Most uses of atoi are a mistake. That's because it is not convenient to detect when a malformed number it present. So good error handling isn't easy and (generally) coded that uses atoi just ignores problems.
So: any atoi call should be replaced. With what? strtoul is a useful function. It gives you some capability to detect problems. But we have our own ttoul function which is even better (see ipsec_ttoul(3)). We should probably replace all strtoul calls too. I did this work for plutomain.c and for some environment variable handling. I hope to get to the rest of the codebase. Through this process, I'm coming to think that a ttoul-like function that also does range-checking would be worthwhile. It is just too easy to be lazy about range checks. _______________________________________________ Swan-dev mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan-dev
