Damien Miller wrote:

> this is a perfect case for strtonum

Thanks for the feedback. I have redone the three cases.

Here is a new diff with them changed as well in it. Took some time to
figure out what the min max should be preset at here, but now done.

Daniel

=======================

Index: src/include/httpd.h
================================================== =================
RCS file: /cvs/src/usr.sbin/httpd/src/include/httpd.h,v
retrieving revision 1.27
diff -u -r1.27 httpd.h
--- src/include/httpd.h 22 Feb 2006 15:07:12 -0000 1.27
+++ src/include/httpd.h 29 Mar 2006 09:38:47 -0000
@@ -1160,12 +1160,6 @@

API_EXPORT(extern const char *) ap_psignature(const char *prefix,
request_rec *r);

-/* strtoul does not exist on sunos4. */
-#ifdef strtoul
-#undef strtoul
-#endif
-#define strtoul strtoul_is_not_a_portable_function_use_strtol_inst ead
-
#ifdef __cplusplus
}
#endif
Index: src/main/http_core.c
================================================== =================
RCS file: /cvs/src/usr.sbin/httpd/src/main/http_core.c,v
retrieving revision 1.21
diff -u -r1.21 http_core.c
--- src/main/http_core.c 22 Feb 2006 15:07:12 -0000 1.21
+++ src/main/http_core.c 29 Mar 2006 09:38:48 -0000
@@ -58,6 +58,8 @@
* University of Illinois, Urbana-Champaign.
*/

+#include <stdlib.h>
+
#define CORE_PRIVATE
#include "httpd.h"
#include "http_config.h"
@@ -2394,7 +2396,8 @@
static const char *set_listener(cmd_parms *cmd, void *dummy, char *ips)
{
listen_rec *new;
- char *ports, *endptr;
+ const char *errstr;
+ char *ports;
long port;

const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY);
@@ -2424,14 +2427,9 @@
else {
new->local_addr.sin_addr.s_addr = ap_get_virthost_addr(ips, NULL);
}
- errno = 0; /* clear errno before calling strtol */
- port = ap_strtol(ports, &endptr, 10);
- if (errno /* some sort of error */
- || (endptr && *endptr) /* make sure no trailing characters */
- || port < 1 || port > 65535) /* underflow/overflow */
- {
+ port = strtonum(ports, 1, 65535, &errstr);
+ if (errstr)
return "Missing, invalid, or non-numeric port";
- }
new->local_addr.sin_port = htons((unsigned short)port);
new->fd = -1;
new->used = 0;
@@ -2720,17 +2718,22 @@
static const char *set_limit_req_body(cmd_parms *cmd, core_dir_config
*conf,
char *arg)
{
+ const char *errstr;
+ long long limit;
+
const char *err = ap_check_cmd_context(cmd, NOT_IN_LIMIT);
if (err != NULL) {
return err;
}

- /* WTF: If strtoul is not portable, then write a replacement.
- * Instead we have an idiotic define in httpd.h that prevents
- * it from being used even when it is available. Sheesh.
- */
- conf->limit_req_body = (unsigned long)ap_strtol(arg, (char **)NULL,
10);
- return NULL;
+ /* LimitRequestBody allow from 0 (unlimited) to 2147483647 (2GB) */
+ limit = strtonum(arg, 0, 2147483647, &errstr);
+ if (errstr)
+ return "Set LimitRequestBody directive exceeds limit";
+ else {
+ conf->limit_req_body = limit;
+ return NULL;
+ }
}


Index: src/main/http_protocol.c
================================================== =================
RCS file: /cvs/src/usr.sbin/httpd/src/main/http_protocol.c,v
retrieving revision 1.30
diff -u -r1.30 http_protocol.c
--- src/main/http_protocol.c 11 Feb 2006 19:15:57 -0000 1.30
+++ src/main/http_protocol.c 29 Mar 2006 09:38:48 -0000
@@ -64,6 +64,8 @@
* and the Apache Group.
*/

+#include <stdlib.h>
+
#define CORE_PRIVATE
#include "httpd.h"
#include "http_config.h"
@@ -155,7 +157,7 @@
}

if (ap_isdigit(*r->range))
- *start = ap_strtol(r->range, (char **)&r->range, 10);
+ *start = strtol(r->range, (char **)&r->range, 10);
else
*start = -1;

@@ -170,7 +172,7 @@
++r->range;

if (ap_isdigit(*r->range))
- *end = ap_strtol(r->range, (char **)&r->range, 10);
+ *end = strtol(r->range, (char **)&r->range, 10);
else
*end = -1;

