From f29535249547dfd74a5f727afbe18f0077b5b6af Mon Sep 17 00:00:00 2001
From: Jfreegman <jfreegman@gmail.com>
Date: Wed, 2 Sep 2015 19:41:21 -0400
Subject: [PATCH] Replace instances of unsafe atoi function with safe
 counterpart

---
 src/chat_commands.c   | 12 ++++++------
 src/global_commands.c | 18 ++++++++++--------
 src/toxic.c           | 33 +++++++++++++++++++++++++++------
 src/toxic.h           |  4 ++++
 4 files changed, 47 insertions(+), 20 deletions(-)

diff --git a/src/chat_commands.c b/src/chat_commands.c
index 2a4b8e7..3e479cc 100644
--- a/src/chat_commands.c
+++ b/src/chat_commands.c
@@ -45,9 +45,9 @@ void cmd_cancelfile(WINDOW *window, ToxWindow *self, Tox *m, int argc, char (*ar
 
     char msg[MAX_STR_SIZE];
     const char *inoutstr = argv[1];
-    int idx = atoi(argv[2]);
+    long int idx = strtol(argv[2], NULL, 10);
 
-    if (idx >= MAX_FILES || idx < 0) {
+    if ((idx == 0 && strcmp(argv[2], "0")) || idx >= MAX_FILES || idx < 0) {
         line_info_add(self, NULL, NULL, NULL, SYS_MSG, 0, 0, "Invalid file ID.");
         return;
     }
@@ -85,9 +85,9 @@ void cmd_groupinvite(WINDOW *window, ToxWindow *self, Tox *m, int argc, char (*a
         return;
     }
 
-    int groupnum = atoi(argv[1]);
+    long int groupnum = strtol(argv[1], NULL, 10);
 
-    if (groupnum == 0 && strcmp(argv[1], "0")) {    /* atoi returns 0 value on invalid input */
+    if ((groupnum == 0 && strcmp(argv[1], "0")) || groupnum < 0 || groupnum == LONG_MAX) {
         line_info_add(self, NULL, NULL, NULL, SYS_MSG, 0, 0, "Invalid group number.");
         return;
     }
@@ -146,9 +146,9 @@ void cmd_savefile(WINDOW *window, ToxWindow *self, Tox *m, int argc, char (*argv
         return;
     }
 
-    int idx = atoi(argv[1]);
+    long int idx = strtol(argv[1], NULL, 10);
 
-    if ((idx == 0 && strcmp(argv[1], "0")) || idx >= MAX_FILES) {
+    if ((idx == 0 && strcmp(argv[1], "0")) || idx < 0 || idx >= MAX_FILES) {
         line_info_add(self, NULL, NULL, NULL, SYS_MSG, 0, 0, "No pending file transfers with that ID.");
         return;
     }
diff --git a/src/global_commands.c b/src/global_commands.c
index 170a9ff..1ce3b21 100644
--- a/src/global_commands.c
+++ b/src/global_commands.c
@@ -50,9 +50,9 @@ void cmd_accept(WINDOW *window, ToxWindow *self, Tox *m, int argc, char (*argv)[
         return;
     }
 
-    int req = atoi(argv[1]);
+    long int req = strtol(argv[1], NULL, 10);
 
-    if ((req == 0 && strcmp(argv[1], "0")) || req < 0 || req > MAX_FRIEND_REQUESTS) {
+    if ((req == 0 && strcmp(argv[1], "0")) || req < 0 || req >= MAX_FRIEND_REQUESTS) {
         line_info_add(self, NULL, NULL, NULL, SYS_MSG, 0, 0, "No pending friend request with that ID.");
         return;
     }
@@ -248,10 +248,12 @@ void cmd_connect(WINDOW *window, ToxWindow *self, Tox *m, int argc, char (*argv)
     }
 
     const char *ip = argv[1];
-    const char *port = argv[2];
+    const char *port_str = argv[2];
     const char *ascii_key = argv[3];
 
-    if (atoi(port) == 0) {
+    long int port = strtol(port_str, NULL, 10);
+
+    if (port <= 0 || port > MAX_PORT_RANGE) {
         line_info_add(self, NULL, NULL, NULL, SYS_MSG, 0, 0, "Invalid port.");
         return;
     }
@@ -263,8 +265,8 @@ void cmd_connect(WINDOW *window, ToxWindow *self, Tox *m, int argc, char (*argv)
     }
 
     TOX_ERR_BOOTSTRAP err;
-    tox_bootstrap(m, ip, atoi(port), (uint8_t *) key_binary, &err);
-    tox_add_tcp_relay(m, ip, atoi(port), (uint8_t *) key_binary, &err);
+    tox_bootstrap(m, ip, port, (uint8_t *) key_binary, &err);
+    tox_add_tcp_relay(m, ip, port, (uint8_t *) key_binary, &err);
 
     switch (err) {
         case TOX_ERR_BOOTSTRAP_BAD_HOST:
@@ -290,9 +292,9 @@ void cmd_decline(WINDOW *window, ToxWindow *self, Tox *m, int argc, char (*argv)
         return;
     }
 
