Changeset 732 for branches/samba-3.5.x/source3/web

Timestamp:

Nov 12, 2012, 4:35:55 PM (13 years ago)

Author:

Silvan Scherrer

Message:

Samba Server 3.5: update branche to 3.5.12

File:

• branches/samba-3.5.x/source3/web/swat.c (modified) (2 diffs)

branches/samba-3.5.x/source3/web/swat.c

@@ -169 +169 @@
 
                 snprintf(tmp, sizeof(tmp), "%02x", token[i]);
-                strncat(token_str, tmp, sizeof(tmp));
+                strlcat(token_str, tmp, sizeof(tmp));
         }
 }
@@ -193 +193 @@
         const char *token = cgi_variable_nonull(XSRF_TOKEN);
         const char *time_str = cgi_variable_nonull(XSRF_TIME);
+        char *p = NULL;
+        long long xsrf_time_ll = 0;
         time_t xsrf_time = 0;
         time_t now = time(NULL);
 
-        if (sizeof(time_t) == sizeof(int)) {
-                xsrf_time = atoi(time_str);
-        } else if (sizeof(time_t) == sizeof(long)) {
-                xsrf_time = atol(time_str);
-        } else if (sizeof(time_t) == sizeof(long long)) {
-                xsrf_time = atoll(time_str);
-        }
+        errno = 0;
+        xsrf_time_ll = strtoll(time_str, &p, 10);
+        if (errno != 0) {
+                return false;
+        }
+        if (p == NULL) {
+                return false;
+        }
+        if (PTR_DIFF(p, time_str) > strlen(time_str)) {
+                return false;
+        }
+        if (xsrf_time_ll > _TYPE_MAXIMUM(time_t)) {
+                return false;
+        }
+        if (xsrf_time_ll < _TYPE_MINIMUM(time_t)) {
+                return false;
+        }
+        xsrf_time = xsrf_time_ll;
 
         if (abs(now - xsrf_time) > XSRF_TIMEOUT) {