diff options
author | Stefan Metzmacher <metze@samba.org> | 2011-08-05 19:48:38 +0200 |
---|---|---|
committer | Karolin Seeger <kseeger@samba.org> | 2011-08-18 21:15:25 +0200 |
commit | 84735368921211d4b29d3b80ea747f692a2f1f91 (patch) | |
tree | 6f83c7ab1bd65123c10b595057d44a629229e54f /source3/web/swat.c | |
parent | d9192349311c59e7ec5b58747fa8c393af5f9d3d (diff) | |
download | samba-84735368921211d4b29d3b80ea747f692a2f1f91.tar.gz |
s3:web/swat: use strtoll() instead of atoi/atol/atoll
This is more portable, as we have a strtoll replacement
in lib/replace.
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Sat Aug 6 11:55:45 CEST 2011 on sn-devel-104
(cherry picked from commit a6be0820d09b3f3eabfbb5f4356add303aa8a494)
Fix bug #8347 (CVE-2011-2522 regression for HP-UX, AIX and OSF).
(cherry picked from commit ac5d8c0148e10a3a0af9e1dc0849bb6920c26ad7)
Diffstat (limited to 'source3/web/swat.c')
-rw-r--r-- | source3/web/swat.c | 25 |
1 files changed, 19 insertions, 6 deletions
diff --git a/source3/web/swat.c b/source3/web/swat.c index b3589568292..85bc6bcd641 100644 --- a/source3/web/swat.c +++ b/source3/web/swat.c @@ -192,16 +192,29 @@ bool verify_xsrf_token(const char *formname) const char *pass = cgi_user_pass(); const char *token = cgi_variable_nonull(XSRF_TOKEN); const char *time_str = cgi_variable_nonull(XSRF_TIME); + char *p = NULL; + long long xsrf_time_ll = 0; time_t xsrf_time = 0; time_t now = time(NULL); - if (sizeof(time_t) == sizeof(int)) { - xsrf_time = atoi(time_str); - } else if (sizeof(time_t) == sizeof(long)) { - xsrf_time = atol(time_str); - } else if (sizeof(time_t) == sizeof(long long)) { - xsrf_time = atoll(time_str); + errno = 0; + xsrf_time_ll = strtoll(time_str, &p, 10); + if (errno != 0) { + return false; + } + if (p == NULL) { + return false; + } + if (PTR_DIFF(p, time_str) > strlen(time_str)) { + return false; + } + if (xsrf_time_ll > _TYPE_MAXIMUM(time_t)) { + return false; + } + if (xsrf_time_ll < _TYPE_MINIMUM(time_t)) { + return false; } + xsrf_time = xsrf_time_ll; if (abs(now - xsrf_time) > XSRF_TIMEOUT) { return false; |