From a47b6461a15f74beac188483616126ed5e987f93 Mon Sep 17 00:00:00 2001 From: deraadt Date: Sat, 18 Apr 2015 18:28:36 +0000 Subject: [PATCH] Convert many atoi() calls to strtonum(), adding range checks and failure handling along the way. Reviews by Brendan MacDonell, Jeremy Devenport, florian, doug, millert --- bin/csh/proc.c | 20 +++++++++++++------ bin/ksh/exec.c | 9 ++++++--- bin/ksh/jobs.c | 14 ++++++++++--- bin/ls/ls.c | 18 +++++++++++------ bin/pax/options.c | 20 ++++++++++++++----- bin/systrace/filter.c | 7 ++++--- bin/systrace/lex.l | 11 +++++++++-- bin/systrace/systrace.c | 6 ++++-- lib/libc/rpc/getrpcent.c | 8 ++++++-- lib/libskey/skeylogin.c | 7 +++++-- libexec/comsat/comsat.c | 7 +++++-- libexec/rpc.rstatd/rstatd.c | 8 +++++--- libexec/spamd/spamd.c | 33 ++++++++++++++----------------- sbin/fsck/fsck.c | 8 ++++++-- sbin/growfs/growfs.c | 4 ++-- sbin/mount_msdos/mount_msdos.c | 30 +++++++++++----------------- sbin/newfs/mkfs.c | 4 ++-- sbin/newfs_msdos/newfs_msdos.c | 8 +++----- sbin/quotacheck/quotacheck.c | 7 +++++-- sbin/savecore/savecore.c | 21 ++++++++++++++------ sbin/shutdown/shutdown.c | 9 ++++++--- sbin/swapctl/swapctl.c | 9 ++++++--- sbin/sysctl/sysctl.c | 33 ++++++++++++++++++++++++++----- sbin/wsconsctl/map_scan.l | 9 +++++++-- usr.bin/calendar/calendar.c | 12 +++++++++--- usr.bin/calendar/io.c | 12 ++++++++---- usr.bin/find/function.c | 19 ++++++++++++------ usr.bin/ipcrm/ipcrm.c | 8 ++++++-- usr.bin/kdump/kdump.c | 11 ++++++++--- usr.bin/ktrace/ktrace.c | 11 +++++++++-- usr.bin/logger/logger.c | 12 +++++++++--- usr.bin/make/generate.c | 12 ++++++++---- usr.bin/sed/process.c | 10 ++++++---- usr.bin/skey/skey.c | 24 +++++++++++------------ usr.bin/skeyinit/skeyinit.c | 20 ++++++++++++------- usr.bin/systat/main.c | 24 +++++++++++------------ usr.bin/tip/tip.c | 11 +++++++++-- usr.bin/unifdef/unifdef.c | 9 +++++---- usr.bin/vis/vis.c | 11 +++++++---- usr.bin/vmstat/vmstat.c | 10 ++++++++-- usr.bin/xargs/xargs.c | 22 ++++++++++++++------- usr.sbin/fdformat/fdformat.c | 36 +++++++++++++++++++++++++--------- usr.sbin/ndp/ndp.c | 7 ++++--- usr.sbin/rbootd/bpf.c | 8 +++++--- usr.sbin/rip6query/rip6query.c | 8 ++++++-- usr.sbin/rpc.lockd/lockd.c | 12 +++++++----- usr.sbin/sa/main.c | 8 ++++++-- usr.sbin/tcpdump/tcpdump.c | 17 +++++++++------- 48 files changed, 423 insertions(+), 221 deletions(-) diff --git a/bin/csh/proc.c b/bin/csh/proc.c index b77197e1943..db11aada2df 100644 --- a/bin/csh/proc.c +++ b/bin/csh/proc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: proc.c,v 1.26 2015/02/08 06:09:50 tedu Exp $ */ +/* $OpenBSD: proc.c,v 1.27 2015/04/18 18:28:36 deraadt Exp $ */ /* $NetBSD: proc.c,v 1.9 1995/04/29 23:21:33 mycroft Exp $ */ /*- @@ -34,6 +34,7 @@ #include #include #include +#include #include #include #include @@ -931,6 +932,7 @@ void dokill(Char **v, struct command *t) { int signum = SIGTERM; + const char *errstr; char *name; v++; @@ -940,8 +942,8 @@ dokill(Char **v, struct command *t) if (!Isdigit(v[1][0])) stderror(ERR_NAME | ERR_BADSIG); - signum = atoi(short2str(v[1])); - if (signum < 0 || signum >= NSIG) + signum = strtonum(short2str(v[1]), 0, NSIG-1, &errstr); + if (errstr) stderror(ERR_NAME | ERR_BADSIG); else if (signum == 0) (void) fputc('0', cshout); /* 0's symbolic name is '0' */ @@ -958,8 +960,8 @@ dokill(Char **v, struct command *t) return; } if (Isdigit(v[0][1])) { - signum = atoi(short2str(v[0] + 1)); - if (signum < 0 || signum >= NSIG) + signum = strtonum(short2str(v[0] + 1), 0, NSIG-1, &errstr); + if (errstr) stderror(ERR_NAME | ERR_BADSIG); } else { @@ -1147,12 +1149,18 @@ pfind(Char *cp) return (pprevious); } if (Isdigit(cp[1])) { - int idx = atoi(short2str(cp + 1)); + const char *errstr; + int idx = strtonum(short2str(cp + 1), 1, INT_MAX, &errstr); + if (errstr) { + stderror(ERR_NAME | ERR_NOSUCHJOB); + return (0); + } for (pp = proclist.p_next; pp; pp = pp->p_next) if (pp->p_index == idx && pp->p_pid == pp->p_jobid) return (pp); stderror(ERR_NAME | ERR_NOSUCHJOB); + return (0); } np = NULL; for (pp = proclist.p_next; pp; pp = pp->p_next) diff --git a/bin/ksh/exec.c b/bin/ksh/exec.c index a9ae9527cff..e12879fea33 100644 --- a/bin/ksh/exec.c +++ b/bin/ksh/exec.c @@ -1,4 +1,4 @@ -/* $OpenBSD: exec.c,v 1.50 2013/06/10 21:09:27 millert Exp $ */ +/* $OpenBSD: exec.c,v 1.51 2015/04/18 18:28:36 deraadt Exp $ */ /* * execute command tree @@ -1234,6 +1234,7 @@ do_selectargs(char **ap, bool print_menu) static const char *const read_args[] = { "read", "-r", "REPLY", (char *) 0 }; + const char *errstr; char *s; int i, argct; @@ -1252,8 +1253,10 @@ do_selectargs(char **ap, bool print_menu) return (char *) 0; s = str_val(global("REPLY")); if (*s) { - i = atoi(s); - return (i >= 1 && i <= argct) ? ap[i - 1] : null; + i = strtonum(s, 1, argct, &errstr); + if (errstr) + return null; + return ap[i - 1]; } print_menu = 1; } diff --git a/bin/ksh/jobs.c b/bin/ksh/jobs.c index 30763443626..1369e2fcf88 100644 --- a/bin/ksh/jobs.c +++ b/bin/ksh/jobs.c @@ -1,4 +1,4 @@ -/* $OpenBSD: jobs.c,v 1.40 2013/09/04 15:49:18 millert Exp $ */ +/* $OpenBSD: jobs.c,v 1.41 2015/04/18 18:28:36 deraadt Exp $ */ /* * Process and job control @@ -1428,11 +1428,17 @@ static Job * j_lookup(const char *cp, int *ecodep) { Job *j, *last_match; + const char *errstr; Proc *p; int len, job = 0; if (digit(*cp)) { - job = atoi(cp); + job = strtonum(cp, 1, INT_MAX, &errstr); + if (errstr) { + if (ecodep) + *ecodep = JL_NOSUCH; + return (Job *) 0; + } /* Look for last_proc->pid (what $! returns) first... */ for (j = job_list; j != (Job *) 0; j = j->next) if (j->last_proc && j->last_proc->pid == job) @@ -1467,7 +1473,9 @@ j_lookup(const char *cp, int *ecodep) case '0': case '1': case '2': case '3': case '4': case '5': case '6': case '7': case '8': case '9': - job = atoi(cp); + job = strtonum(cp, 1, INT_MAX, &errstr); + if (errstr) + break; for (j = job_list; j != (Job *) 0; j = j->next) if (j->job == job) return j; diff --git a/bin/ls/ls.c b/bin/ls/ls.c index 075677bb23c..2621788eaee 100644 --- a/bin/ls/ls.c +++ b/bin/ls/ls.