[SCM] Samba Shared Repository - branch v3-5-test updated
Karolin Seeger
kseeger at samba.org
Tue Aug 9 05:21:49 MDT 2011
The branch, v3-5-test has been updated
via 34b8765 s3:web/swat: use strtoll() instead of atoi/atol/atoll
from 921e87a WHATSNEW: Fix typo.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test
- Log -----------------------------------------------------------------
commit 34b8765d894f13490fab734ee91bd53e235d10e6
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Aug 5 19:48:38 2011 +0200
s3:web/swat: use strtoll() instead of atoi/atol/atoll
This is more portable, as we have a strtoll replacement
in lib/replace.
metze
Autobuild-User: Stefan Metzmacher <metze at samba.org>
Autobuild-Date: Sat Aug 6 11:55:45 CEST 2011 on sn-devel-104
(cherry picked from commit a6be0820d09b3f3eabfbb5f4356add303aa8a494)
Fix bug #8347 (CVE-2011-2522 regression for HP-UX, AIX and OSF).
-----------------------------------------------------------------------
Summary of changes:
source3/web/swat.c | 25 +++++++++++++++++++------
1 files changed, 19 insertions(+), 6 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/web/swat.c b/source3/web/swat.c
index 3a88986..3a09152 100644
--- a/source3/web/swat.c
+++ b/source3/web/swat.c
@@ -192,16 +192,29 @@ bool verify_xsrf_token(const char *formname)
const char *pass = cgi_user_pass();
const char *token = cgi_variable_nonull(XSRF_TOKEN);
const char *time_str = cgi_variable_nonull(XSRF_TIME);
+ char *p = NULL;
+ long long xsrf_time_ll = 0;
time_t xsrf_time = 0;
time_t now = time(NULL);
- if (sizeof(time_t) == sizeof(int)) {
- xsrf_time = atoi(time_str);
- } else if (sizeof(time_t) == sizeof(long)) {
- xsrf_time = atol(time_str);
- } else if (sizeof(time_t) == sizeof(long long)) {
- xsrf_time = atoll(time_str);
+ errno = 0;
+ xsrf_time_ll = strtoll(time_str, &p, 10);
+ if (errno != 0) {
+ return false;
+ }
+ if (p == NULL) {
+ return false;
+ }
+ if (PTR_DIFF(p, time_str) > strlen(time_str)) {
+ return false;
+ }
+ if (xsrf_time_ll > _TYPE_MAXIMUM(time_t)) {
+ return false;
+ }
+ if (xsrf_time_ll < _TYPE_MINIMUM(time_t)) {
+ return false;
}
+ xsrf_time = xsrf_time_ll;
if (abs(now - xsrf_time) > XSRF_TIMEOUT) {
return false;
--
Samba Shared Repository
More information about the samba-cvs
mailing list