The following commit has been merged in the master branch: commit 157d6447eee0da5e2e393e205dcdd0bcab404c30 Author: Guillem Jover <guil...@debian.org> Date: Sat Apr 28 18:33:08 2012 +0200
Check parsed integers for invalid or no digit errors Verify that the string is not empty or does not contain trailing junk. diff --git a/debian/changelog b/debian/changelog index bc9808a..1dbd2bd 100644 --- a/debian/changelog +++ b/debian/changelog @@ -22,6 +22,8 @@ dpkg (1.16.4) UNRELEASED; urgency=low * Remove obsolete --udeb dpkg-scanpackages option. * Add arm64 support to cputable. Closes: #672408 Thanks Wookey <woo...@wookware.org>. + * Check parsed integers for invalid or no digit errors in start-stop-daemon + and update-alternatives. [ Updated man page translations ] * German (Helge Kreutzmann). diff --git a/utils/start-stop-daemon.c b/utils/start-stop-daemon.c index 48f2f1b..be486fd 100644 --- a/utils/start-stop-daemon.c +++ b/utils/start-stop-daemon.c @@ -564,12 +564,14 @@ parse_signal(const char *sig_str, int *sig_num) static int parse_umask(const char *string, int *value_r) { + char *endptr; + if (!string[0]) return -1; errno = 0; - *value_r = strtoul(string, NULL, 0); - if (errno) + *value_r = strtoul(string, &endptr, 0); + if (string == endptr || *endptr != '\0' || errno != 0) return -1; else return 0; diff --git a/utils/update-alternatives.c b/utils/update-alternatives.c index 74feed3..d83fff3 100644 --- a/utils/update-alternatives.c +++ b/utils/update-alternatives.c @@ -1229,7 +1229,7 @@ alternative_parse_fileset(struct alternative *a, struct altdb_context *ctx) prio_str = altdb_get_line(ctx, _("priority")); prio = strtol(prio_str, &prio_end, 10); /* XXX: Leak master_file/prio_str on non-fatal error */ - if (*prio_end != '\0') + if (prio_str == prio_end || *prio_end != '\0') ctx->bad_format(ctx, _("priority of %s: %s"), master_file, prio_str); fs = fileset_new(master_file, prio); @@ -2467,7 +2467,7 @@ main(int argc, char **argv) if (strcmp(argv[i+1], argv[i+3]) == 0) badusage(_("<link> and <path> can't be the same")); prio = strtol(prio_str, &prio_end, 10); - if (*prio_end != '\0') + if (prio_str == prio_end || *prio_end != '\0') badusage(_("priority must be an integer")); a = alternative_new(argv[i + 2]); -- dpkg's main repository -- To UNSUBSCRIBE, email to debian-dpkg-cvs-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org