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ls.c,v 1.39 2014/03/31 20:54:37 sobrado Exp $ */ +/* $OpenBSD: ls.c,v 1.40 2015/04/18 18:28:36 deraadt Exp $ */ /* $NetBSD: ls.c,v 1.18 1996/07/09 09:16:29 mycroft Exp $ */ /* @@ -47,6 +47,7 @@ #include #include #include +#include #include #include "ls.h" @@ -99,22 +100,27 @@ ls_main(int argc, char *argv[]) static char dot[] = ".", *dotav[] = { dot, NULL }; struct winsize win; int ch, fts_options, notused; - int kflag = 0; + int kflag = 0, width = 0; char *p; /* Terminal defaults to -Cq, non-terminal defaults to -1. */ if (isatty(STDOUT_FILENO)) { if ((p = getenv("COLUMNS")) != NULL) - termwidth = atoi(p); - else if (ioctl(STDOUT_FILENO, TIOCGWINSZ, &win) == 0 && + width = strtonum(p, 1, INT_MAX, NULL); + if (width == 0 && + ioctl(STDOUT_FILENO, TIOCGWINSZ, &win) == 0 && win.ws_col > 0) - termwidth = win.ws_col; + width = win.ws_col; + if (width) + termwidth = width; f_column = f_nonprint = 1; } else { f_singlecol = 1; /* retrieve environment variable, in case of explicit -C */ if ((p = getenv("COLUMNS")) != NULL) - termwidth = atoi(p); + width = strtonum(p, 0, INT_MAX, NULL); + if (width) + termwidth = width; } /* Root is -A automatically. */ diff --git a/bin/pax/options.c b/bin/pax/options.c index 4d6fb63c62b..be2ffb2c245 100644 --- a/bin/pax/options.c +++ b/bin/pax/options.c @@ -1,4 +1,4 @@ -/* $OpenBSD: options.c,v 1.89 2015/03/15 21:53:09 guenther Exp $ */ +/* $OpenBSD: options.c,v 1.90 2015/04/18 18:28:37 deraadt Exp $ */ /* $NetBSD: options.c,v 1.6 1996/03/26 23:54:18 mrg Exp $ */ /*- @@ -223,6 +223,7 @@ pax_options(int argc, char **argv) unsigned i; unsigned int flg = 0; unsigned int bflg = 0; + const char *errstr; char *pt; /* @@ -462,9 +463,12 @@ pax_options(int argc, char **argv) flg |= CEF; if (strcmp(NONE, optarg) == 0) maxflt = -1; - else if ((maxflt = atoi(optarg)) < 0) { - paxwarn(1, "Error count value must be positive"); - pax_usage(); + else { + maxflt = strtonum(optarg, 0, INT_MAX, &errstr); + if (errstr) { + paxwarn(1, "Error count value: %s", errstr); + pax_usage(); + } } break; case 'G': @@ -1079,6 +1083,7 @@ mkpath(path) static void cpio_options(int argc, char **argv) { + const char *errstr; int c; unsigned i; char *str; @@ -1214,7 +1219,12 @@ cpio_options(int argc, char **argv) /* * set block size in bytes */ - wrblksz = atoi(optarg); + wrblksz = strtonum(optarg, 0, INT_MAX, &errstr); + if (errstr) { + paxwarn(1, "Invalid block size %s: %s", + optarg, errstr); + pax_usage(); + } break; case 'E': /* diff --git a/bin/systrace/filter.c b/bin/systrace/filter.c index d10299605ce..73e3e8f446f 100644 --- a/bin/systrace/filter.c +++ b/bin/systrace/filter.c @@ -1,4 +1,4 @@ -/* $OpenBSD: filter.c,v 1.35 2015/01/16 00:19:12 deraadt Exp $ */ +/* $OpenBSD: filter.c,v 1.36 2015/04/18 18:28:37 deraadt Exp $ */ /* * Copyright 2002 Niels Provos * All rights reserved. @@ -615,9 +615,10 @@ filter_ask(int fd, struct intercept_tlq *tls, struct filterq *fls, filter_templates(emulation); continue; } else if (!strncasecmp(line, "template ", 9)) { - int count = atoi(line + 9); + const char *errstr; + int count = strtonum(line + 9, 1, INT_MAX, &errstr); - if (count == 0 || + if (errstr || filter_template(fd, policy, count) == -1) { printf("Syntax error.\n"); continue; diff --git a/bin/systrace/lex.l b/bin/systrace/lex.l index 87ab4ecddfd..e23d68f0b36 100644 --- a/bin/systrace/lex.l +++ b/bin/systrace/lex.l @@ -1,4 +1,4 @@ -/* $OpenBSD: lex.l,v 1.19 2015/01/16 00:19:12 deraadt Exp $ */ +/* $OpenBSD: lex.l,v 1.20 2015/04/18 18:28:37 deraadt Exp $ */ /* * Copyright 2002 Niels Provos @@ -103,7 +103,14 @@ as { return AS; } "<" { return LESSER; } ">" { return GREATER; } [\_\$A-Za-z][\.\(\)\/A-Za-z_\-0-9]*\$? { yylval.string = strdup(yytext); return STRING; } -[0-9]+ { yylval.number = atoi(yytext); return NUMBER; } +[0-9]+ { + const char *errstr; + yylval.number = strtonum(yytext, 0, INT_MAX, &errstr); + if (errstr) { + yyerror("number %s: %s", yytext, errstr); + } + return NUMBER; + } \" { BEGIN(quote); *quotestr = '\0'; quoteescape = 0; diff --git a/bin/systrace/systrace.c b/bin/systrace/systrace.c index 2b701d9aa34..ce3b0ee90e1 100644 --- a/bin/systrace/systrace.c +++ b/bin/systrace/systrace.c @@ -1,4 +1,4 @@ -/* $OpenBSD: systrace.c,v 1.62 2015/01/16 00:19:12 deraadt Exp $ */ +/* $OpenBSD: systrace.c,v 1.63 2015/04/18 18:28:37 deraadt Exp $ */ /* * Copyright 2002 Niels Provos * All rights reserved. @@ -647,6 +647,7 @@ main(int argc, char **argv) char **args; char *filename = NULL; char *policypath = NULL; + const char *errstr; struct timeval tv; pid_t pidattach = 0; int usex11 = 1; @@ -707,7 +708,8 @@ main(int argc, char **argv) case 'p': if (setcredentials) usage(); - if ((pidattach = atoi(optarg)) == 0) { + pidattach = strtonum(optarg, 1, INT_MAX, &errstr); + if (errstr) { warnx("bad pid: %s", optarg); usage(); } diff --git a/lib/libc/rpc/getrpcent.c b/lib/libc/rpc/getrpcent.c index ebe3031fe7b..75df6a8cfb9 100644 --- a/lib/libc/rpc/getrpcent.c +++ b/lib/libc/rpc/getrpcent.c @@ -1,4 +1,4 @@ -/* $OpenBSD: getrpcent.c,v 1.16 2014/09/15 06:15:48 guenther Exp $ */ +/* $OpenBSD: getrpcent.c,v 1.17 2015/04/18 18:28:37 deraadt Exp $ */ /* * Copyright (c) 2010, Oracle America, Inc. @@ -35,6 +35,7 @@ #include #include #include +#include #include /* @@ -147,6 +148,7 @@ getrpcent(void) static struct rpcent * interpret(char *val, int len) { + const char *errstr; struct rpcdata *d = _rpcdata(); char *p; char *cp, **q; @@ -170,7 +172,9 @@ interpret(char *val, int len) d->rpc.r_name = d->line; while (*cp == ' ' || *cp == '\t') cp++; - d->rpc.r_number = atoi(cp); + d->rpc.r_number = strtonum(cp, 0, INT_MAX, &errstr); + if (errstr) + return (0); q = d->rpc.r_aliases = d->rpc_aliases; cp = strpbrk(cp, " \t"); if (cp != NULL) diff --git a/lib/libskey/skeylogin.c b/lib/libskey/skeylogin.c index 45eef849d38..48b7b900cc5 100644 --- a/lib/libskey/skeylogin.c +++ b/lib/libskey/skeylogin.c @@ -10,7 +10,7 @@ * * S/Key verification check, lookups, and authentication. * - * $OpenBSD: skeylogin.c,v 1.56 2015/01/16 16:48:52 deraadt Exp $ + * $OpenBSD: skeylogin.c,v 1.57 2015/04/18 18:28:37 deraadt Exp $ */ #ifdef QUOTA @@ -95,6 +95,7 @@ skeygetent(int fd, struct skey *mp, const char *name) { char *cp, filename[PATH_MAX], *last; struct stat statbuf; + const char *errstr; size_t nread; FILE *keyfile; @@ -154,7 +155,9 @@ skeygetent(int fd, struct skey *mp, const char *name) goto bad_keyfile; if ((cp = strtok_r(NULL, " \t\n\r", &last)) == NULL) goto bad_keyfile; - mp->n = atoi(cp); /* XXX - use strtol() */ + mp->n = strtonum(cp, 0, UINT_MAX, &errstr); + if (errstr) + goto bad_keyfile; if ((mp->seed = strtok_r(NULL, " \t\n\r", &last)) == NULL) goto bad_keyfile; if ((mp->val = strtok_r(NULL, " \t\n\r", &last)) == NULL) diff --git a/libexec/comsat/comsat.c b/libexec/comsat/comsat.c index b77ef5aa13b..855221b756c 100644 --- a/libexec/comsat/comsat.c +++ b/libexec/comsat/comsat.c @@ -1,4 +1,4 @@ -/* $OpenBSD: comsat.c,v 1.38 2015/01/16 06:39:49 deraadt Exp $ */ +/* $OpenBSD: comsat.c,v 1.39 2015/04/18 18:28:37 deraadt Exp $ */ /* * Copyright (c) 1980, 1993 @@ -200,13 +200,16 @@ mailfor(char *name) { struct utmp *utp = &utmp[nutmp]; char utname[UT_NAMESIZE+1]; + const char *errstr; char *cp; off_t offset; if (!