1
0
mirror of https://github.com/Tha14/toxic.git synced 2024-11-23 02:23:02 +01:00

Replace instances of unsafe atoi function with safe counterpart

This commit is contained in:
Jfreegman 2015-09-02 19:41:21 -04:00
parent ffcc804efe
commit f295352495
No known key found for this signature in database
GPG Key ID: 3627F3144076AE63
4 changed files with 47 additions and 20 deletions

View File

@ -45,9 +45,9 @@ void cmd_cancelfile(WINDOW *window, ToxWindow *self, Tox *m, int argc, char (*ar
char msg[MAX_STR_SIZE]; char msg[MAX_STR_SIZE];
const char *inoutstr = argv[1]; const char *inoutstr = argv[1];
int idx = atoi(argv[2]); long int idx = strtol(argv[2], NULL, 10);
if (idx >= MAX_FILES || idx < 0) { if ((idx == 0 && strcmp(argv[2], "0")) || idx >= MAX_FILES || idx < 0) {
line_info_add(self, NULL, NULL, NULL, SYS_MSG, 0, 0, "Invalid file ID."); line_info_add(self, NULL, NULL, NULL, SYS_MSG, 0, 0, "Invalid file ID.");
return; return;
} }
@ -85,9 +85,9 @@ void cmd_groupinvite(WINDOW *window, ToxWindow *self, Tox *m, int argc, char (*a
return; return;
} }
int groupnum = atoi(argv[1]); long int groupnum = strtol(argv[1], NULL, 10);
if (groupnum == 0 && strcmp(argv[1], "0")) { /* atoi returns 0 value on invalid input */ if ((groupnum == 0 && strcmp(argv[1], "0")) || groupnum < 0 || groupnum == LONG_MAX) {
line_info_add(self, NULL, NULL, NULL, SYS_MSG, 0, 0, "Invalid group number."); line_info_add(self, NULL, NULL, NULL, SYS_MSG, 0, 0, "Invalid group number.");
return; return;
} }
@ -146,9 +146,9 @@ void cmd_savefile(WINDOW *window, ToxWindow *self, Tox *m, int argc, char (*argv
return; return;
} }
int idx = atoi(argv[1]); long int idx = strtol(argv[1], NULL, 10);
if ((idx == 0 && strcmp(argv[1], "0")) || idx >= MAX_FILES) { if ((idx == 0 && strcmp(argv[1], "0")) || idx < 0 || idx >= MAX_FILES) {
line_info_add(self, NULL, NULL, NULL, SYS_MSG, 0, 0, "No pending file transfers with that ID."); line_info_add(self, NULL, NULL, NULL, SYS_MSG, 0, 0, "No pending file transfers with that ID.");
return; return;
} }

View File

@ -50,9 +50,9 @@ void cmd_accept(WINDOW *window, ToxWindow *self, Tox *m, int argc, char (*argv)[
return; return;
} }
int req = atoi(argv[1]); long int req = strtol(argv[1], NULL, 10);
if ((req == 0 && strcmp(argv[1], "0")) || req < 0 || req > MAX_FRIEND_REQUESTS) { if ((req == 0 && strcmp(argv[1], "0")) || req < 0 || req >= MAX_FRIEND_REQUESTS) {
line_info_add(self, NULL, NULL, NULL, SYS_MSG, 0, 0, "No pending friend request with that ID."); line_info_add(self, NULL, NULL, NULL, SYS_MSG, 0, 0, "No pending friend request with that ID.");
return; return;
} }
@ -248,10 +248,12 @@ void cmd_connect(WINDOW *window, ToxWindow *self, Tox *m, int argc, char (*argv)
} }
const char *ip = argv[1]; const char *ip = argv[1];
const char *port = argv[2]; const char *port_str = argv[2];
const char *ascii_key = argv[3]; const char *ascii_key = argv[3];
if (atoi(port) == 0) { long int port = strtol(port_str, NULL, 10);
if (port <= 0 || port > MAX_PORT_RANGE) {
line_info_add(self, NULL, NULL, NULL, SYS_MSG, 0, 0, "Invalid port."); line_info_add(self, NULL, NULL, NULL, SYS_MSG, 0, 0, "Invalid port.");
return; return;
} }
@ -263,8 +265,8 @@ void cmd_connect(WINDOW *window, ToxWindow *self, Tox *m, int argc, char (*argv)
} }
TOX_ERR_BOOTSTRAP err; TOX_ERR_BOOTSTRAP err;
tox_bootstrap(m, ip, atoi(port), (uint8_t *) key_binary, &err); tox_bootstrap(m, ip, port, (uint8_t *) key_binary, &err);
tox_add_tcp_relay(m, ip, atoi(port), (uint8_t *) key_binary, &err); tox_add_tcp_relay(m, ip, port, (uint8_t *) key_binary, &err);
switch (err) { switch (err) {
case TOX_ERR_BOOTSTRAP_BAD_HOST: case TOX_ERR_BOOTSTRAP_BAD_HOST:
@ -290,9 +292,9 @@ void cmd_decline(WINDOW *window, ToxWindow *self, Tox *m, int argc, char (*argv)
return; return;
} }
int req = atoi(argv[1]); long int req = strtol(argv[1], NULL, 10);
if ((req == 0 && strcmp(argv[1], "0")) || req < 0 || req > MAX_FRIEND_REQUESTS) { if ((req == 0 && strcmp(argv[1], "0")) || req < 0 || req >= MAX_FRIEND_REQUESTS) {
line_info_add(self, NULL, NULL, NULL, SYS_MSG, 0, 0, "No pending friend request with that ID."); line_info_add(self, NULL, NULL, NULL, SYS_MSG, 0, 0, "No pending friend request with that ID.");
return; return;
} }

