Package: shadow / 1:4.2-3+deb8u4

302-CVE-2016-6252-fix-integer-overflow.patch Patch series | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
From 1d5a926cc2d6078d23a96222b1ef3e558724dad1 Mon Sep 17 00:00:00 2001
From: Sebastian Krahmer <krahmer@suse.com>
Date: Wed, 3 Aug 2016 11:51:07 -0500
Subject: [PATCH] Simplify getulong

Use strtoul to read an unsigned long, rather than reading
a signed long long and casting it.

https://bugzilla.suse.com/show_bug.cgi?id=979282
---
 lib/getulong.c | 9 +++------
 1 file changed, 3 insertions(+), 6 deletions(-)

diff --git a/lib/getulong.c b/lib/getulong.c
index 61579ca..08d2c1a 100644
--- a/lib/getulong.c
+++ b/lib/getulong.c
@@ -44,22 +44,19 @@
  */
 int getulong (const char *numstr, /*@out@*/unsigned long int *result)
 {
-	long long int val;
+	unsigned long int val;
 	char *endptr;
 
 	errno = 0;
-	val = strtoll (numstr, &endptr, 0);
+	val = strtoul (numstr, &endptr, 0);
 	if (    ('\0' == *numstr)
 	     || ('\0' != *endptr)
 	     || (ERANGE == errno)
-	     /*@+ignoresigns@*/
-	     || (val != (unsigned long int)val)
-	     /*@=ignoresigns@*/
 	   ) {
 		return 0;
 	}
 
-	*result = (unsigned long int)val;
+	*result = val;
 	return 1;
 }
 
-- 
2.1.4