(cp = strchr(name, '@'))) return; *cp = '\0'; - offset = atoi(cp + 1); + offset = strtonum(cp + 1, 0, LLONG_MAX, &errstr); + if (errstr) + return; while (--utp >= utmp) { memcpy(utname, utp->ut_name, UT_NAMESIZE); utname[UT_NAMESIZE] = '\0'; diff --git a/libexec/rpc.rstatd/rstatd.c b/libexec/rpc.rstatd/rstatd.c index 237504393b2..fb37cb3c896 100644 --- a/libexec/rpc.rstatd/rstatd.c +++ b/libexec/rpc.rstatd/rstatd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: rstatd.c,v 1.26 2015/03/13 03:24:27 deraadt Exp $ */ +/* $OpenBSD: rstatd.c,v 1.27 2015/04/18 18:28:37 deraadt Exp $ */ /*- * Copyright (c) 1993, John Brezak @@ -34,6 +34,7 @@ #include #include #include +#include #include #include #include @@ -65,6 +66,7 @@ main(int argc, char *argv[]) socklen_t fromlen; struct passwd *pw; struct sockaddr_storage from; + const char *errstr; SVCXPRT *transp; openlog("rpc.rstatd", LOG_NDELAY|LOG_CONS|LOG_PID, LOG_DAEMON); @@ -88,8 +90,8 @@ main(int argc, char *argv[]) } if (argc == 2) - closedown = atoi(argv[1]); - if (closedown <= 0) + closedown = strtonum(argv[1], 1, INT_MAX, NULL); + if (closedown == 0) closedown = 20; /* diff --git a/libexec/spamd/spamd.c b/libexec/spamd/spamd.c index 8c1ddb0ec31..3f4933cf3ec 100644 --- a/libexec/spamd/spamd.c +++ b/libexec/spamd/spamd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: spamd.c,v 1.126 2015/03/12 20:07:20 millert Exp $ */ +/* $OpenBSD: spamd.c,v 1.127 2015/04/18 18:28:37 deraadt Exp $ */ /* * Copyright (c) 2015 Henning Brauer @@ -1246,22 +1246,21 @@ main(int argc, char *argv[]) bind_address = optarg; break; case 'B': - i = atoi(optarg); - maxblack = i; + maxblack = strtonum(optarg, 0, INT_MAX, &errstr); + if (errstr) + errx(1, "-B %s: %s", optarg, errstr); break; case 'c': - i = atoi(optarg); - if (i > maxfiles) { - fprintf(stderr, - "%d > system max of %d connections\n", - i, maxfiles); + maxcon = strtonum(optarg, 1, maxfiles, &errstr); + if (errstr) { + fprintf(stderr, "-c %s: %sn", optarg, errstr); usage(); } - maxcon = i; break; case 'p': - i = atoi(optarg); - port = i; + port = strtonum(optarg, 1, USHRT_MAX, &errstr); + if (errstr) + errx(1, "-p %s: %s", optarg, errstr); break; case 'd': debug = 1; @@ -1290,16 +1289,14 @@ main(int argc, char *argv[]) errx(1, "-h arg too long"); break; case 's': - i = strtonum(optarg, 0, 10, &errstr); + stutter = strtonum(optarg, 0, 10, &errstr); if (errstr) usage(); - stutter = i; break; case 'S': - i = strtonum(optarg, 0, 90, &errstr); + grey_stutter = strtonum(optarg, 0, 90, &errstr); if (errstr) usage(); - grey_stutter = i; break; case 'M': low_prio_mx_ip = optarg; @@ -1311,9 +1308,9 @@ main(int argc, char *argv[]) verbose = 1; break; case 'w': - window = atoi(optarg); - if (window <= 0) - usage(); + window = strtonum(optarg, 1, INT_MAX, &errstr); + if (errstr) + errx(1, "-w %s: %s", optarg, errstr); break; case 'Y': if (sync_addhost(optarg, sync_port) != 0) diff --git a/sbin/fsck/fsck.c b/sbin/fsck/fsck.c index 6af8c324236..1600b49f6b8 100644 --- a/sbin/fsck/fsck.c +++ b/sbin/fsck/fsck.c @@ -1,4 +1,4 @@ -/* $OpenBSD: fsck.c,v 1.34 2015/03/20 01:53:05 millert Exp $ */ +/* $OpenBSD: fsck.c,v 1.35 2015/04/18 18:28:37 deraadt Exp $ */ /* $NetBSD: fsck.c,v 1.7 1996/10/03 20:06:30 christos Exp $ */ /* @@ -88,6 +88,7 @@ static int hasopt(const char *, const char *); int main(int argc, char *argv[]) { + const char *errstr; struct fstab *fs; int i, rval = 0; char *vfstype = NULL; @@ -139,7 +140,10 @@ main(int argc, char *argv[]) break; case 'l': - maxrun = atoi(optarg); + maxrun = strtonum(optarg, 0, INT_MAX, &errstr); + if (errstr) + errx(1, "-l %s: %s", optarg, errstr); + break; case 'T': diff --git a/sbin/growfs/growfs.c b/sbin/growfs/growfs.c index 67e7ed7afa6..d64891a2599 100644 --- a/sbin/growfs/growfs.c +++ b/sbin/growfs/growfs.c @@ -1,4 +1,4 @@ -/* $OpenBSD: growfs.c,v 1.38 2015/01/20 18:22:21 deraadt Exp $ */ +/* $OpenBSD: growfs.c,v 1.39 2015/04/18 18:28:37 deraadt Exp $ */ /* * Copyright (c) 2000 Christoph Herrmann, Thomas-Henning von Kamptz * Copyright (c) 1980, 1989, 1993 The Regents of the University of California. @@ -1865,7 +1865,7 @@ charsperline(void) columns = ws.ws_col; } if (columns == 0 && (cp = getenv("COLUMNS"))) { - columns = atoi(cp); + columns = strtonum(cp, 1, INT_MAX, NULL); } if (columns == 0) { columns = 80; /* last resort */ diff --git a/sbin/mount_msdos/mount_msdos.c b/sbin/mount_msdos/mount_msdos.c index 3057b45828f..6581bd34fed 100644 --- a/sbin/mount_msdos/mount_msdos.c +++ b/sbin/mount_msdos/mount_msdos.c @@ -1,4 +1,4 @@ -/* $OpenBSD: mount_msdos.c,v 1.29 2015/01/16 06:39:59 deraadt Exp $ */ +/* $OpenBSD: mount_msdos.c,v 1.30 2015/04/18 18:28:37 deraadt Exp $ */ /* $NetBSD: mount_msdos.c,v 1.16 1996/10/24 00:12:50 cgd Exp $ */ /* @@ -158,19 +158,15 @@ gid_t a_gid(char *s) { struct group *gr; + const char *errstr; char *gname; gid_t gid; if ((gr = getgrnam(s)) != NULL) - gid = gr->gr_gid; - else { - for (gname = s; isdigit((unsigned char)*s); ++s) - ; - if (!*s) - gid = atoi(gname); - else - errx(1, "unknown group id: %s", gname); - } + return gr->gr_gid; + gid = strtonum(s, 0, GID_MAX, &errstr); + if (errstr) + errx(1, "group is %s: %s", errstr, s); return (gid); } @@ -178,19 +174,15 @@ uid_t a_uid(char *s) { struct passwd *pw; + const char *errstr; char *uname; uid_t uid; if ((pw = getpwnam(s)) != NULL) - uid = pw->pw_uid; - else { - for (uname = s; isdigit((unsigned char)*s); ++s) - ; - if (!*s) - uid = atoi(uname); - else - errx(1, "unknown user id: %s", uname); - } + return pw->pw_uid; + uid = strtonum(s, 0, UID_MAX, &errstr); + if (errstr) + errx(1, "user is %s: %s", errstr, s); return (uid); } diff --git a/sbin/newfs/mkfs.c b/sbin/newfs/mkfs.c index 94ca0700952..d239bfc6c3a 100644 --- a/sbin/newfs/mkfs.c +++ b/sbin/newfs/mkfs.c @@ -1,4 +1,4 @@ -/* $OpenBSD: mkfs.c,v 1.90 2015/02/06 22:29:00 millert Exp $ */ +/* $OpenBSD: mkfs.c,v 1.91 2015/04/18 18:28:37 deraadt Exp $ */ /* $NetBSD: mkfs.c,v 1.25 1995/06/18 21:35:38 cgd Exp $ */ /* @@ -1149,7 +1149,7 @@ charsperline(void) if (ioctl(0, TIOCGWINSZ, &ws) != -1) columns = ws.ws_col; if (columns == 0 && (cp = getenv("COLUMNS"))) - columns = atoi(cp); + columns = strtonum(cp, 1, INT_MAX, NULL); if (columns == 0) columns = 80; /* last resort */ return columns; diff --git a/sbin/newfs_msdos/newfs_msdos.c b/sbin/newfs_msdos/newfs_msdos.c index 6006fe96e27..78495ebac99 100644 --- a/sbin/newfs_msdos/newfs_msdos.c +++ b/sbin/newfs_msdos/newfs_msdos.c @@ -1,4 +1,4 @@ -/* $OpenBSD: newfs_msdos.c,v 1.25 2015/01/16 06:40:00 deraadt Exp $ */ +/* $OpenBSD: newfs_msdos.c,v 1.26 2015/04/18 18:28:37 deraadt Exp $ */ /* * Copyright (c) 1998 Robert Nordier @@ -260,11 +260,9 @@ main(int argc, char *argv[]) opt_B = optarg; break; case 'F': - if (strcmp(optarg, "12") && - strcmp(optarg, "16") && - strcmp(optarg, "32")) + opt_F = strtonum(optarg, 1, INT_MAX, NULL); + if (!