From: tobias <tobias@openbsd.org>
Date: Sat, 4 Jan 2014 15:39:17 +0000 (+0000)
Subject: Properly validate index value received from CDDB server.
X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=61dbd8aa4e8cfaef057d5e48e2f8167b4a6b18d9;p=openbsd

Properly validate index value received from CDDB server.

ok deraadt@, millert@
---

diff --git a/usr.bin/cdio/cddb.c b/usr.bin/cdio/cddb.c
index ccc5e4785fa..722cb8d4cdb 100644
--- a/usr.bin/cdio/cddb.c
+++ b/usr.bin/cdio/cddb.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: cddb.c,v 1.17 2013/03/07 16:54:28 espie Exp $ */
+/* $OpenBSD: cddb.c,v 1.18 2014/01/04 15:39:17 tobias Exp $ */
 /*
  * Copyright (c) 2002 Marc Espie.
  *
@@ -345,7 +345,7 @@ cddb(const char *host_port, int n, struct cd_toc_entry *e, char *arg)
 	if (!line)
 		goto end2;
 	for (;;) {
-		long k;
+		int k;
 		char *end;
 
 		line = get_line(cin);
@@ -356,10 +356,12 @@ cddb(const char *host_port, int n, struct cd_toc_entry *e, char *arg)
 		if (strncmp(line, "TTITLE", 6) != 0)
 			continue;
 		line += 6;
-		k = strtol(line, &end, 10);
-		if (*end++ != '=')
+		end = strchr(line, '=');
+		if (end == NULL)
 			continue;
-		if (k >= n)
+		*end++ = '\0';
+		k = strtonum(line, 0, n - 1, &errstr);
+		if (errstr != NULL)
 			continue;
 		safe_copy(&result[k], end);
 	}