libxt_u32: do bounds checking for @'s operands

author Jan Engelhardt <jengelh@inai.de>

Fri, 13 Jul 2012 21:18:29 +0000 (23:18 +0200)

committer Pablo Neira Ayuso <pablo@netfilter.org>

Tue, 31 Jul 2012 11:31:44 +0000 (13:31 +0200)
author Jan Engelhardt <jengelh@inai.de>
Fri, 13 Jul 2012 21:18:29 +0000 (23:18 +0200)
committer Pablo Neira Ayuso <pablo@netfilter.org>
Tue, 31 Jul 2012 11:31:44 +0000 (13:31 +0200)
diff --git a/extensions/libxt_u32.c b/extensions/libxt_u32.c

index 6d024fb654096e935a0cfeea53c8c9441c197f03..2a7f5d8087cfda250dbd2f7dd794b922b24ee46b 100644 (file)
--- a/extensions/libxt_u32.c
+++ b/extensions/libxt_u32.c
@@ -88,17 +88,13 @@ static void u32_dump(const struct xt_u32 *data)
  /* string_to_number() is not quite what we need here ... */
  static uint32_t parse_number(const char **s, int pos)
  {
-       uint32_t number;
+       unsigned int number;
         char *end;
  
-       errno  = 0;
-       number = strtoul(*s, &end, 0);
-       if (end == *s)
+       if (!xtables_strtoui(*s, &end, &number, 0, UINT32_MAX) ||
+           end == *s)
                 xtables_error(PARAMETER_PROBLEM,
-                          "u32: at char %d: expected number", pos);
-       if (errno != 0)
-               xtables_error(PARAMETER_PROBLEM,
-                          "u32: at char %d: error reading number", pos);
+                       "u32: at char %d: not a number or out of range", pos);
         *s = end;
         return number;
  }
author	Jan Engelhardt <jengelh@inai.de>
	Fri, 13 Jul 2012 21:18:29 +0000 (23:18 +0200)
committer	Pablo Neira Ayuso <pablo@netfilter.org>
	Tue, 31 Jul 2012 11:31:44 +0000 (13:31 +0200)