(opt_F == 12 || opt_F == 16 || opt_F == 32)) errx(1, "%s: bad FAT type", optarg); - opt_F = atoi(optarg); break; case 'I': opt_I = argto4(optarg, 0, "volume ID"); diff --git a/sbin/quotacheck/quotacheck.c b/sbin/quotacheck/quotacheck.c index 8b1966287fb..bbf4e0fbe85 100644 --- a/sbin/quotacheck/quotacheck.c +++ b/sbin/quotacheck/quotacheck.c @@ -1,4 +1,4 @@ -/* $OpenBSD: quotacheck.c,v 1.37 2015/02/07 02:09:14 deraadt Exp $ */ +/* $OpenBSD: quotacheck.c,v 1.38 2015/04/18 18:28:37 deraadt Exp $ */ /* $NetBSD: quotacheck.c,v 1.12 1996/03/30 22:34:25 mark Exp $ */ /* @@ -136,6 +136,7 @@ main(int argc, char *argv[]) struct quotaname *auxdata; int i, argnum, maxrun, errs, ch; u_int64_t done = 0; /* XXX supports maximum 64 filesystems */ + const char *errstr; char *name; errs = maxrun = 0; @@ -151,7 +152,9 @@ main(int argc, char *argv[]) gflag = 1; break; case 'l': - maxrun = atoi(optarg); + maxrun = strtonum(optarg, 0, INT_MAX, &errstr); + if (errstr) + errx(1, "-l %s: %s", optarg, errstr); break; case 'u': uflag = 1; diff --git a/sbin/savecore/savecore.c b/sbin/savecore/savecore.c index d186c59f2b6..53cc2a7dac2 100644 --- a/sbin/savecore/savecore.c +++ b/sbin/savecore/savecore.c @@ -1,4 +1,4 @@ -/* $OpenBSD: savecore.c,v 1.51 2015/03/15 00:41:27 millert Exp $ */ +/* $OpenBSD: savecore.c,v 1.52 2015/04/18 18:28:37 deraadt Exp $ */ /* $NetBSD: savecore.c,v 1.26 1996/03/18 21:16:05 leo Exp $ */ /*- @@ -34,7 +34,6 @@ #include #include #include -#include #include #include @@ -390,8 +389,13 @@ save_core(void) if (ferror(fp)) err1: syslog(LOG_WARNING, "%s: %s", path, strerror(errno)); bounds = 0; - } else - bounds = atoi(buf); + } else { + const char *errstr; + + bounds = strtonum(buf, 0, INT_MAX, &errstr); + if (errstr) + syslog(LOG_WARNING, "bounds was corrupt: %s", errstr); + } if (fp != NULL) (void)fclose(fp); if ((fp = fopen(path, "w")) == NULL) @@ -607,8 +611,13 @@ check_space(void) else { if (fgets(buf, sizeof(buf), fp) == NULL) minfree = 0; - else - minfree = atoi(buf); + else { + const char *errstr; + + minfree = strtonum(buf, 0, LLONG_MAX, &errstr); + syslog(LOG_WARNING, + "minfree was corrupt: %s", errstr); + } (void)fclose(fp); } diff --git a/sbin/shutdown/shutdown.c b/sbin/shutdown/shutdown.c index f9eae2ca01d..07f9fb22206 100644 --- a/sbin/shutdown/shutdown.c +++ b/sbin/shutdown/shutdown.c @@ -1,4 +1,4 @@ -/* $OpenBSD: shutdown.c,v 1.41 2015/03/15 00:41:27 millert Exp $ */ +/* $OpenBSD: shutdown.c,v 1.42 2015/04/18 18:28:37 deraadt Exp $ */ /* $NetBSD: shutdown.c,v 1.9 1995/03/18 15:01:09 cgd Exp $ */ /* @@ -437,9 +437,12 @@ getoffset(char *timearg) (void)time(&now); if (*timearg == '+') { /* +minutes */ - if (!isdigit((unsigned char)*++timearg)) + const char *errstr; + + offset = strtonum(++timearg, 0, INT_MAX, &errstr); + if (errstr); badtime(); - offset = atoi(timearg) * 60; + offset *= 60; shuttime = now + offset; return; } diff --git a/sbin/swapctl/swapctl.c b/sbin/swapctl/swapctl.c index 0b561f2b483..94f749850bb 100644 --- a/sbin/swapctl/swapctl.c +++ b/sbin/swapctl/swapctl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: swapctl.c,v 1.19 2015/01/16 06:40:01 deraadt Exp $ */ +/* $OpenBSD: swapctl.c,v 1.20 2015/04/18 18:28:37 deraadt Exp $ */ /* $NetBSD: swapctl.c,v 1.9 1998/07/26 20:23:15 mycroft Exp $ */ /* @@ -58,6 +58,7 @@ #include #include #include +#include #include #include #include @@ -116,6 +117,7 @@ extern char *__progname; /* from crt0.o */ int main(int argc, char *argv[]) { + const char *errstr; int c; if (strcmp(__progname, "swapon") == 0) @@ -149,8 +151,9 @@ main(int argc, char *argv[]) case 'p': pflag = 1; - /* XXX strtol() */ - pri = atoi(optarg); + pri = strtonum(optarg, 0, INT_MAX, &errstr); + if (errstr) + errx(1, "-p %s: %s", errstr, optarg); break; case 's': diff --git a/sbin/sysctl/sysctl.c b/sbin/sysctl/sysctl.c index c8b322f944d..457c259300f 100644 --- a/sbin/sysctl/sysctl.c +++ b/sbin/sysctl/sysctl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sysctl.c,v 1.210 2015/02/13 00:02:21 guenther Exp $ */ +/* $OpenBSD: sysctl.c,v 1.211 2015/04/18 18:28:37 deraadt Exp $ */ /* $NetBSD: sysctl.c,v 1.9 1995/09/30 07:12:50 thorpej Exp $ */ /* @@ -102,6 +102,7 @@ #include #include #include +#include #include #include @@ -1297,6 +1298,8 @@ sysctl_bios(char *string, char **bufpp, int mib[], int flags, int *typep) return (-1); mib[2] = indx; if (indx == BIOS_DISKINFO) { + const char *errstr; + if (*bufpp == NULL) { char name[BUFSIZ]; @@ -1312,7 +1315,11 @@ sysctl_bios(char *string, char **bufpp, int mib[], int flags, int *typep) warnx("%s: incomplete specification", string); return (-1); } - mib[3] = atoi(name); + mib[3] = strtonum(name, 0, INT_MAX, &errstr); + if (errstr) { + warnx("%s: %s", string, errstr); + return (-1); + } *typep = CTLTYPE_STRUCT; return (4); } else { @@ -1802,6 +1809,7 @@ sysctl_malloc(char *string, char **bufpp, int mib[], int flags, int *typep) { int indx, stor, i; char *name, bufp[SYSCTL_BUFSIZ], *buf, *ptr; + const char *errstr; struct list lp; size_t size; @@ -1839,7 +1847,9 @@ sysctl_malloc(char *string, char **bufpp, int mib[], int flags, int *typep) free(lp.list); return (-1); } - mib[3] = atoi(name); + mib[3] = strtonum(name, 0, INT_MAX, &errstr); + if (errstr) + return -1; return (4); } else if (mib[2] == KERN_MALLOC_BUCKETS) { *typep = CTLTYPE_STRING; @@ -2398,7 +2408,13 @@ sysctl_sensors(char *string, char **bufpp, int mib[], int flags, int *typep) numt = -1; for (i = 0; typename[i] != '\0'; i++) if (isdigit((unsigned char)typename[i])) { - numt = atoi(&typename[i]); + const char *errstr; + + numt = strtonum(&typename[i], 0, INT_MAX, &errstr); + if (errstr) { + warnx("%s: %s", string, errstr); + return (-1); + } typename[i] = '\0'; break; } @@ -2702,7 +2718,14 @@ sysctl_emul(char *string, char *newval, int flags) mib[2] = emul_names[i].index; len = sizeof(int); if (newval) { - enabled = atoi(newval); + const char *errstr; + + enabled = strtonum(newval, 0, INT_MAX, &errstr); + if (errstr) { + warnx("%s: %s is %s", string, newval, errstr); + print = 0; + continue; + } if (sysctl(mib, 4, &old, &len, &enabled, len) == -1) { warn("%s", string); print = 0; diff --git a/sbin/wsconsctl/map_scan.l b/sbin/wsconsctl/map_scan.l index ec5e172cc74..60172cc9d45 100644 --- a/sbin/wsconsctl/map_scan.l +++ b/sbin/wsconsctl/map_scan.l @@ -1,4 +1,4 @@ -/* $OpenBSD: map_scan.l,v 1.4 2012/07/14 08:28:47 shadchin Exp $ */ +/* $OpenBSD: map_scan.l,v 1.5 2015/04/18 18:28:37 deraadt Exp $ */ /* $NetBSD: map_scan.l 1.1 1998/12/28 14:01:17 hannken Exp $ */ /*- @@ -34,6 +34,7 @@ #include #include +#include #include #include "wsconsctl.h" #include "y.tab.h" @@ -81,7 +82,11 @@ keysym { } [0-9]+ { - yylval.ival = atoi(yytext); + const char *errstr; + + yylval.ival = strtonum(yytext, 0, INT_MAX, &errstr); + if (errstr) + errx(1, "%s: %s", yytext, errstr); return(T_NUMBER); } diff --git a/usr.bin/calendar/calendar.c b/usr.bin/calendar/calendar.c index 85c28be895d..fcab233ec86 100644 --- a/usr.bin/calendar/calendar.c +++ b/usr.bin/calendar/calendar.c @@ -1,4 +1,4 @@ -/* $OpenBSD: calendar.c,v 1.30 2015/03/15 00:41:28 millert Exp $ */ +/* $OpenBSD: calendar.c,v 1.31 2015/04/18 18:28:37 deraadt Exp $ */ /* * Copyright (c) 1989, 1993, 1994 @@ -41,6 +41,7 @@ #include #include #include +#include #include #include @@ -68,6 +69,7 @@ int main(int argc, char *argv[]) { int ch; + const char *errstr; char *caldir; (void)setlocale(LC_ALL, ""); @@ -95,12 +97,16 @@ main(int argc, char *argv[]) break; case 'A': /* days after current date */ - f_dayAfter = atoi(optarg); + f_dayAfter = strtonum(optarg, 0, INT_MAX, &errstr); + if (errstr) + errx(1, "-A %s: %s", optarg, errstr); f_SetdayAfter = 1; break; case 'B': /* days before current date */ - f_dayBefore = atoi(optarg); + f_dayBefore = strtonum(optarg, 0, INT_MAX, &errstr); + if (errstr) + errx(1, "-B %s: %s", optarg, errstr); break; default: diff --git a/usr.bin/calendar/io.c b/usr.bin/calendar/io.c index d0a5e5847be..1e1950b2d30 100644 --- a/usr.bin/calendar/io.c +++ b/usr.bin/calendar/io.c @@ -1,4 +1,4 @@ -/* $OpenBSD: io.c,v 1.38 2015/03/15 00:41:28 millert Exp $ */ +/* $OpenBSD: io.c,v 1.39 2015/04/18 18:28:37 deraadt Exp $ */ /* * Copyright (c) 1989, 1993, 1994 @@ -281,12 +281,16 @@ getfield(char *p, char **endp, int *flags) } } if (i > NUMEV) { - switch(*start) { + const char *errstr; + + switch (*start) { case '-': case '+': - var = atoi(start); - if (var > 365 || var < -365) + var = strtonum(start + 1, 0, 365, &errstr); + if (errstr) return (0); /* Someone is just being silly */ + if (*start == '-') + var = -var; val += (NUMEV + 1) * var; /* We add one to the matching event and multiply by * (NUMEV + 1) so as not to return 0 if there's a match. diff --git a/usr.bin/find/function.c b/usr.bin/find/function.c index 6037db0b287..585ce2a1fed 100644 --- a/usr.bin/find/function.c +++ b/usr.bin/find/function.c @@ -1,4 +1,4 @@ -/* $OpenBSD: function.c,v 1.43 2015/03/15 00:41:28 millert Exp $ */ +/* $OpenBSD: function.c,v 1.44 2015/04/18 18:28:37 deraadt Exp $ */ /*- * Copyright (c) 1990, 1993 @@ -883,8 +883,10 @@ c_group(char *gname, char ***ignored, int unused) g = getgrnam(gname); if (g == NULL) { - gid = atoi(gname); - if (gid == 0 && gname[0] != '0') + const char *errstr; + + gid = strtonum(gname, 0, GID_MAX, &errstr); + if (errstr) errx(1, "-group: %s: no such group", gname); } else gid = g->gr_gid; @@ -1014,9 +1016,12 @@ PLAN * c_mindepth(char *arg, char ***ignored, int unused) { PLAN *new; + const char *errstr = NULL; new = palloc(N_MINDEPTH, f_mindepth); - new->min_data = atoi(arg); + new->min_data = strtonum(arg, 0, INT_MAX, &errstr); + if (errstr) + errx(1, "-mindepth: %s: value %s", arg, errstr); return (new); } @@ -1488,8 +1493,10 @@ c_user(char *username, char ***ignored, int unused) p = getpwnam(username); if (p == NULL) { - uid = atoi(username); - if (uid == 0 && username[0] != '0') + const char *errstr; + + uid = strtonum(username, 0, UID_MAX, &errstr); + if (errstr) errx(1, "-user: %s: no such user", username); } else uid = p->pw_uid; diff --git a/usr.bin/ipcrm/ipcrm.c b/usr.bin/ipcrm/ipcrm.c index aa11580cbf4..4f70c629848 100644 --- a/usr.bin/ipcrm/ipcrm.c +++ b/usr.bin/ipcrm/ipcrm.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ipcrm.c,v 1.10 2005/12/19 19:13:50 millert Exp $*/ +/* $OpenBSD: ipcrm.c,v 1.11 2015/04/18 18:28:37 deraadt Exp $*/ /* * Copyright (c) 1994 Adam Glass @@ -39,6 +39,7 @@ #include #include #include +#include #include #include #include @@ -112,6 +113,7 @@ int main(int argc, char *argv[]) { int c, result, errflg, target_id; + const char *errstr; key_t target_key; errflg = 0; @@ -122,7 +124,9 @@ main(int argc, char *argv[]) case 'q': case 'm': case 's': - target_id = atoi(optarg); + target_id = strtonum(optarg, 0, INT_MAX, &errstr); + if (errstr) + errx(1, "-%c %s: %s\n", c, optarg, &errstr); if (c == 'q') result = msgrm(0, target_id); else if (c == 'm') diff --git a/usr.bin/kdump/kdump.c b/usr.bin/kdump/kdump.c index 45ebeeadde0..6fe9653bb99 100644 --- a/usr.bin/kdump/kdump.c +++ b/usr.bin/kdump/kdump.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kdump.c,v 1.100 2015/04/17 06:33:30 guenther Exp $ */ +/* $OpenBSD: kdump.c,v 1.101 2015/04/18 18:28:37 deraadt Exp $ */ /*- * Copyright (c) 1988, 1993 @@ -170,6 +170,7 @@ main(int argc, char *argv[]) int ch, silent; size_t ktrlen, size; int trpoints = ALL_POINTS; + const char *errstr; void *m; def_emul = current = &emulations[0]; /* native */ @@ -193,13 +194,17 @@ main(int argc, char *argv[]) tail = 1; break; case 'm': - maxdata = atoi(optarg); + maxdata = strtonum(optarg, 0, INT_MAX, &errstr); + if (errstr) + errx(1, "-m %s: %s", optarg, errstr); break; case 'n': fancy = 0; break; case 'p': - pid_opt = atoi(optarg); + pid_opt = strtonum(optarg, 1, INT_MAX, &errstr); + if (errstr) + errx(1, "-p %s: %s", optarg, errstr); break; case 'R': timestamp = 2; /* relative timestamp */ diff --git a/usr.bin/ktrace/ktrace.c b/usr.bin/ktrace/ktrace.c index 178180822eb..94180ca769a 100644 --- a/usr.bin/ktrace/ktrace.c +++ b/usr.bin/ktrace/ktrace.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ktrace.c,v 1.31 2015/01/16 06:40:09 deraadt Exp $ */ +/* $OpenBSD: ktrace.c,v 1.32 2015/04/18 18:28:37 deraadt Exp $ */ /* $NetBSD: ktrace.c,v 1.4 1995/08/31 23:01:44 jtc Exp $ */ /*- @@ -211,7 +211,9 @@ main(int argc, char *argv[]) static int rpid(const char *p) { + const char *errstr; static int first; + pid_t pid; if (first++) { warnx("only one -g or -p flag is permitted."); @@ -221,7 +223,12 @@ rpid(const char *p) warnx("illegal process id."); usage(); } - return(atoi(p)); + pid = strtonum(p, 1, INT_MAX, &errstr); + if (errstr) { + warnx("illegal process id: %s", errstr); + usage(); + } + return pid; } static void diff --git a/usr.bin/logger/logger.c b/usr.bin/logger/logger.c index 9146d678419..41d6e1fc569 100644 --- a/usr.bin/logger/logger.c +++ b/usr.bin/logger/logger.c @@ -1,4 +1,4 @@ -/* $OpenBSD: logger.c,v 1.13 2013/11/27 13:32:02 okan Exp $ */ +/* $OpenBSD: logger.c,v 1.14 2015/04/18 18:28:37 deraadt Exp $ */ /* $NetBSD: logger.c,v 1.4 1994/12/22 06:27:00 jtc Exp $ */ /* @@ -32,6 +32,7 @@ #include #include +#include #include #include #include @@ -155,10 +156,15 @@ pencode(char *s) int decode(char *name, CODE *codetab) { + int n; CODE *c; - if (isdigit((unsigned char)*name)) - return (atoi(name)); + if (isdigit((unsigned char)*name)) { + const char *errstr; + int n = strtonum(name, 