upstream commit Avoid potential signed int overflow when parsing the file size. Use strtoul() instead of parsing manually. OK djm@ Upstream-ID: 1f82640861c7d905bbb05e7d935d46b0419ced02

commit: 91bd2181866659f00714903e78e1c3edd4c45f3d [log] [tgz]
author: millert@openbsd.org <millert@openbsd.org> Thu Apr 27 11:53:12 2017 +0000
committer: Damien Miller <djm@mindrot.org> Fri Apr 28 13:26:36 2017 +1000
tree: b6fe734af18bd400a140a94ed781a70af6404406
parent: 17a54a03f5a1d35e33cc24e22cd7a9d0f6865dc4 [diff]
diff --git a/scp.c b/scp.c
index b4db851..45541af 100644
--- a/scp.c
+++ b/scp.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: scp.c,v 1.187 2016/09/12 01:22:38 deraadt Exp $ */
+/* $OpenBSD: scp.c,v 1.188 2017/04/27 11:53:12 millert Exp $ */
 /*
  * scp - secure remote copy.  This is basically patched BSD rcp which
  * uses ssh to do the data transfer (instead of using rcmd).
@@ -1043,10 +1043,15 @@
 		if (*cp++ != ' ')
 			SCREWUP("mode not delimited");
 
-		for (size = 0; isdigit((unsigned char)*cp);)
-			size = size * 10 + (*cp++ - '0');
-		if (*cp++ != ' ')
+		if (!isdigit((unsigned char)*cp))
+			SCREWUP("size not present");
+		ull = strtoull(cp, &cp, 10);
+		if (!cp || *cp++ != ' ')
 			SCREWUP("size not delimited");
+		if ((off_t)ull < 0 || (unsigned long long)(off_t)ull != ull)
+			SCREWUP("size out of range");
+		size = (off_t)ull;
+
 		if ((strchr(cp, '/') != NULL) || (strcmp(cp, "..") == 0)) {
 			run_err("error: unexpected filename: %s", cp);
 			exit(1);
commit	91bd2181866659f00714903e78e1c3edd4c45f3d	[log] [tgz]
author	millert@openbsd.org <millert@openbsd.org>	Thu Apr 27 11:53:12 2017 +0000
committer	Damien Miller <djm@mindrot.org>	Fri Apr 28 13:26:36 2017 +1000
tree	b6fe734af18bd400a140a94ed781a70af6404406
parent	17a54a03f5a1d35e33cc24e22cd7a9d0f6865dc4 [diff]