summaryrefslogtreecommitdiff
path: root/src/core/ngx_string.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/core/ngx_string.c')
-rw-r--r--src/core/ngx_string.c99
1 files changed, 57 insertions, 42 deletions
diff --git a/src/core/ngx_string.c b/src/core/ngx_string.c
index 4e279176c..503502ab7 100644
--- a/src/core/ngx_string.c
+++ b/src/core/ngx_string.c
@@ -897,26 +897,28 @@ ngx_filename_cmp(u_char *s1, u_char *s2, size_t n)
ngx_int_t
ngx_atoi(u_char *line, size_t n)
{
- ngx_int_t value;
+ ngx_int_t value, cutoff, cutlim;
if (n == 0) {
return NGX_ERROR;
}
+ cutoff = NGX_MAX_INT_T_VALUE / 10;
+ cutlim = NGX_MAX_INT_T_VALUE % 10;
+
for (value = 0; n--; line++) {
if (*line < '0' || *line > '9') {
return NGX_ERROR;
}
+ if (value >= cutoff && (value > cutoff || *line - '0' > cutlim)) {
+ return NGX_ERROR;
+ }
+
value = value * 10 + (*line - '0');
}
- if (value < 0) {
- return NGX_ERROR;
-
- } else {
- return value;
- }
+ return value;
}
@@ -925,13 +927,16 @@ ngx_atoi(u_char *line, size_t n)
ngx_int_t
ngx_atofp(u_char *line, size_t n, size_t point)
{
- ngx_int_t value;
+ ngx_int_t value, cutoff, cutlim;
ngx_uint_t dot;
if (n == 0) {
return NGX_ERROR;
}
+ cutoff = NGX_MAX_INT_T_VALUE / 10;
+ cutlim = NGX_MAX_INT_T_VALUE % 10;
+
dot = 0;
for (value = 0; n--; line++) {
@@ -953,98 +958,107 @@ ngx_atofp(u_char *line, size_t n, size_t point)
return NGX_ERROR;
}
+ if (value >= cutoff && (value > cutoff || *line - '0' > cutlim)) {
+ return NGX_ERROR;
+ }
+
value = value * 10 + (*line - '0');
point -= dot;
}
while (point--) {
+ if (value > cutoff) {
+ return NGX_ERROR;
+ }
+
value = value * 10;
}
- if (value < 0) {
- return NGX_ERROR;
-
- } else {
- return value;
- }
+ return value;
}
ssize_t
ngx_atosz(u_char *line, size_t n)
{
- ssize_t value;
+ ssize_t value, cutoff, cutlim;
if (n == 0) {
return NGX_ERROR;
}
+ cutoff = NGX_MAX_SIZE_T_VALUE / 10;
+ cutlim = NGX_MAX_SIZE_T_VALUE % 10;
+
for (value = 0; n--; line++) {
if (*line < '0' || *line > '9') {
return NGX_ERROR;
}
+ if (value >= cutoff && (value > cutoff || *line - '0' > cutlim)) {
+ return NGX_ERROR;
+ }
+
value = value * 10 + (*line - '0');
}
- if (value < 0) {
- return NGX_ERROR;
-
- } else {
- return value;
- }
+ return value;
}
off_t
ngx_atoof(u_char *line, size_t n)
{
- off_t value;
+ off_t value, cutoff, cutlim;
if (n == 0) {
return NGX_ERROR;
}
+ cutoff = NGX_MAX_OFF_T_VALUE / 10;
+ cutlim = NGX_MAX_OFF_T_VALUE % 10;
+
for (value = 0; n--; line++) {
if (*line < '0' || *line > '9') {
return NGX_ERROR;
}
+ if (value >= cutoff && (value > cutoff || *line - '0' > cutlim)) {
+ return NGX_ERROR;
+ }
+
value = value * 10 + (*line - '0');
}
- if (value < 0) {
- return NGX_ERROR;
-
- } else {
- return value;
- }
+ return value;
}
time_t
ngx_atotm(u_char *line, size_t n)
{
- time_t value;
+ time_t value, cutoff, cutlim;
if (n == 0) {
return NGX_ERROR;
}
+ cutoff = NGX_MAX_TIME_T_VALUE / 10;
+ cutlim = NGX_MAX_TIME_T_VALUE % 10;
+
for (value = 0; n--; line++) {
if (*line < '0' || *line > '9') {
return NGX_ERROR;
}
+ if (value >= cutoff && (value > cutoff || *line - '0' > cutlim)) {
+ return NGX_ERROR;
+ }
+
value = value * 10 + (*line - '0');
}
- if (value < 0) {
- return NGX_ERROR;
-
- } else {
- return value;
- }
+ return value;
}
@@ -1052,13 +1066,19 @@ ngx_int_t
ngx_hextoi(u_char *line, size_t n)
{
u_char c, ch;
- ngx_int_t value;
+ ngx_int_t value, cutoff;
if (n == 0) {
return NGX_ERROR;
}
+ cutoff = NGX_MAX_INT_T_VALUE / 16;
+
for (value = 0; n--; line++) {
+ if (value > cutoff) {
+ return NGX_ERROR;
+ }
+
ch = *line;
if (ch >= '0' && ch <= '9') {
@@ -1076,12 +1096,7 @@ ngx_hextoi(u_char *line, size_t n)
return NGX_ERROR;
}
- if (value < 0) {
- return NGX_ERROR;
-
- } else {
- return value;
- }
+ return value;
}
View Lorry Controller Status