0, INT_MAX, &errstr); + if (!errstr) + return (n); + } for (c = codetab; c->c_name; c++) if (!strcasecmp(name, c->c_name)) diff --git a/usr.bin/make/generate.c b/usr.bin/make/generate.c index 9e63e600877..a162e3ed1fb 100644 --- a/usr.bin/make/generate.c +++ b/usr.bin/make/generate.c @@ -1,4 +1,4 @@ -/* $OpenBSD: generate.c,v 1.16 2014/05/18 08:08:50 espie Exp $ */ +/* $OpenBSD: generate.c,v 1.17 2015/04/18 18:28:37 deraadt Exp $ */ /* * Copyright (c) 2001 Marc Espie. @@ -29,6 +29,7 @@ #include #include #include +#include #include #include "stats.h" @@ -137,6 +138,7 @@ main(int argc, char *argv[]) uint32_t v; uint32_t h; uint32_t slots; + const char *errstr; const char *e; char **occupied; char **t; @@ -146,11 +148,13 @@ main(int argc, char *argv[]) if (argc != 3) exit(1); - tn = atoi(argv[1]); - if (!tn) + tn = strtonum(argv[1], 1, INT_MAX, &errstr); + if (errstr) exit(1); t = table[tn-1]; - slots = atoi(argv[2]); + slots = strtonum(argv[2], 0, INT_MAX, &errstr); + if (errstr) + exit(1); if (slots) { occupied = calloc(slots, sizeof(char *)); if (!occupied) diff --git a/usr.bin/sed/process.c b/usr.bin/sed/process.c index 12385b844a4..aa7ea51d0c4 100644 --- a/usr.bin/sed/process.c +++ b/usr.bin/sed/process.c @@ -1,4 +1,4 @@ -/* $OpenBSD: process.c,v 1.22 2015/04/13 05:11:23 deraadt Exp $ */ +/* $OpenBSD: process.c,v 1.23 2015/04/18 18:28:37 deraadt Exp $ */ /*- * Copyright (c) 1992 Diomidis Spinellis. @@ -457,12 +457,14 @@ lputs(char *s) static int termwidth = -1; if (termwidth == -1) { + termwidth = 0; if ((p = getenv("COLUMNS"))) - termwidth = atoi(p); - else if (ioctl(STDOUT_FILENO, TIOCGWINSZ, &win) == 0 && + termwidth = strtonum(p, 0, INT_MAX, NULL); + if (termwidth == 0 && + ioctl(STDOUT_FILENO, TIOCGWINSZ, &win) == 0 && win.ws_col > 0) termwidth = win.ws_col; - else + if (termwidth == 0) termwidth = 60; } diff --git a/usr.bin/skey/skey.c b/usr.bin/skey/skey.c index 352e02356e3..a019f15c634 100644 --- a/usr.bin/skey/skey.c +++ b/usr.bin/skey/skey.c @@ -1,4 +1,4 @@ -/* $OpenBSD: skey.c,v 1.27 2014/03/20 20:39:13 naddy Exp $ */ +/* $OpenBSD: skey.c,v 1.28 2015/04/18 18:28:38 deraadt Exp $ */ /* * OpenBSD S/Key (skey.c) * @@ -27,6 +27,7 @@ #include #include #include +#include #include void usage(char *); @@ -37,6 +38,7 @@ main(int argc, char *argv[]) int n, i, cnt = 1, pass = 0, hexmode = 0; char passwd[SKEY_MAX_PW_LEN+1], key[SKEY_BINKEY_SIZE]; char buf[33], *seed, *slash; + const char *errstr; /* If we were called as otp-METHOD, set algorithm based on that */ if ((slash = strrchr(argv[0], '/'))) @@ -56,7 +58,9 @@ main(int argc, char *argv[]) case 'n': if (++i == argc) usage(argv[0]); - cnt = atoi(argv[i]); + cnt = strtonum(argv[i], 1, SKEY_MAX_SEQ -1, &errstr); + if (errstr) + usage(argv[0]); break; case 'p': if (++i == argc) @@ -96,19 +100,15 @@ main(int argc, char *argv[]) *slash++ = '\0'; seed = slash; - if ((n = atoi(argv[i])) < 0) { - warnx("%d not positive", n); - usage(argv[0]); - } else if (n > SKEY_MAX_SEQ) { - warnx("%d is larger than max (%d)", n, SKEY_MAX_SEQ); + n = strtonum(argv[i], 0, SKEY_MAX_SEQ, &errstr); + if (errstr) { + warnx("%s: %s", argv[i], errstr); usage(argv[0]); } } else { - if ((n = atoi(argv[i])) < 0) { - warnx("%d not positive", n); - usage(argv[0]); - } else if (n > SKEY_MAX_SEQ) { - warnx("%d is larger than max (%d)", n, SKEY_MAX_SEQ); + n = strtonum(argv[i], 0, SKEY_MAX_SEQ, &errstr); + if (errstr) { + warnx("%s: %s", argv[i], errstr); usage(argv[0]); } seed = argv[++i]; diff --git a/usr.bin/skeyinit/skeyinit.c b/usr.bin/skeyinit/skeyinit.c index 96698358826..abbba66c07e 100644 --- a/usr.bin/skeyinit/skeyinit.c +++ b/usr.bin/skeyinit/skeyinit.c @@ -1,4 +1,4 @@ -/* $OpenBSD: skeyinit.c,v 1.56 2015/01/16 06:40:11 deraadt Exp $ */ +/* $OpenBSD: skeyinit.c,v 1.57 2015/04/18 18:28:38 deraadt Exp $ */ /* OpenBSD S/Key (skeyinit.c) * @@ -52,6 +52,7 @@ main(int argc, char **argv) char seed[SKEY_MAX_SEED_LEN + 1]; char buf[256], key[SKEY_BINKEY_SIZE], filename[PATH_MAX], *ht; char lastc, me[UT_NAMESIZE + 1], *p, *auth_type; + const char *errstr; u_int32_t noise; struct skey skey; struct passwd *pp; @@ -108,7 +109,8 @@ main(int argc, char **argv) case 'n': if (argv[++i] == NULL || argv[i][0] == '\0') usage(); - if ((n = atoi(argv[i])) < 1 || n >= SKEY_MAX_SEQ) + n = strtonum(argv[i], 1, SKEY_MAX_SEQ - 1, &errstr); + if (errstr) errx(1, "count must be > 0 and < %d", SKEY_MAX_SEQ); break; @@ -324,6 +326,7 @@ secure_mode(int *count, char *key, char *seed, size_t seedlen, char *buf, size_t bufsiz) { char *p, newseed[SKEY_MAX_SEED_LEN + 2]; + const char *errstr; int i, n; (void)puts("You need the 6 words generated from the \"skey\" command."); @@ -335,11 +338,11 @@ secure_mode(int *count, char *key, char *seed, size_t seedlen, SKEY_MAX_SEQ); (void)fgets(buf, bufsiz, stdin); clearerr(stdin); - n = atoi(buf); - if (n > 0 && n < SKEY_MAX_SEQ) + n = strtonum(buf, 1, SKEY_MAX_SEQ-1, &errstr); + if (!errstr) break; /* Valid range */ - (void)fprintf(stderr, "ERROR: Count must be between 1 and %d\n", - SKEY_MAX_SEQ); + fprintf(stderr, "ERROR: Count must be between 1 and %d\n", + SKEY_MAX_SEQ - 1); } for (i = 0; ; i++) { @@ -492,6 +495,7 @@ convert_db(void) FILE *newfile; char buf[256], *logname, *hashtype, *seed, *val, *cp; char filename[PATH_MAX]; + const char *errstr; int fd, n; if ((keyfile = fopen(_PATH_SKEYKEYS, "r")) == NULL) @@ -516,7 +520,9 @@ convert_db(void) hashtype = cp; if ((cp = strtok(NULL, " \t")) == NULL) continue; - n = atoi(cp); + n = strtonum(cp, 0, SKEY_MAX_SEQ, &errstr); + if (errstr) + continue; if ((seed = strtok(NULL, " \t")) == NULL) continue; if ((val = strtok(NULL, " \t")) == NULL) diff --git a/usr.bin/systat/main.c b/usr.bin/systat/main.c index c61954ae643..692d022dfec 100644 --- a/usr.bin/systat/main.c +++ b/usr.bin/systat/main.c @@ -1,4 +1,4 @@ -/* $Id: main.c,v 1.62 2015/03/12 01:03:00 claudio Exp $ */ +/* $Id: main.c,v 1.63 2015/04/18 18:28:38 deraadt Exp $ */ /* * Copyright (c) 2001, 2007 Can Erkin Acar * Copyright (c) 2001 Daniel Hartmeier @@ -296,13 +296,12 @@ cmd_delay(const char *buf) void cmd_count(const char *buf) { + const char *errstr; int ms; - ms = atoi(buf); - if (ms <= 0 || ms > lines - HEADER_LINES) + maxprint = strtonum(buf, 1, lines - HEADER_LINES, &errstr); + if (errstr) maxprint = lines - HEADER_LINES; - else - maxprint = ms; } @@ -380,6 +379,7 @@ int main(int argc, char *argv[]) { char errbuf[_POSIX2_LINE_MAX]; + const char *errstr; extern char *optarg; extern int optind; double delay = 5; @@ -418,9 +418,9 @@ main(int argc, char *argv[]) interactive = 0; break; case 'd': - countmax = atoi(optarg); - if (countmax < 0) - countmax = 0; + countmax = strtonum(optarg, 1, INT_MAX, &errstr); + if (errstr) + errx(1, "-d %s: %s", optarg, errstr); break; case 'i': interactive = 1; @@ -438,11 +438,9 @@ main(int argc, char *argv[]) delay = 5; break; case 'w': - rawwidth = atoi(optarg); - if (rawwidth < 1) - rawwidth = DEFAULT_WIDTH; - if (rawwidth >= MAX_LINE_BUF) - rawwidth = MAX_LINE_BUF - 1; + rawwidth = strtonum(optarg, 1, MAX_LINE_BUF-1, &errstr); + if (errstr) + errx(1, "-w %s: %s", optarg, errstr); break; default: usage(); diff --git a/usr.bin/tip/tip.c b/usr.bin/tip/tip.c index 98727ab64d1..6497828cc82 100644 --- a/usr.bin/tip/tip.c +++ b/usr.bin/tip/tip.