From 69ccbb75138a5f188cc4fd8f7f92b3ed1d19108b Mon Sep 17 00:00:00 2001
From: Thomas Haller <thaller@redhat.com>
Date: Mon, 4 Sep 2017 14:36:36 +0200
Subject: tui: avoid integer overflow checking the range in NmtNewtEntryNumeric

strtoul() operates on "unsigned long" while NmtNewtEntryNumeric uses
"int".

strtoul() might indicate that the text is a valid "unsigned long",
however, then casting to "int" might lead to truncation of the number
and wrong range check.

Also, the type supposedly handles negative integers as well. Not with
strtoul().
---
 clients/tui/newt/nmt-newt-entry-numeric.c | 10 ++--------
 1 file changed, 2 insertions(+), 8 deletions(-)

diff --git a/clients/tui/newt/nmt-newt-entry-numeric.c b/clients/tui/newt/nmt-newt-entry-numeric.c
index 1492bf2047..f0eceb5ffe 100644
--- a/clients/tui/newt/nmt-newt-entry-numeric.c
+++ b/clients/tui/newt/nmt-newt-entry-numeric.c
@@ -123,18 +123,12 @@ newt_entry_numeric_validate (NmtNewtEntry *entry,
 {
 	NmtNewtEntryNumericPrivate *priv = NMT_NEWT_ENTRY_NUMERIC_GET_PRIVATE (entry);
 	int val;
-	char *end;
 
 	if (!*text)
 		return priv->optional ? TRUE : FALSE;
 
-	val = strtoul (text, &end, 10);
-	if (*end)
-		return FALSE;
-	if (val < priv->min || val > priv->max)
-		return FALSE;
-
-	return TRUE;
+	val = _nm_utils_ascii_str_to_int64 (text, 10, priv->min, priv->max, 0);
+	return val != 0 || errno == 0;
 }
 
 static void
-- 
cgit v1.2.1