errno = 0;
uval = strtoumax(p, &end, 10);
if (errno != 0 || *end != '\0')
error("bad number");
if (uval > UINTMAX_MAX / l->factor)
error("bad number");
uval *= l->factor;
val = (rlim_t)uval;
if (val < 0 || (uintmax_t)val != uval ||
val == RLIM_INFINITY)
error("bad number");
val *= l->factor;
}
}
if (all) {