From: Terry Wilson <twilson@digium.com>
Date: Thu, 16 Aug 2012 22:50:12 +0000 (+0000)
Subject: Handle integer over/under-flow in ast_parse_args
X-Git-Tag: 10.9.0-rc1~57
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=73783b752c6272c7ca515cede9ba38b1564ce393;p=thirdparty%2Fasterisk.git

Handle integer over/under-flow in ast_parse_args

The strtol family of functions will return *_MIN/*_MAX on overflow. To
detect when an overflow has happened, errno must be set to 0 before
calling the function, then checked afterward.

(closes issue ASTERISK-20120)
Reported by: Matt Jordan
Review: https://reviewboard.asterisk.org/r/2073/
........

Merged revisions 371392 from http://svn.asterisk.org/svn/asterisk/branches/1.8


git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/10@371398 65c4cc65-6c06-0410-ace0-fbb531ad65f3
---

diff --git a/main/config.c b/main/config.c
index f6a515c8ff..c0135191a8 100644
--- a/main/config.c
+++ b/main/config.c
@@ -2652,8 +2652,9 @@ int ast_parse_arg(const char *arg, enum ast_parse_flags flags,
 			error = 1;
 			goto int32_done;
 		}
+		errno = 0;
 		x = strtol(arg, &endptr, 0);
-		if (*endptr || x < INT32_MIN || x > INT32_MAX) {
+		if (*endptr || errno || x < INT32_MIN || x > INT32_MAX) {
 			/* Parse error, or type out of int32_t bounds */
 			error = 1;
 			goto int32_done;
@@ -2699,8 +2700,9 @@ int32_done:
 			error = 1;
 			goto uint32_done;
 		}
+		errno = 0;
 		x = strtoul(arg, &endptr, 0);
-		if (*endptr || x > UINT32_MAX) {
+		if (*endptr || errno || x > UINT32_MAX) {
 			error = 1;
 			goto uint32_done;
 		}