View File

@ -299,10 +299,15 @@ static int load_nodelist(const char *filename)
if (line_len >= MIN_NODE_LINE && line_len <= MAX_NODE_LINE) { if (line_len >= MIN_NODE_LINE && line_len <= MAX_NODE_LINE) {
const char *name = strtok(line, " "); const char *name = strtok(line, " ");
const char *port = strtok(NULL, " "); const char *port_str = strtok(NULL, " ");
const char *key_ascii = strtok(NULL, " "); const char *key_ascii = strtok(NULL, " ");
if (name == NULL || port == NULL || key_ascii == NULL) if (name == NULL || port_str == NULL || key_ascii == NULL)
continue;
long int port = strtol(port_str, NULL, 10);
if (port <= 0 || port > MAX_PORT_RANGE)
continue; continue;
size_t key_len = strlen(key_ascii); size_t key_len = strlen(key_ascii);
@ -313,7 +318,7 @@ static int load_nodelist(const char *filename)
snprintf(toxNodes.nodes[toxNodes.lines], sizeof(toxNodes.nodes[toxNodes.lines]), "%s", name); snprintf(toxNodes.nodes[toxNodes.lines], sizeof(toxNodes.nodes[toxNodes.lines]), "%s", name);
toxNodes.nodes[toxNodes.lines][NODELEN - 1] = 0; toxNodes.nodes[toxNodes.lines][NODELEN - 1] = 0;
toxNodes.ports[toxNodes.lines] = atoi(port); toxNodes.ports[toxNodes.lines] = port;
/* remove possible trailing newline from key string */ /* remove possible trailing newline from key string */
char real_ascii_key[TOX_PUBLIC_KEY_SIZE * 2 + 1]; char real_ascii_key[TOX_PUBLIC_KEY_SIZE * 2 + 1];
@ -938,6 +943,7 @@ static void parse_args(int argc, char *argv[])
const char *opts_str = "4bdehotuxc:f:n:r:p:P:T:"; const char *opts_str = "4bdehotuxc:f:n:r:p:P:T:";
int opt, indexptr; int opt, indexptr;
long int port = 0;
while ((opt = getopt_long(argc, argv, opts_str, long_opts, &indexptr)) != -1) { while ((opt = getopt_long(argc, argv, opts_str, long_opts, &indexptr)) != -1) {
switch (opt) { switch (opt) {
@ -1014,7 +1020,12 @@ static void parse_args(int argc, char *argv[])
if (++optind > argc || argv[optind-1][0] == '-') if (++optind > argc || argv[optind-1][0] == '-')
exit_toxic_err("Proxy error", FATALERR_PROXY); exit_toxic_err("Proxy error", FATALERR_PROXY);
arg_opts.proxy_port = (uint16_t) atoi(argv[optind-1]); port = strtol(argv[optind-1], NULL, 10);
if (port <= 0 || port > MAX_PORT_RANGE)
exit_toxic_err("Proxy error", FATALERR_PROXY);
arg_opts.proxy_port = port;
break; break;
case 'P': case 'P':
@ -1024,7 +1035,12 @@ static void parse_args(int argc, char *argv[])
if (++optind > argc || argv[optind-1][0] == '-') if (++optind > argc || argv[optind-1][0] == '-')
exit_toxic_err("Proxy error", FATALERR_PROXY); exit_toxic_err("Proxy error", FATALERR_PROXY);
arg_opts.proxy_port = (uint16_t) atoi(argv[optind-1]); port = strtol(argv[optind-1], NULL, 10);
if (port <= 0 || port > MAX_PORT_RANGE)
exit_toxic_err("Proxy error", FATALERR_PROXY);
arg_opts.proxy_port = port;
break; break;
case 'r': case 'r':
@ -1040,7 +1056,12 @@ static void parse_args(int argc, char *argv[])
break; break;
case 'T': case 'T':
arg_opts.tcp_port = (uint16_t) atoi(optarg); port = strtol(optarg, NULL, 10);
if (port <= 0 || port > MAX_PORT_RANGE)
port = 14191;
arg_opts.tcp_port = port;
break; break;
case 'u': case 'u':

View File

@ -49,6 +49,10 @@
#define KEY_IDENT_DIGITS 3 /* number of hex digits to display for the pub-key based identifier */ #define KEY_IDENT_DIGITS 3 /* number of hex digits to display for the pub-key based identifier */
#define TIME_STR_SIZE 32 #define TIME_STR_SIZE 32
#ifndef MAX_PORT_RANGE
#define MAX_PORT_RANGE 65535
#endif
/* ASCII key codes */ /* ASCII key codes */
#define T_KEY_ESC 0x1B /* ESC key */ #define T_KEY_ESC 0x1B /* ESC key */
#define T_KEY_KILL 0x0B /* ctrl-k */ #define T_KEY_KILL 0x0B /* ctrl-k */