Use of atoll() for CVE-2011-2522
Stefan (metze) Metzmacher
metze at samba.org
Tue Aug 9 00:40:35 MDT 2011
Am 09.08.2011 02:28, schrieb Albert Chin:
> On Fri, Jul 29, 2011 at 08:18:46AM +0200, Kai Blin wrote:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> On 2011-07-28 11:37, Albert Chin wrote:
>>> The patch for CVE-2011-2522 uses atoll():
>>> ...
>>> + if (sizeof(time_t) == sizeof(int)) {
>>> + xsrf_time = atoi(time_str);
>>> + } else if (sizeof(time_t) == sizeof(long)) {
>>> + xsrf_time = atol(time_str);
>>> + } else if (sizeof(time_t) == sizeof(long long)) {
>>> + xsrf_time = atoll(time_str);
>>> + }
>>> ...
>>>
>>> HP-UX 11.00/PA, 11.11/PA, and 11.23/PA do not provide this function. I
>>> think it is specific to C99. Does Samba now require a C99-compliant
>>> system to compile?
>>
>> So, seeing how HP-UX doesn't have atoll and strtoll, how do you convert
>> a string to a long long on that platform? And what's the size of time_t
>> on HP-UX? I take we can use strtoimax for our libreplace implementation
>> of atoll?
>
> Well, on this platform, sizeof(time_t) != sizeof(long long) so the
> easiest fix is to wrap this in #ifdef HAVE_ATOLL:
> #ifdef HAVE_ATOLL
> } else if (sizeof(time_t) == sizeof(long long)) {
> xsrf_time = atoll(time_str);
> #endif
In master we have this
http://gitweb.samba.org/?p=samba.git;a=commitdiff;h=a6be0820d09b3f3eabfbb5f4356add303aa8a494
See also https://bugzilla.samba.org/show_bug.cgi?id=8347
metze
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 262 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20110809/92ee037d/attachment.pgp>
More information about the samba-technical
mailing list