From: Paul Eggert <eggert@cs.ucla.edu>
Date: Sat, 10 May 2014 18:42:38 +0000 (-0700)
Subject: shred: fix overflow checking of command-line options
X-Git-Tag: v8.23~73
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a7603fa6527cf53a22d5072acb454f65303a3874;p=thirdparty%2Fcoreutils.git

shred: fix overflow checking of command-line options

* src/shred.c (main): Limit -n (number of passes) value to
ULONG_MAX, not to UINT32_MAX, since the vars are unsigned long.
Limit the -s (file size) value to OFF_T_MAX.
---

diff --git a/src/shred.c b/src/shred.c
index 607c6be159..f4347e002a 100644
--- a/src/shred.c
+++ b/src/shred.c
@@ -1231,7 +1231,7 @@ main (int argc, char **argv)
           {
             uintmax_t tmp;
             if (xstrtoumax (optarg, NULL, 10, &tmp, NULL) != LONGINT_OK
-                || MIN (UINT32_MAX, SIZE_MAX / sizeof (int)) < tmp)
+                || MIN (ULONG_MAX, SIZE_MAX / sizeof (int)) <= tmp)
               {
                 error (EXIT_FAILURE, 0, _("%s: invalid number of passes"),
                        quotearg_colon (optarg));
@@ -1256,9 +1256,10 @@ main (int argc, char **argv)
 
         case 's':
           {
-            uintmax_t tmp;
-            if (xstrtoumax (optarg, NULL, 0, &tmp, "cbBkKMGTPEZY0")
-                != LONGINT_OK)
+            intmax_t tmp;
+            if ((xstrtoimax (optarg, NULL, 0, &tmp, "cbBkKMGTPEZY0")
+                 != LONGINT_OK)
+                || OFF_T_MAX < tmp)
               {
                 error (EXIT_FAILURE, 0, _("%s: invalid file size"),
                        quotearg_colon (optarg));