libcli: Use wrapper for string to integer conversion

In order to detect an value overflow error during
the string to integer conversion with strtoul/strtoull,
the errno variable must be set to zero before the execution and
checked after the conversion is performed. This is achieved by
using the wrapper function strtoul_err and strtoull_err.

Signed-off-by: Swen Schillig <swen@linux.ibm.com>
Reviewed-by: Ralph Böhme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

diff --git a/libcli/security/dom_sid.c b/libcli/security/dom_sid.c
index 2a0b60c3dd705c139f36be7bde98564ff6425c68..ca7fd874752f0a342bbe9c3b63bf0dcc2438a0af 100644 (file)
--- a/libcli/security/dom_sid.c
+++ b/libcli/security/dom_sid.c
@@ -24,6 +24,7 @@
 #include "lib/util/data_blob.h"
 #include "system/locale.h"
 #include "lib/util/debug.h"
+#include "lib/util/util.h"
 #include "librpc/gen_ndr/security.h"
 #include "dom_sid.h"
 
@@ -132,6 +133,7 @@ bool dom_sid_parse_endp(const char *sidstr,struct dom_sid *sidout,
        char *q;
        /* BIG NOTE: this function only does SIDS where the identauth is not >= 2^32 */
        uint64_t conv;
+       int error = 0;
 
        ZERO_STRUCTP(sidout);
 
@@ -146,8 +148,8 @@ bool dom_sid_parse_endp(const char *sidstr,struct dom_sid *sidout,
                goto format_error;
        }
 
-       conv = strtoul(p, &q, 10);
-       if (!q || (*q != '-') || conv > UINT8_MAX) {
+       conv = strtoul_err(p, &q, 10, &error);
+       if (!q || (*q != '-') || conv > UINT8_MAX || error != 0) {
                goto format_error;
        }
        sidout->sid_rev_num = (uint8_t) conv;
@@ -158,8 +160,8 @@ bool dom_sid_parse_endp(const char *sidstr,struct dom_sid *sidout,
        }
 
        /* get identauth */
-       conv = strtoull(q, &q, 0);
-       if (!q || conv & AUTHORITY_MASK) {
+       conv = strtoull_err(q, &q, 0, &error);
+       if (!q || conv & AUTHORITY_MASK || error != 0) {
                goto format_error;
        }
 
@@ -187,8 +189,8 @@ bool dom_sid_parse_endp(const char *sidstr,struct dom_sid *sidout,
                        goto format_error;
                }
 
-               conv = strtoull(q, &end, 10);
-               if (end == q || conv > UINT32_MAX) {
+               conv = strtoull_err(q, &end, 10, &error);
+               if (end == q || conv > UINT32_MAX || error != 0) {
                        goto format_error;
                }