Use of atoll() for CVE-2011-2522

Albert Chin samba-technical at mlists.thewrittenword.com
Thu Jul 28 03:37:03 MDT 2011


The patch for CVE-2011-2522 uses atoll():
        ...
+       if (sizeof(time_t) == sizeof(int)) {
+               xsrf_time = atoi(time_str);
+       } else if (sizeof(time_t) == sizeof(long)) {
+               xsrf_time = atol(time_str);
+       } else if (sizeof(time_t) == sizeof(long long)) {
+               xsrf_time = atoll(time_str);
+       }
        ...

HP-UX 11.00/PA, 11.11/PA, and 11.23/PA do not provide this function. I
think it is specific to C99. Does Samba now require a C99-compliant
system to compile?

-- 
albert chin (china at thewrittenword.com)


More information about the samba-technical mailing list