On Thu, Nov 14, 2013 at 4:11 PM, Mike Rumph <[email protected]> wrote:
> The man page for strtol() indicate that the function can set errno to > ERANGE (EINVAL is also possible for some environments). > But for the errno check to be valid errno should be set to 0 before the > function call. > - http://linux.die.net/man/3/strtol > > I've reviewed all cases of calls to strtol() in httpd and APR code. > In some cases no validation is performed after the call. > In most cases endptr (the second parameter) is checked against the > beginning and/or ending of the string which does not guarantee against > numeric overflow. > In some cases errno is checked for ERANGE. > > I've attached a patch for the simplest case, where errno is checked but > was not set to 0 before the call. > committed to trunk as r1542338; I'll propose for backport to the 2.4.x branch > > I will consider working up a more extensive patch, if it is desired. > I suggest posting a couple of examples of what you found first. > > BTW, this discussion is not purely theoretical. > Erroneous "Invalid ThreadStackSize value: " messages have been witnessed > in HP-UX environments. > > Thanks, > > Mike Rumph > -- Born in Roswell... married an alien... http://emptyhammock.com/
