quark

quark web server
git clone git://git.suckless.org/quark
Log | Files | Refs | LICENSE

commit 7f391b613419d6addf710392fa1ce64950f83f78
parent c0a2c5de0a6a88445c09e1e974899f6b8fb3c73e
Author: Laslo Hunhold <dev@frign.de>
Date:   Tue,  4 Jul 2017 22:21:36 +0200

Import strtonum() and get rid of atoi()

Diffstat:
quark.c | 71++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++---
1 file changed, 68 insertions(+), 3 deletions(-)

diff --git a/quark.c b/quark.c @@ -95,6 +95,8 @@ static char *status_str[] = { [S_VERSION_NOT_SUPPORTED] = "HTTP Version not supported", }; +long long strtonum(const char *, long long, long long, const char **); + static char * timestamp(time_t t, char buf[TIMESTAMP_LEN]) { @@ -546,6 +548,7 @@ sendresponse(int fd, struct request *r) off_t lower, upper; static char realtarget[PATH_MAX], tmptarget[PATH_MAX], t[TIMESTAMP_LEN]; char *p, *q, *mime; + const char *err; /* normalize target */ memcpy(realtarget, r->target, sizeof(realtarget)); @@ -659,10 +662,13 @@ sendresponse(int fd, struct request *r) } *(q++) = '\0'; if (p[0]) { - lower = atoi(p); + lower = strtonum(p, 0, LLONG_MAX, &err); + } + if (!err && q[0]) { + upper = strtonum(q, 0, LLONG_MAX, &err); } - if (q[0]) { - upper = atoi(q); + if (err) { + return sendstatus(fd, S_BAD_REQUEST); } /* check range */ @@ -967,3 +973,62 @@ main(int argc, char *argv[]) return 0; } + +/* + * Copyright (c) 2004 Ted Unangst and Todd Miller + * All rights reserved. + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ +#define INVALID 1 +#define TOOSMALL 2 +#define TOOLARGE 3 + +long long +strtonum(const char *numstr, long long minval, long long maxval, + const char **errstrp) +{ + long long ll = 0; + int error = 0; + char *ep; + struct errval { + const char *errstr; + int err; + } ev[4] = { + { NULL, 0 }, + { "invalid", EINVAL }, + { "too small", ERANGE }, + { "too large", ERANGE }, + }; + + ev[0].err = errno; + errno = 0; + if (minval > maxval) { + error = INVALID; + } else { + ll = strtoll(numstr, &ep, 10); + if (numstr == ep || *ep != '\0') + error = INVALID; + else if ((ll == LLONG_MIN && errno == ERANGE) || ll < minval) + error = TOOSMALL; + else if ((ll == LLONG_MAX && errno == ERANGE) || ll > maxval) + error = TOOLARGE; + } + if (errstrp != NULL) + *errstrp = ev[error].errstr; + errno = ev[error].err; + if (error) + ll = 0; + + return (ll); +}