From 61dbd8aa4e8cfaef057d5e48e2f8167b4a6b18d9 Mon Sep 17 00:00:00 2001 From: tobias Date: Sat, 4 Jan 2014 15:39:17 +0000 Subject: [PATCH] Properly validate index value received from CDDB server. ok deraadt@, millert@ --- usr.bin/cdio/cddb.c | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/usr.bin/cdio/cddb.c b/usr.bin/cdio/cddb.c index ccc5e4785fa..722cb8d4cdb 100644 --- a/usr.bin/cdio/cddb.c +++ b/usr.bin/cdio/cddb.c @@ -1,4 +1,4 @@ -/* $OpenBSD: cddb.c,v 1.17 2013/03/07 16:54:28 espie Exp $ */ +/* $OpenBSD: cddb.c,v 1.18 2014/01/04 15:39:17 tobias Exp $ */ /* * Copyright (c) 2002 Marc Espie. * @@ -345,7 +345,7 @@ cddb(const char *host_port, int n, struct cd_toc_entry *e, char *arg) if (!line) goto end2; for (;;) { - long k; + int k; char *end; line = get_line(cin); @@ -356,10 +356,12 @@ cddb(const char *host_port, int n, struct cd_toc_entry *e, char *arg) if (strncmp(line, "TTITLE", 6) != 0) continue; line += 6; - k = strtol(line, &end, 10); - if (*end++ != '=') + end = strchr(line, '='); + if (end == NULL) continue; - if (k >= n) + *end++ = '\0'; + k = strtonum(line, 0, n - 1, &errstr); + if (errstr != NULL) continue; safe_copy(&result[k], end); } -- 2.20.1