Commit 8ef147bd authored by Chong Yidong's avatar Chong Yidong

(pop_stat, pop_last): Check validity of string-to-integer

conversion.  Mistakes spotted by Nico Golde.
parent 8bbd01a2
......@@ -352,6 +352,7 @@ pop_stat (server, count, size)
int *size;
{
char *fromserver;
char *end_ptr;
if (server->in_multi)
{
......@@ -377,7 +378,15 @@ pop_stat (server, count, size)
return (-1);
}
*count = atoi (&fromserver[4]);
errno = 0;
*count = strtol (&fromserver[4], &end_ptr, 10);
/* Check validity of string-to-integer conversion. */
if (fromserver[4] == 0 || *end_ptr != 0 || errno)
{
strcpy (pop_error, "Unexpected response from POP server in pop_stat");
pop_trash (server);
return (-1);
}
fromserver = index (&fromserver[4], ' ');
if (! fromserver)
......@@ -388,7 +397,14 @@ pop_stat (server, count, size)
return (-1);
}
*size = atoi (fromserver + 1);
errno = 0;
*size = strtol (fromserver + 1, &end_ptr, 10);
if (*(fromserver + 1) == 0 || *end_ptr != 0 || errno)
{
strcpy (pop_error, "Unexpected response from POP server in pop_stat");
pop_trash (server);
return (-1);
}
return (0);
}
......@@ -913,7 +929,17 @@ pop_last (server)
}
else
{
return (atoi (&fromserver[4]));
char *end_ptr;
int count;
errno = 0;
count = strtol (&fromserver[4], &end_ptr, 10);
if (fromserver[4] == 0 || *end_ptr != 0 || errno)
{
strcpy (pop_error, "Unexpected response from server in pop_last");
pop_trash (server);
return (-1);
}
return count;
}
}
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment