On Wed, Sep 24, 2014 at 10:31:17PM +0200, Otto Moerbeek wrote:
Hi,
> On Wed, Sep 24, 2014 at 05:13:47PM +0200, Fritjof Bornebusch wrote:
>
> > Hi,
> >
> > I changed atoi to strtonum in order to avoid overflows.
>
> One concern: atoi() does not mind trailing stuff, while strtonum()
> does. Did you verify that the strings are just numbers in all cases?
>
according to the code and the manpages there are two different methods
available to specify the timezone.
- "LT"
- +-hh:mm
"LT" is handled seperatly and the code below - atoi(3) - only converts the hour
and
minute string values after seperation into int, e.g. "+09:88" -> h = 09; m = 88.
The + or - sign will be handled in a different part of the code.
I think this diff won't change functionality.
> -Otto
>
fritjof
> >
> > fritjof
> >
> >
> >
> > Index: rcstime.c
> > ===================================================================
> > RCS file: /cvs/src/usr.bin/rcs/rcstime.c,v
> > retrieving revision 1.4
> > diff -u -p -r1.4 rcstime.c
> > --- rcstime.c 29 Apr 2014 07:44:19 -0000 1.4
> > +++ rcstime.c 24 Sep 2014 15:06:42 -0000
> > @@ -36,6 +36,7 @@ rcs_set_tz(char *tz, struct rcs_delta *r
> > int tzone;
> > int pos;
> > char *h, *m;
> > + const char *errstr;
> > struct tm *ltb;
> > time_t now;
> >
> > @@ -62,8 +63,8 @@ rcs_set_tz(char *tz, struct rcs_delta *r
> >
> > memcpy(tb, &rdp->rd_date, sizeof(*tb));
> >
> > - tzone = atoi(h);
> > - if ((tzone >= 24) || (tzone <= -24))
> > + tzone = strtonum(h, -23, 23, &errstr);
> > + if (errstr)
> > errx(1, "%s: not a known time zone", tz);
> >
> > if (pos) {
> > @@ -78,9 +79,9 @@ rcs_set_tz(char *tz, struct rcs_delta *r
> > tb->tm_hour = 0;
> >
> > if (m != NULL) {
> > - tzone = atoi(m);
> > - if (tzone >= 60)
> > - errx(1, "%s: not a known time zone", tz);
> > + tzone = strtonum(m, 0, 59, &errstr);
> > + if (errstr)
> > + errx(1, "%s: not a known minute", m);
> >
> > if ((tb->tm_min + tzone) >= 60) {
> > tb->tm_hour++;