-    int req = atoi(argv[1]);
+    long int req = strtol(argv[1], NULL, 10);
 
-    if ((req == 0 && strcmp(argv[1], "0")) || req < 0 || req > MAX_FRIEND_REQUESTS) {
+    if ((req == 0 && strcmp(argv[1], "0")) || req < 0 || req >= MAX_FRIEND_REQUESTS) {
         line_info_add(self, NULL, NULL, NULL, SYS_MSG, 0, 0, "No pending friend request with that ID.");
         return;
     }
diff --git a/src/toxic.c b/src/toxic.c
index 849d441..012671f 100644
--- a/src/toxic.c
+++ b/src/toxic.c
@@ -299,10 +299,15 @@ static int load_nodelist(const char *filename)
 
         if (line_len >= MIN_NODE_LINE && line_len <= MAX_NODE_LINE) {
             const char *name = strtok(line, " ");
-            const char *port = strtok(NULL, " ");
+            const char *port_str = strtok(NULL, " ");
             const char *key_ascii = strtok(NULL, " ");
 
-            if (name == NULL || port == NULL || key_ascii == NULL)
+            if (name == NULL || port_str == NULL || key_ascii == NULL)
+                continue;
+
+            long int port = strtol(port_str, NULL, 10);
+
+            if (port <= 0 || port > MAX_PORT_RANGE)
                 continue;
 
             size_t key_len = strlen(key_ascii);
@@ -313,7 +318,7 @@ static int load_nodelist(const char *filename)
 
             snprintf(toxNodes.nodes[toxNodes.lines], sizeof(toxNodes.nodes[toxNodes.lines]), "%s", name);
             toxNodes.nodes[toxNodes.lines][NODELEN - 1] = 0;
-            toxNodes.ports[toxNodes.lines] = atoi(port);
+            toxNodes.ports[toxNodes.lines] = port;
 
             /* remove possible trailing newline from key string */
             char real_ascii_key[TOX_PUBLIC_KEY_SIZE * 2 + 1];
@@ -938,6 +943,7 @@ static void parse_args(int argc, char *argv[])
 
     const char *opts_str = "4bdehotuxc:f:n:r:p:P:T:";
     int opt, indexptr;
+    long int port = 0;
 
     while ((opt = getopt_long(argc, argv, opts_str, long_opts, &indexptr)) != -1) {
         switch (opt) {
@@ -1014,7 +1020,12 @@ static void parse_args(int argc, char *argv[])
                 if (++optind > argc || argv[optind-1][0] == '-')
                     exit_toxic_err("Proxy error", FATALERR_PROXY);
 
-                arg_opts.proxy_port = (uint16_t) atoi(argv[optind-1]);
+                port = strtol(argv[optind-1], NULL, 10);
+
+                if (port <= 0 || port > MAX_PORT_RANGE)
+                    exit_toxic_err("Proxy error", FATALERR_PROXY);
+
+                arg_opts.proxy_port = port;
                 break;
 
             case 'P':
@@ -1024,7 +1035,12 @@ static void parse_args(int argc, char *argv[])
                 if (++optind > argc || argv[optind-1][0] == '-')
                     exit_toxic_err("Proxy error", FATALERR_PROXY);
 
-                arg_opts.proxy_port = (uint16_t) atoi(argv[optind-1]);
+                port = strtol(argv[optind-1], NULL, 10);
+
+                if (port <= 0 || port > MAX_PORT_RANGE)
+                    exit_toxic_err("Proxy error", FATALERR_PROXY);
+
+                arg_opts.proxy_port = port;
                 break;
 
             case 'r':
@@ -1040,7 +1056,12 @@ static void parse_args(int argc, char *argv[])
                 break;
 
             case 'T':
-                arg_opts.tcp_port = (uint16_t) atoi(optarg);
+                port = strtol(optarg, NULL, 10);
+
+                if (port <= 0 || port > MAX_PORT_RANGE)
+                    port = 14191;
+
+                arg_opts.tcp_port = port;
                 break;
 
             case 'u':
diff --git a/src/toxic.h b/src/toxic.h
index 6129fab..67c8d85 100644
--- a/src/toxic.h
+++ b/src/toxic.h
@@ -49,6 +49,10 @@
 #define KEY_IDENT_DIGITS 3    /* number of hex digits to display for the pub-key based identifier */
 #define TIME_STR_SIZE 32
 
+#ifndef MAX_PORT_RANGE
+#define MAX_PORT_RANGE 65535
+#endif
+
 /* ASCII key codes */
 #define T_KEY_ESC        0x1B     /* ESC key */
 #define T_KEY_KILL       0x0B     /* ctrl-k */