From 9b344628ed8f15543dc7780cc2a5cdd1b8f656cf Mon Sep 17 00:00:00 2001
From: Nick Mathewson <nickm@torproject.org>
Date: Mon, 7 May 2012 12:25:59 -0400
Subject: Handle out-of-range values in tor_parse_* integer functions

The underlying strtoX functions handle overflow by saturating and
setting errno to ERANGE.  If the min/max arguments to the
tor_parse_* functions are equal to the minimum/maximum of the
underlying type, then with the old approach, we wouldn't treat a
too-large value as genuinely broken.

Found this while looking at bug 5786; bugfix on 19da1f36 (in Tor
0.0.9), which introduced these functions.
---
 src/test/test_util.c | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

(limited to 'src/test/test_util.c')

diff --git a/src/test/test_util.c b/src/test/test_util.c
index 23cd059cf..ee745c5cf 100644
--- a/src/test/test_util.c
+++ b/src/test/test_util.c
@@ -283,6 +283,21 @@ test_util_strmisc(void)
   test_assert(i == 1);
   }
 
+  {
+    /* Test tor_parse_* where we overflow/underflow the underlying type. */
+    /* This string should overflow 64-bit ints. */
+#define TOOBIG "100000000000000000000000000"
+    test_eq(0L, tor_parse_long(TOOBIG, 10, LONG_MIN, LONG_MAX, &i, NULL));
+    test_eq(i, 0);
+    test_eq(0L, tor_parse_long("-"TOOBIG, 10, LONG_MIN, LONG_MAX, &i, NULL));
+    test_eq(i, 0);
+    test_eq(0UL, tor_parse_ulong(TOOBIG, 10, 0, ULONG_MAX, &i, NULL));
+    test_eq(i, 0);
+    test_eq(U64_LITERAL(0), tor_parse_uint64(TOOBIG, 10,
+                                             0, UINT64_MAX, &i, NULL));
+    test_eq(i, 0);
+  }
+
   /* Test failing snprintf cases */
   test_eq(-1, tor_snprintf(buf, 0, "Foo"));
   test_eq(-1, tor_snprintf(buf, 2, "Foo"));
-- 
cgit v1.2.3