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tip.c,v 1.55 2015/02/07 10:07:15 deraadt Exp $ */ +/* $OpenBSD: tip.c,v 1.56 2015/04/18 18:28:38 deraadt Exp $ */ /* $NetBSD: tip.c,v 1.13 1997/04/20 00:03:05 mellon Exp $ */ /* @@ -50,6 +50,8 @@ int main(int argc, char *argv[]) { char *sys = NULL; + const char *errstr; + int baud; int i, pair[2]; vinit(); @@ -81,7 +83,12 @@ main(int argc, char *argv[]) case '0': case '1': case '2': case '3': case '4': case '5': case '6': case '7': case '8': case '9': - vsetnum(BAUDRATE, atoi(&argv[1][1])); + baud = strtonum(&argv[1][1], 0, INT_MAX, &errstr); + if (errstr) { + fprintf(stderr, "incorrect speed: %s\n", errstr); + exit(1); + } + vsetnum(BAUDRATE, baud); break; default: diff --git a/usr.bin/unifdef/unifdef.c b/usr.bin/unifdef/unifdef.c index 89df19740aa..fa751572814 100644 --- a/usr.bin/unifdef/unifdef.c +++ b/usr.bin/unifdef/unifdef.c @@ -47,7 +47,7 @@ static const char copyright[] = #include "version.h" - "@(#) $Author: miod $\n" + "@(#) $Author: deraadt $\n" "@(#) $URL: http://dotat.at/prog/unifdef $\n" ; @@ -252,6 +252,7 @@ static const char *xstrdup(const char *, const char *); int main(int argc, char *argv[]) { + const char *errstr; int opt; while ((opt = getopt(argc, argv, "i:D:U:f:I:M:o:x:bBcdehKklmnsStV")) != -1) @@ -332,9 +333,9 @@ main(int argc, char *argv[]) version(); break; case 'x': - exitmode = atoi(optarg); - if(exitmode < 0 || exitmode > 2) - usage(); + exitmode = strtonum(optarg, 0, 2, &errstr); + if (errstr) + errx(1, "-x %s: %s", optarg, errstr); break; default: usage(); diff --git a/usr.bin/vis/vis.c b/usr.bin/vis/vis.c index b32ccef190d..fe40eed012d 100644 --- a/usr.bin/vis/vis.c +++ b/usr.bin/vis/vis.c @@ -1,4 +1,4 @@ -/* $OpenBSD: vis.c,v 1.16 2015/02/08 23:40:34 deraadt Exp $ */ +/* $OpenBSD: vis.c,v 1.17 2015/04/18 18:28:38 deraadt Exp $ */ /* $NetBSD: vis.c,v 1.4 1994/12/20 16:13:03 jtc Exp $ */ /*- @@ -34,6 +34,7 @@ #include #include #include +#include #include #include @@ -50,6 +51,7 @@ __dead void usage(void); int main(int argc, char *argv[]) { + const char *errstr; FILE *fp; int ch; @@ -80,10 +82,11 @@ main(int argc, char *argv[]) eflags |= VIS_NOSLASH; break; case 'F': - if ((foldwidth = atoi(optarg))<5) { + foldwidth = strtonum(optarg, 1, INT_MAX, &errstr); + if (errstr) + errx(1, "%s: %s", optarg, errstr); + if (foldwidth < 5) errx(1, "can't fold lines to less than 5 cols"); - /* NOTREACHED */ - } /*FALLTHROUGH*/ case 'f': fold = 1; /* fold output lines to 80 cols */ diff --git a/usr.bin/vmstat/vmstat.c b/usr.bin/vmstat/vmstat.c index dbaf096f05d..3ed634ed663 100644 --- a/usr.bin/vmstat/vmstat.c +++ b/usr.bin/vmstat/vmstat.c @@ -1,5 +1,5 @@ /* $NetBSD: vmstat.c,v 1.29.4.1 1996/06/05 00:21:05 cgd Exp $ */ -/* $OpenBSD: vmstat.c,v 1.137 2015/01/30 19:00:56 tedu Exp $ */ +/* $OpenBSD: vmstat.c,v 1.138 2015/04/18 18:28:38 deraadt Exp $ */ /* * Copyright (c) 1980, 1986, 1991, 1993 @@ -766,7 +766,13 @@ domem(void) siz = sizeof(struct kmembuckets); i = 0; while ((ap = strsep(&bufp, ",")) != NULL) { - mib[3] = atoi(ap); + const char *errstr; + + mib[3] = strtonum(ap, 0, INT_MAX, &errstr); + if (errstr) { + warnx("kernel lied about %d being a number", mib[3]); + return; + } if (sysctl(mib, 4, &buckets[MINBUCKET + i], &siz, NULL, 0) < 0) { diff --git a/usr.bin/xargs/xargs.c b/usr.bin/xargs/xargs.c index dded1c6a11b..ed0ada5138a 100644 --- a/usr.bin/xargs/xargs.c +++ b/usr.bin/xargs/xargs.c @@ -1,4 +1,4 @@ -/* $OpenBSD: xargs.c,v 1.28 2015/01/16 06:40:14 deraadt Exp $ */ +/* $OpenBSD: xargs.c,v 1.29 2015/04/18 18:28:38 deraadt Exp $ */ /* $FreeBSD: xargs.c,v 1.51 2003/05/03 19:09:11 obrien Exp $ */ /*- @@ -50,6 +50,7 @@ #include #include #include +#include #include "pathnames.h" @@ -78,6 +79,7 @@ main(int argc, char *argv[]) int ch, Jflag, nargs, nflag, nline; size_t linelen; char *endptr; + const char *errstr; inpline = replstr = NULL; ep = environ; @@ -125,19 +127,23 @@ main(int argc, char *argv[]) replstr = optarg; break; case 'L': - Lflag = atoi(optarg); + Lflag = strtonum(optarg, 0, INT_MAX, &errstr); + if (errstr) + errx(1, "-L %s: %s", optarg, errstr); break; case 'n': nflag = 1; - if ((nargs = atoi(optarg)) <= 0) - errx(1, "illegal argument count"); + nargs = strtonum(optarg, 1, INT_MAX, &errstr); + if (errstr) + errx(1, "-n %s: %s", optarg, errstr); break; case 'o': oflag = 1; break; case 'P': - if ((maxprocs = atoi(optarg)) <= 0) - errx(1, "max. processes must be >0"); + maxprocs = strtonum(optarg, 1, INT_MAX, &errstr); + if (errstr) + errx(1, "-P %s: %s", optarg, errstr); break; case 'p': pflag = 1; @@ -151,7 +157,9 @@ main(int argc, char *argv[]) errx(1, "replacements must be a number"); break; case 's': - nline = atoi(optarg); + nline = strtonum(optarg, 0, INT_MAX, &errstr); + if (errstr) + errx(1, "-s %s: %s", optarg, errstr); break; case 't': tflag = 1; diff --git a/usr.sbin/fdformat/fdformat.c b/usr.sbin/fdformat/fdformat.c index edf83e8460c..372e62bd94b 100644 --- a/usr.sbin/fdformat/fdformat.c +++ b/usr.sbin/fdformat/fdformat.c @@ -1,4 +1,4 @@ -/* $OpenBSD: fdformat.c,v 1.19 2014/10/08 04:55:03 deraadt Exp $ */ +/* $OpenBSD: fdformat.c,v 1.20 2015/04/18 18:28:38 deraadt Exp $ */ /* * Copyright (C) 1992-1994 by Joerg Wunsch, Dresden @@ -45,6 +45,7 @@ #include #include #include +#include #include #include #include @@ -181,33 +182,46 @@ main(int argc, char *argv[]) int rate = -1, gaplen = -1, secsize = -1, steps = -1; int fill = 0xf6, quiet = 0, verify = 1, verify_only = 0; int fd, c, track, error, tracks_per_dot, bytes_per_track, errs; + const char *errstr; char *devname; struct fd_type fdt; while((c = getopt(argc, argv, "c:s:h:r:g:S:F:t:i:qvn")) != -1) switch (c) { case 'c': /* # of cyls */ - cyls = atoi(optarg); + cyls = strtonum(optarg, 1, INT_MAX, &errstr); + if (errstr) + errx(1, "-c %s: %s", optarg, errstr); break; case 's': /* # of secs per track */ - secs = atoi(optarg); + secs = strtonum(optarg, 1, INT_MAX, &errstr); + if (errstr) + errx(1, "-s %s: %s", optarg, errstr); break; case 'h': /* # of heads */ - heads = atoi(optarg); + heads = strtonum(optarg, 1, INT_MAX, &errstr); + if (errstr) + errx(1, "-h %s: %s", optarg, errstr); break; case 