From 40e6367352f0419609ae37968bdef97d46f37c6d Mon Sep 17 00:00:00 2001 From: op Date: Mon, 26 Aug 2024 22:01:28 +0000 Subject: [PATCH] replace atoi(3) usage with strtonum(3); ok/tweaks tb@ --- lib/libcrypto/ec/ec_pmeth.c | 14 ++++++++++---- lib/libcrypto/rsa/rsa_pmeth.c | 30 ++++++++++++++++++++++++----- lib/libcrypto/ts/ts_conf.c | 36 ++++++++++++++++++++++++++++------- 3 files changed, 64 insertions(+), 16 deletions(-) diff --git a/lib/libcrypto/ec/ec_pmeth.c b/lib/libcrypto/ec/ec_pmeth.c index 16fc07642ac..d422765b003 100644 --- a/lib/libcrypto/ec/ec_pmeth.c +++ b/lib/libcrypto/ec/ec_pmeth.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ec_pmeth.c,v 1.21 2023/12/28 22:12:37 tb Exp $ */ +/* $OpenBSD: ec_pmeth.c,v 1.22 2024/08/26 22:01:28 op Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2006. */ @@ -57,6 +57,7 @@ */ #include +#include #include #include @@ -445,10 +446,15 @@ pkey_ec_ctrl_str(EVP_PKEY_CTX *ctx, const char *type, const char *value) } return EVP_PKEY_CTX_set_ecdh_kdf_md(ctx, md); } else if (strcmp(type, "ecdh_cofactor_mode") == 0) { - int co_mode; - co_mode = atoi(value); - return EVP_PKEY_CTX_set_ecdh_cofactor_mode(ctx, co_mode); + int cofactor_mode; + const char *errstr; + + cofactor_mode = strtonum(value, -1, 1, &errstr); + if (errstr != NULL) + return -2; + return EVP_PKEY_CTX_set_ecdh_cofactor_mode(ctx, cofactor_mode); } + return -2; } diff --git a/lib/libcrypto/rsa/rsa_pmeth.c b/lib/libcrypto/rsa/rsa_pmeth.c index 9be90796131..a1bdeb3b367 100644 --- a/lib/libcrypto/rsa/rsa_pmeth.c +++ b/lib/libcrypto/rsa/rsa_pmeth.c @@ -1,4 +1,4 @@ -/* $OpenBSD: rsa_pmeth.c,v 1.40 2023/12/28 21:59:07 tb Exp $ */ +/* $OpenBSD: rsa_pmeth.c,v 1.41 2024/08/26 22:01:28 op Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2006. */ @@ -58,6 +58,7 @@ #include #include +#include #include #include @@ -630,6 +631,8 @@ pkey_rsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) static int pkey_rsa_ctrl_str(EVP_PKEY_CTX *ctx, const char *type, const char *value) { + const char *errstr; + if (!value) { RSAerror(RSA_R_VALUE_MISSING); return 0; @@ -664,13 +667,24 @@ pkey_rsa_ctrl_str(EVP_PKEY_CTX *ctx, const char *type, const char *value) saltlen = RSA_PSS_SALTLEN_MAX; else if (!strcmp(value, "auto")) saltlen = RSA_PSS_SALTLEN_AUTO; - else - saltlen = atoi(value); + else { + saltlen = strtonum(value, 0, INT_MAX, &errstr); + if (errstr != NULL) { + RSAerror(RSA_R_INVALID_PSS_SALTLEN); + return -2; + } + } return EVP_PKEY_CTX_set_rsa_pss_saltlen(ctx, saltlen); } if (strcmp(type, "rsa_keygen_bits") == 0) { - int nbits = atoi(value); + int nbits; + + nbits = strtonum(value, 0, INT_MAX, &errstr); + if (errstr != NULL) { + RSAerror(RSA_R_INVALID_KEYBITS); + return -2; + } return EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, nbits); } @@ -702,7 +716,13 @@ pkey_rsa_ctrl_str(EVP_PKEY_CTX *ctx, const char *type, const char *value) EVP_PKEY_CTRL_MD, value); if (strcmp(type, "rsa_pss_keygen_saltlen") == 0) { - int saltlen = atoi(value); + int saltlen; + + saltlen = strtonum(value, 0, INT_MAX, &errstr); + if (errstr != NULL) { + RSAerror(RSA_R_INVALID_PSS_SALTLEN); + return -2; + } return EVP_PKEY_CTX_set_rsa_pss_keygen_saltlen(ctx, saltlen); } diff --git a/lib/libcrypto/ts/ts_conf.c b/lib/libcrypto/ts/ts_conf.c index ef8569ef041..bd499238f5d 100644 --- a/lib/libcrypto/ts/ts_conf.c +++ b/lib/libcrypto/ts/ts_conf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ts_conf.c,v 1.14 2024/03/26 00:39:22 beck Exp $ */ +/* $OpenBSD: ts_conf.c,v 1.15 2024/08/26 22:01:28 op Exp $ */ /* Written by Zoltan Glozik (zglozik@stones.com) for the OpenSSL * project 2002. */ @@ -56,6 +56,8 @@ * */ +#include +#include #include #include @@ -394,6 +396,7 @@ TS_CONF_set_accuracy(CONF *conf, const char *section, TS_RESP_CTX *ctx) int secs = 0, millis = 0, micros = 0; STACK_OF(CONF_VALUE) *list = NULL; char *accuracy = NCONF_get_string(conf, section, ENV_ACCURACY); + const char *errstr; if (accuracy && !(list = X509V3_parse_list(accuracy))) { TS_CONF_invalid(section, ENV_ACCURACY); @@ -402,14 +405,33 @@ TS_CONF_set_accuracy(CONF *conf, const char *section, TS_RESP_CTX *ctx) for (i = 0; i < sk_CONF_VALUE_num(list); ++i) { CONF_VALUE *val = sk_CONF_VALUE_value(list, i); if (strcmp(val->name, ENV_VALUE_SECS) == 0) { - if (val->value) - secs = atoi(val->value); + if (val->value) { + secs = strtonum(val->value, 0, INT_MAX, + &errstr); + if (errstr != NULL) { + TS_CONF_invalid(section, + ENV_VALUE_SECS); + goto err; + } + } } else if (strcmp(val->name, ENV_VALUE_MILLISECS) == 0) { - if (val->value) - millis = atoi(val->value); + if (val->value) { + millis = strtonum(val->value, 1, 999, &errstr); + if (errstr != NULL) { + TS_CONF_invalid(section, + ENV_VALUE_MILLISECS); + goto err; + } + } } else if (strcmp(val->name, ENV_VALUE_MICROSECS) == 0) { - if (val->value) - micros = atoi(val->value); + if (val->value) { + micros = strtonum(val->value, 1, 999, &errstr); + if (errstr != NULL) { + TS_CONF_invalid(section, + ENV_VALUE_MICROSECS); + goto err; + } + } } else { TS_CONF_invalid(section, ENV_ACCURACY); goto err; -- 2.20.1