@@ -1950,12 +1952,15 @@
r->remaining = 0;
}
else {
- char *endstr;
- errno = 0;
- r->remaining = ap_strtol(lenp, &endstr, 10);
- if (errno || (endstr && *endstr) || (r->remaining < 0)) {
- conversion_error = 1;
- }
+ const char *errstr;
+ long long limit;
+
+ /* Content-Length allow from 0 to 2147483647 (2GB) */
+ limit = strtonum(lenp, 0, 2147483647, &errstr);
+ if (errstr)
+ conversion_error = 1;
+ else
+ r->remaining = limit;
}

if (conversion_error) {
Index: src/main/util_uri.c
================================================== =================
RCS file: /cvs/src/usr.sbin/httpd/src/main/util_uri.c,v
retrieving revision 1.8
diff -u -r1.8 util_uri.c
--- src/main/util_uri.c 2 Dec 2004 19:42:47 -0000 1.8
+++ src/main/util_uri.c 29 Mar 2006 09:38:48 -0000
@@ -61,6 +61,8 @@
*
*/

+#include <stdlib.h>
+
#include "httpd.h"
#include "http_log.h"
#include "http_conf_globals.h" /* for user_id & group_id */
@@ -428,7 +430,7 @@
++s;
uptr->port_str = ap_pstrndup(p, s, uri - s);
if (uri != s) {
- port = ap_strtol(uptr->port_str, &endstr, 10);
+ port = strtol(uptr->port_str, &endstr, 10);
uptr->port = port;
if (*endstr == '\0') {
goto deal_with_path;
@@ -483,7 +485,7 @@
++s;
uptr->port_str = ap_pstrdup(p, s);
if (*s != '\0') {
- uptr->port = (unsigned short)ap_strtol(uptr->port_str, &endstr,
10);
+ uptr->port = (unsigned short)strtol(uptr->port_str, &endstr, 10);
if (*endstr == '\0') {
return HTTP_OK;
}
Index: src/modules/experimental/mod_auth_digest.c
================================================== =================
RCS file:
/cvs/src/usr.sbin/httpd/src/modules/experimental/mod_auth_digest.c,v
retrieving revision 1.19
diff -u -r1.19 mod_auth_digest.c
--- src/modules/experimental/mod_auth_digest.c 9 Feb 2005 12:13:10
-0000 1.19
+++ src/modules/experimental/mod_auth_digest.c 29 Mar 2006 09:38:49 -0000
@@ -131,6 +131,8 @@
* MODULE-DEFINITION-END
*/

+#include <stdlib.h>
+
#include "httpd.h"
#include "http_config.h"
#include "http_conf_globals.h"
@@ -375,7 +377,7 @@
char *endptr;
long lifetime;

- lifetime = ap_strtol(t, &endptr, 10);
+ lifetime = strtol(t, &endptr, 10);
if (endptr < (t+strlen(t)) && !ap_isspace(*endptr))
return ap_pstrcat(cmd->pool, "Invalid time in
AuthDigestNonceLifetime: ", t, NULL);

@@ -549,7 +551,7 @@
}

if (resp->opaque)
- resp->opaque_num = (unsigned long) ap_strtol(resp->opaque, NULL, 16);
+ resp->opaque_num = strtoul(resp->opaque, NULL, 16);

resp->auth_hdr_sts = VALID;
return OK;
@@ -888,7 +890,7 @@
if (!conf->check_nc || !client_mm)
return OK;

- nc = ap_strtol(snc, &endptr, 16);
+ nc = strtol(snc, &endptr, 16);
if (endptr < (snc+strlen(snc)) && !ap_isspace(*endptr)) {
ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
"Digest: invalid nc %s received - not a number", snc);
Index: src/modules/proxy/mod_proxy.c
================================================== =================
RCS file: /cvs/src/usr.sbin/httpd/src/modules/proxy/mod_proxy.c,v
retrieving revision 1.14
diff -u -r1.14 mod_proxy.c
--- src/modules/proxy/mod_proxy.c 9 Feb 2005 12:13:10 -0000 1.14
+++ src/modules/proxy/mod_proxy.c 29 Mar 2006 09:38:49 -0000
@@ -56,6 +56,8 @@
* University of Illinois, Urbana-Champaign.
*/

+#include <stdlib.h>
+
#include "mod_proxy.h"

#define CORE_PRIVATE
@@ -344,7 +346,9 @@

if (r->method_number == M_TRACE &&
(maxfwd_str = ap_table_get(r->headers_in, "Max-Forwards")) !=
NULL) {
- long maxfwd = ap_strtol(maxfwd_str, NULL, 10);
+ long maxfwd;
+
+ maxfwd = strtol(maxfwd_str, NULL, 10);
if (maxfwd < 1) {
int access_status;
r->proxyreq = NOT_PROXY;
Index: src/modules/proxy/proxy_cache.c
================================================== =================
RCS file: /cvs/src/usr.sbin/httpd/src/modules/proxy/proxy_cache.c,v
retrieving revision 1.18
diff -u -r1.18 proxy_cache.c
--- src/modules/proxy/proxy_cache.c 9 Feb 2005 12:13:10 -0000 1.18
+++ src/modules/proxy/proxy_cache.c 29 Mar 2006 09:38:49 -0000
@@ -58,6 +58,8 @@

