[SCM] Samba Shared Repository - branch v3-4-test updated

Karolin Seeger kseeger at samba.org
Tue Aug 9 05:22:57 MDT 2011 

The branch, v3-4-test has been updated
       via  ac5d8c0 s3:web/swat: use strtoll() instead of atoi/atol/atoll
      from  6165a76 WHATSNEW: Start release notes for 3.4.15.

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-4-test


- Log -----------------------------------------------------------------
commit ac5d8c0148e10a3a0af9e1dc0849bb6920c26ad7
Author: Stefan Metzmacher <metze at samba.org>
Date:   Fri Aug 5 19:48:38 2011 +0200

    s3:web/swat: use strtoll() instead of atoi/atol/atoll
    
    This is more portable, as we have a strtoll replacement
    in lib/replace.
    
    metze
    
    Autobuild-User: Stefan Metzmacher <metze at samba.org>
    Autobuild-Date: Sat Aug  6 11:55:45 CEST 2011 on sn-devel-104
    (cherry picked from commit a6be0820d09b3f3eabfbb5f4356add303aa8a494)
    
    Fix bug #8347 (CVE-2011-2522 regression for HP-UX, AIX and OSF).

-----------------------------------------------------------------------

Summary of changes:
 source3/web/swat.c |   25 +++++++++++++++++++------
 1 files changed, 19 insertions(+), 6 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/web/swat.c b/source3/web/swat.c
index b358956..85bc6bc 100644
--- a/source3/web/swat.c
+++ b/source3/web/swat.c
@@ -192,16 +192,29 @@ bool verify_xsrf_token(const char *formname)
 	const char *pass = cgi_user_pass();
 	const char *token = cgi_variable_nonull(XSRF_TOKEN);
 	const char *time_str = cgi_variable_nonull(XSRF_TIME);
+	char *p = NULL;
+	long long xsrf_time_ll = 0;
 	time_t xsrf_time = 0;
 	time_t now = time(NULL);
 
-	if (sizeof(time_t) == sizeof(int)) {
-		xsrf_time = atoi(time_str);
-	} else if (sizeof(time_t) == sizeof(long)) {
-		xsrf_time = atol(time_str);
-	} else if (sizeof(time_t) == sizeof(long long)) {
-		xsrf_time = atoll(time_str);
+	errno = 0;
+	xsrf_time_ll = strtoll(time_str, &p, 10);
+	if (errno != 0) {
+		return false;
+	}
+	if (p == NULL) {
+		return false;
+	}
+	if (PTR_DIFF(p, time_str) > strlen(time_str)) {
+		return false;
+	}
+	if (xsrf_time_ll > _TYPE_MAXIMUM(time_t)) {
+		return false;
+	}
+	if (xsrf_time_ll < _TYPE_MINIMUM(time_t)) {
+		return false;
 	}
+	xsrf_time = xsrf_time_ll;
 
 	if (abs(now - xsrf_time) > XSRF_TIMEOUT) {
 		return false;


-- 
Samba Shared Repository

More information about the samba-cvs mailing list