On Wed, Sep 24, 2014 at 05:13:47PM +0200, Fritjof Bornebusch wrote:
> Hi,
>
> I changed atoi to strtonum in order to avoid overflows.
One concern: atoi() does not mind trailing stuff, while strtonum()
does. Did you verify that the strings are just numbers in all cases?
-Otto
>
> fritjof
>
>
>
> Index: rcstime.c
> ===================================================================
> RCS file: /cvs/src/usr.bin/rcs/rcstime.c,v
> retrieving revision 1.4
> diff -u -p -r1.4 rcstime.c
> --- rcstime.c 29 Apr 2014 07:44:19 -0000 1.4
> +++ rcstime.c 24 Sep 2014 15:06:42 -0000
> @@ -36,6 +36,7 @@ rcs_set_tz(char *tz, struct rcs_delta *r
> int tzone;
> int pos;
> char *h, *m;
> + const char *errstr;
> struct tm *ltb;
> time_t now;
>
> @@ -62,8 +63,8 @@ rcs_set_tz(char *tz, struct rcs_delta *r
>
> memcpy(tb, &rdp->rd_date, sizeof(*tb));
>
> - tzone = atoi(h);
> - if ((tzone >= 24) || (tzone <= -24))
> + tzone = strtonum(h, -23, 23, &errstr);
> + if (errstr)
> errx(1, "%s: not a known time zone", tz);
>
> if (pos) {
> @@ -78,9 +79,9 @@ rcs_set_tz(char *tz, struct rcs_delta *r
> tb->tm_hour = 0;
>
> if (m != NULL) {
> - tzone = atoi(m);
> - if (tzone >= 60)
> - errx(1, "%s: not a known time zone", tz);
> + tzone = strtonum(m, 0, 59, &errstr);
> + if (errstr)
> + errx(1, "%s: not a known minute", m);
>
> if ((tb->tm_min + tzone) >= 60) {
> tb->tm_hour++;