/* Cache and garbage collection routines for Apache proxy */

+#include <stdlib.h>
+
#include "mod_proxy.h"
#include "http_conf_globals.h"
#include "http_log.h"
@@ -1411,7 +1413,7 @@
if (clen == NULL)
c->len = -1;
else
- c->len = ap_strtol(clen, NULL, 10);
+ c->len = strtol(clen, NULL, 10);

/* we have all the header information we need - write it to the cache
file */
c->version++;
@@ -1454,7 +1456,7 @@
const char *c_clen_str;
off_t c_clen;
if ( (c_clen_str = ap_table_get(c->hdrs,
"Content-Length")) &&
- ( (c_clen = ap_strtol(c_clen_str, NULL, 10)) > 0) ) {
+ ( (c_clen = strtol(c_clen_str, NULL, 10)) > 0) ) {
ap_table_set(resp_hdrs, "Content-Length",
c_clen_str);
c->len = c_clen;
ap_proxy_sec2hex(c->len, buff + 17 * (6),
Index: src/modules/proxy/proxy_http.c
================================================== =================
RCS file: /cvs/src/usr.sbin/httpd/src/modules/proxy/proxy_http.c,v
retrieving revision 1.16
diff -u -r1.16 proxy_http.c
--- src/modules/proxy/proxy_http.c 9 Feb 2005 12:13:10 -0000 1.16
+++ src/modules/proxy/proxy_http.c 29 Mar 2006 09:38:49 -0000
@@ -58,6 +58,8 @@

/* HTTP routines for Apache proxy */

+#include <stdlib.h>
+
#include "mod_proxy.h"
#include "http_log.h"
#include "http_main.h"
@@ -527,7 +529,7 @@

content_length = ap_table_get(resp_hdrs, "Content-Length");
if (content_length != NULL) {
- c->len = ap_strtol(content_length, NULL, 10);
+ c->len = strtol(content_length, NULL, 10);

if (c->len < 0) {
ap_kill_timeout(r);
Index: src/modules/proxy/proxy_util.c
================================================== =================
RCS file: /cvs/src/usr.sbin/httpd/src/modules/proxy/proxy_util.c,v
retrieving revision 1.15
diff -u -r1.15 proxy_util.c
--- src/modules/proxy/proxy_util.c 9 Feb 2005 12:13:10 -0000 1.15
+++ src/modules/proxy/proxy_util.c 29 Mar 2006 09:38:50 -0000
@@ -56,6 +56,8 @@
* University of Illinois, Urbana-Champaign.
*/

+#include <stdlib.h>
+
/* Utility routines for Apache proxy */
#include "mod_proxy.h"
#include "http_main.h"
@@ -984,7 +986,7 @@
if (!ap_isdigit(*addr))
return 0; /* no digit at start of quad */

- ip_addr[quads] = ap_strtol(addr, &tmp, 0);
+ ip_addr[quads] = strtol(addr, &tmp, 0);

if (tmp == addr) /* expected a digit, found something
else */
return 0;
@@ -1008,7 +1010,7 @@

++addr;

- bits = ap_strtol(addr, &tmp, 0);
+ bits = strtol(addr, &tmp, 0);

if (tmp == addr) /* expected a digit, found something
else */
return 0;
Index: src/modules/standard/mod_mime_magic.c
================================================== =================
RCS file: /cvs/src/usr.sbin/httpd/src/modules/standard/mod_mime_magic.c,v
retrieving revision 1.9
diff -u -r1.9 mod_mime_magic.c
--- src/modules/standard/mod_mime_magic.c 9 Feb 2005 12:13:10 -0000 1.9
+++ src/modules/standard/mod_mime_magic.c 29 Mar 2006 09:38:50 -0000
@@ -124,6 +124,8 @@
*
*/

+#include <stdlib.h>
+
#include "httpd.h"
#include "http_config.h"
#include "http_request.h"
@@ -1081,7 +1083,7 @@
}

/* get offset, then skip over it */
- m->offset = (int) ap_strtol(l, &t, 0);
+ m->offset = (int) strtol(l, &t, 0);
if (l == t) {
ap_log_error(APLOG_MARK, APLOG_NOERRNO | APLOG_ERR, serv,
MODNAME ": offset %s invalid", l);
@@ -1116,7 +1118,7 @@
if (*l == '+' || *l == '-')
l++;
if (ap_isdigit((unsigned char) *l)) {
- m->in.offset = ap_strtol(l, &t, 0);
+ m->in.offset = strtol(l, &t, 0);
if (*s == '-')
m->in.offset = -m->in.offset;
}
@@ -1204,7 +1206,7 @@
/* New-style anding: "0 byte&0x80 =0x80 dynamically linked" */
if (*l == '&') {
++l;
- m->mask = signextend(serv, m, ap_strtol(l, &l, 0));
+ m->mask = signextend(serv, m, strtol(l, &l, 0));
}
else
m->mask = ~0L;
@@ -1282,7 +1284,7 @@
m->vallen = slen;
}
else if (m->reln != 'x')
- m->value.l = signextend(s, m, ap_strtol(*p, p, 0));
+ m->value.l = signextend(s, m, strtol(*p, p, 0));
return 0;
}