'r': /* transfer rate, kilobyte/sec */ - rate = atoi(optarg); + rate = strtonum(optarg, 1, INT_MAX, &errstr); + if (errstr) + errx(1, "-r %s: %s", optarg, errstr); break; case 'g': /* length of GAP3 to format with */ - gaplen = atoi(optarg); + gaplen = strtonum(optarg, 1, INT_MAX, &errstr); + if (errstr) + errx(1, "-g %s: %s", optarg, errstr); break; case 'S': /* sector size shift factor (1 << S)*128 */ - secsize = atoi(optarg); + secsize = strtonum(optarg, 0, INT_MAX, &errstr); + if (errstr) + errx(1, "-S %s: %s", optarg, errstr); break; case 'F': /* fill byte, C-like notation allowed */ @@ -215,11 +229,15 @@ main(int argc, char *argv[]) break; case 't': /* steps per track */ - steps = atoi(optarg); + steps = strtonum(optarg, 1, INT_MAX, &errstr); + if (errstr) + errx(1, "-t %s: %s", optarg, errstr); break; case 'i': /* interleave factor */ - intleave = atoi(optarg); + intleave = strtonum(optarg, 1, INT_MAX, &errstr); + if (errstr) + errx(1, "-i %s: %s", optarg, errstr); break; case 'q': diff --git a/usr.sbin/ndp/ndp.c b/usr.sbin/ndp/ndp.c index bd8b76f8505..ce75ef718a0 100644 --- a/usr.sbin/ndp/ndp.c +++ b/usr.sbin/ndp/ndp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ndp.c,v 1.59 2015/01/16 06:40:18 deraadt Exp $ */ +/* $OpenBSD: ndp.c,v 1.60 2015/04/18 18:28:38 deraadt Exp $ */ /* $KAME: ndp.c,v 1.101 2002/07/17 08:46:33 itojun Exp $ */ /* @@ -102,6 +102,7 @@ #include #include #include +#include #include #include "gmt2local.h" @@ -202,8 +203,8 @@ main(int argc, char *argv[]) /*NOTREACHED*/ } mode = 'a'; - repeat = atoi(optarg); - if (repeat < 0) { + repeat = strtonum(optarg, 1, INT_MAX, &errstr); + if (errstr) { usage(); /*NOTREACHED*/ } diff --git a/usr.sbin/rbootd/bpf.c b/usr.sbin/rbootd/bpf.c index f6c37be1bde..523a9553219 100644 --- a/usr.sbin/rbootd/bpf.c +++ b/usr.sbin/rbootd/bpf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: bpf.c,v 1.21 2015/01/16 06:40:19 deraadt Exp $ */ +/* $OpenBSD: bpf.c,v 1.22 2015/04/18 18:28:38 deraadt Exp $ */ /* $NetBSD: bpf.c,v 1.5.2.1 1995/11/14 08:45:42 thorpej Exp $ */ /* @@ -58,6 +58,7 @@ #include #include #include +#include #include #include "defs.h" #include "pathnames.h" @@ -261,6 +262,7 @@ BpfGetIntfName(char **errmsg) { int minunit = 999, n; char *cp; + const char *errstr; static char device[IFNAMSIZ]; static char errbuf[128] = "No Error!"; struct ifaddrs *ifap, *ifa, *mp = NULL; @@ -288,8 +290,8 @@ BpfGetIntfName(char **errmsg) for (cp = ifa->ifa_name; !isdigit((unsigned char)*cp); ++cp) ; - n = atoi(cp); - if (n < minunit) { + n = strtonum(cp, 0, INT_MAX, &errstr); + if (errstr == NULL && n < minunit) { minunit = n; mp = ifa; } diff --git a/usr.sbin/rip6query/rip6query.c b/usr.sbin/rip6query/rip6query.c index fc67ae09ce4..72de4aa864e 100644 --- a/usr.sbin/rip6query/rip6query.c +++ b/usr.sbin/rip6query/rip6query.c @@ -1,4 +1,4 @@ -/* $OpenBSD: rip6query.c,v 1.14 2014/03/19 14:02:24 mpi Exp $ */ +/* $OpenBSD: rip6query.c,v 1.15 2015/04/18 18:28:38 deraadt Exp $ */ /* $KAME: rip6query.c,v 1.17 2002/09/08 01:35:17 itojun Exp $ */ /* @@ -38,6 +38,7 @@ #include #include #include +#include #include #include @@ -76,6 +77,7 @@ main(int argc, char *argv[]) int c; int ifidx = -1; int error; + const char *errstr; char pbuf[NI_MAXSERV]; struct addrinfo hints, *res; @@ -89,7 +91,9 @@ main(int argc, char *argv[]) } break; case 'w': - query_wait = atoi(optarg); + query_wait = strtonum(optarg, 1, INT_MAX, &errstr); + if (errstr) + errx(1, "-w %s: %s", optarg, errstr); break; default: usage(); diff --git a/usr.sbin/rpc.lockd/lockd.c b/usr.sbin/rpc.lockd/lockd.c index f0c8fbd943f..4b7397e3fd5 100644 --- a/usr.sbin/rpc.lockd/lockd.c +++ b/usr.sbin/rpc.lockd/lockd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: lockd.c,v 1.13 2015/01/16 06:40:20 deraadt Exp $ */ +/* $OpenBSD: lockd.c,v 1.14 2015/04/18 18:28:38 deraadt Exp $ */ /* * Copyright (c) 1995 @@ -46,6 +46,7 @@ #include #include #include +#include #include #include #include @@ -68,6 +69,7 @@ int main(int argc, char *argv[]) { SVCXPRT *transp; + const char *errstr; int ch; struct sigaction sigchild, sigalarm; int grace_period = 30; @@ -75,15 +77,15 @@ main(int argc, char *argv[]) while ((ch = getopt(argc, argv, "d:g:")) != (-1)) { switch (ch) { case 'd': - debug_level = atoi(optarg); - if (!debug_level) { + debug_level = strtonum(optarg, 1, INT_MAX, &errstr); + if (errstr) { usage(); /* NOTREACHED */ } break; case 'g': - grace_period = atoi(optarg); - if (!grace_period) { + grace_period = strtonum(optarg, 1, INT_MAX, &errstr); + if (errstr) { usage(); /* NOTREACHED */ } diff --git a/usr.sbin/sa/main.c b/usr.sbin/sa/main.c index f7c0f1c4f15..f64f03c7265 100644 --- a/usr.sbin/sa/main.c +++ b/usr.sbin/sa/main.c @@ -1,4 +1,4 @@ -/* $OpenBSD: main.c,v 1.12 2013/11/24 01:06:19 deraadt Exp $ */ +/* $OpenBSD: main.c,v 1.13 2015/04/18 18:28:38 deraadt Exp $ */ /* * Copyright (c) 1994 Christopher G. Demetriou * All rights reserved. @@ -72,6 +72,7 @@ main(int argc, char **argv) { int ch; int error = 0; + const char *errstr; extern char *__progname; while ((ch = getopt(argc, argv, "abcdDfijkKlmnqrstuv:")) != -1) @@ -156,7 +157,10 @@ main(int argc, char **argv) case 'v': /* cull junk */ vflag = 1; - cutoff = atoi(optarg); + /* XXX cutoff could be converted to quad_t? */ + cutoff = strtonum(optarg, 1, INT_MAX, &errstr); + if (errstr) + errx(1, "-v $s: %s", optarg, errstr); break; case '?': default: diff --git a/usr.sbin/tcpdump/tcpdump.c b/usr.sbin/tcpdump/tcpdump.c index e9b35ef8201..d96658b356c 100644 --- a/usr.sbin/tcpdump/tcpdump.c +++ b/usr.sbin/tcpdump/tcpdump.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tcpdump.c,v 1.69 2015/04/15 02:32:28 deraadt Exp $ */ +/* $OpenBSD: tcpdump.c,v 1.70 2015/04/18 18:28:38 deraadt Exp $ */ /* * Copyright (c) 1988, 1989, 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997 @@ -42,6 +42,7 @@ #include #include #include +#include #include #include #include @@ -209,6 +210,7 @@ main(int argc, char **argv) struct bpf_program *fcode; u_char *pcap_userdata; u_int dirfilt = 0, dlt = (u_int) -1; + const char *errstr; if ((cp = strrchr(argv[0], '/')) != NULL) program_name = cp + 1; @@ -235,9 +237,10 @@ main(int argc, char **argv) break; case 'c': - cnt = atoi(optarg); - if (cnt <= 0) - error("invalid packet count %s", optarg); + cnt = strtonum(optarg, 1, INT_MAX, &errstr); + if (errstr) + error("invalid packet count %s: %s", + optarg, errstr); break; case 'D': @@ -307,9 +310,9 @@ main(int argc, char **argv) break; case 's': - snaplen = atoi(optarg); - if (snaplen <= 0) - error("invalid snaplen %s", optarg); + snaplen = strtonum(optarg, 1, INT_MAX, &errstr); + if (errstr) + error("invalid snaplen %s: %s", optarg, errstr); break; case 'S': -- 2.20.1