Module: kamailio Branch: master Commit: 0afc10d9b1b3f65b92d649d530b6363476b3d03b URL: https://github.com/kamailio/kamailio/commit/0afc10d9b1b3f65b92d649d530b6363… Author: Daniel-Constantin Mierla &lt;miconda(a)gmail.com&gt; Committer: Daniel-Constantin Mierla &lt;miconda(a)gmail.com&gt; Date: 2021-11-29T11:25:08+01:00 core: protect for unsigned int value overflow on string convert --- Modified: src/core/ut.h --- Diff: https://github.com/kamailio/kamailio/commit/0afc10d9b1b3f65b92d649d530b6363… Patch: https://github.com/kamailio/kamailio/commit/0afc10d9b1b3f65b92d649d530b6363… --- diff --git a/src/core/ut.h b/src/core/ut.h index 1dd0706f59..9b899a94e7 100644 --- a/src/core/ut.h +++ b/src/core/ut.h @@ -628,7 +628,7 @@ static inline void strlower(str* _s) } -#define str2unval(_s, _r) do { \ +#define str2unval(_s, _r, _vmax) do { \ int i; \ if (_r == NULL) return -1; \ *_r = 0; \ @@ -637,7 +637,13 @@ static inline void strlower(str* _s) if (_s->s == NULL) return -1; \ for(i = 0; i < _s->len; i++) { \ if ((_s->s[i] >= '0') && (_s->s[i] <= '9')) { \ + if(*_r > _vmax/10) { \ + return -1; \ + } \ *_r *= 10; \ + if(*_r > _vmax - (_s->s[i] - '0')) { \ + return -1; \ + } \ *_r += _s->s[i] - '0'; \ } else { \ return -1; \ @@ -651,7 +657,7 @@ static inline void strlower(str* _s) */ static inline int str2ulong(str* _s, unsigned long* _r) { - str2unval(_s, _r); + str2unval(_s, _r, ULONG_MAX); } /* @@ -659,7 +665,7 @@ static inline int str2ulong(str* _s, unsigned long* _r) */ static inline int str2int(str* _s, unsigned int* _r) { - str2unval(_s, _r); + str2unval(_s, _r, UINT_MAX); } #define str2snval(_s, _r, _vmin, _vmax) do { \