On Wed, Jul 30, 2014 at 10:19:19PM +0200, Fritjof Bornebusch wrote:
Ping?
> Hi tech,
>
> remove the atoi calls, in order to avoid overflows.
>
> fritjof
>
>
> Index: rcstime.c
> ===================================================================
> RCS file: /cvs/src/usr.bin/rcs/rcstime.c,v
> retrieving revision 1.4
> diff -u -p -r1.4 rcstime.c
> --- rcstime.c 29 Apr 2014 07:44:19 -0000 1.4
> +++ rcstime.c 30 Jun 2014 12:59:42 -0000
> @@ -36,6 +36,7 @@ rcs_set_tz(char *tz, struct rcs_delta *r
> int tzone;
> int pos;
> char *h, *m;
> + const char *errstr = NULL;
> struct tm *ltb;
> time_t now;
>
> @@ -62,8 +63,8 @@ rcs_set_tz(char *tz, struct rcs_delta *r
>
> memcpy(tb, &rdp->rd_date, sizeof(*tb));
>
> - tzone = atoi(h);
> - if ((tzone >= 24) || (tzone <= -24))
> + tzone = (int)strtonum(h, -23, 23, &errstr);
> + if (errstr)
> errx(1, "%s: not a known time zone", tz);
>
> if (pos) {
> @@ -78,9 +79,9 @@ rcs_set_tz(char *tz, struct rcs_delta *r
> tb->tm_hour = 0;
>
> if (m != NULL) {
> - tzone = atoi(m);
> - if (tzone >= 60)
> - errx(1, "%s: not a known time zone", tz);
> + tzone = (int)strtonum(m, 0, 59, &errstr);
> + if (errstr)
> + errx(1, "%s: not a known minute", m);
>
> if ((tb->tm_min + tzone) >= 60) {
> tb->tm_hour++;
>
