From cfb9a2fa20dd2c4d1a73d2cc6c24e826dc0c5b79 Mon Sep 17 00:00:00 2001
From: deraadt <deraadt@openbsd.org>
Date: Fri, 17 Apr 2015 17:20:41 +0000
Subject: [PATCH] Use getint() instead of intval() for parsing the columns
 variable, allowing the addition of more accurate bounds and garbage checks.
 ok millert

---
 bin/ksh/var.c | 16 +++++++++++++---
 1 file changed, 13 insertions(+), 3 deletions(-)

diff --git a/bin/ksh/var.c b/bin/ksh/var.c
index 540adc1caa0..e747f2ea55a 100644
--- a/bin/ksh/var.c
+++ b/bin/ksh/var.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: var.c,v 1.40 2014/12/12 05:00:55 jsg Exp $	*/
+/*	$OpenBSD: var.c,v 1.41 2015/04/17 17:20:41 deraadt Exp $	*/
 
 #include "sh.h"
 #include <time.h>
@@ -1007,8 +1007,18 @@ setspec(struct tbl *vp)
 			set_editmode(str_val(vp));
 		break;
 	case V_COLUMNS:
-		if ((x_cols = intval(vp)) <= MIN_COLS)
-			x_cols = MIN_COLS;
+		{
+			long l;
+
+			if (getint(vp, &l, false) == -1) {
+				x_cols = MIN_COLS;
+				break;
+			}
+			if (l <= MIN_COLS || l > INT_MAX)
+				x_cols = MIN_COLS;
+			else
+				x_cols = l;
+		}
 		break;
 #endif /* EDIT */
 	case V_MAIL:
-- 
2.20.1