summaryrefslogtreecommitdiff
path: root/src/lib
diff options
context:
space:
mode:
authorderaadt <>2014-06-28 04:39:41 +0000
committerderaadt <>2014-06-28 04:39:41 +0000
commit1e94c781aba61051bf4622c65daecc191f428832 (patch)
tree8bb886e6386c82c31a43433de0a3c1979626d2a9 /src/lib
parent0fdd71f98152d655a9c157458a202cbb03b019c9 (diff)
downloadopenbsd-1e94c781aba61051bf4622c65daecc191f428832.tar.gz
openbsd-1e94c781aba61051bf4622c65daecc191f428832.tar.bz2
openbsd-1e94c781aba61051bf4622c65daecc191f428832.zip
Use strtonum() instead of atoi(), and then impose what are we think
are the current range checks. Help from millert and lteo. Please test now that it is deployed and let us know if any numbers are off.. ok lteo
Diffstat (limited to 'src/lib')
-rw-r--r--src/lib/libssl/src/apps/apps.c25
-rw-r--r--src/lib/libssl/src/apps/asn1pars.c25
-rw-r--r--src/lib/libssl/src/apps/ca.c26
-rw-r--r--src/lib/libssl/src/apps/dsaparam.c7
-rw-r--r--src/lib/libssl/src/apps/ocsp.c53
-rw-r--r--src/lib/libssl/src/apps/prime.c30
-rw-r--r--src/lib/libssl/src/apps/req.c26
-rw-r--r--src/lib/libssl/src/apps/s_client.c24
-rw-r--r--src/lib/libssl/src/apps/s_server.c30
-rw-r--r--src/lib/libssl/src/apps/s_socket.c9
-rw-r--r--src/lib/libssl/src/apps/s_time.c13
-rw-r--r--src/lib/libssl/src/apps/speed.c29
-rw-r--r--src/lib/libssl/src/apps/x509.c16
13 files changed, 211 insertions, 102 deletions
diff --git a/src/lib/libssl/src/apps/apps.c b/src/lib/libssl/src/apps/apps.c
index ea416366ee..66d82025fb 100644
--- a/src/lib/libssl/src/apps/apps.c
+++ b/src/lib/libssl/src/apps/apps.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: apps.c,v 1.59 2014/06/12 15:49:27 deraadt Exp $ */ 1/* $OpenBSD: apps.c,v 1.60 2014/06/28 04:39:41 deraadt Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -117,6 +117,7 @@
117#include <errno.h> 117#include <errno.h>
118#include <stdio.h> 118#include <stdio.h>
119#include <stdlib.h> 119#include <stdlib.h>
120#include <limits.h>
120#include <string.h> 121#include <string.h>
121#include <strings.h> 122#include <strings.h>
122#include <unistd.h> 123#include <unistd.h>
@@ -469,6 +470,7 @@ app_get_pass(BIO *err, char *arg, int keepbio)
469{ 470{
470 char *tmp, tpass[APP_PASS_LEN]; 471 char *tmp, tpass[APP_PASS_LEN];
471 static BIO *pwdbio = NULL; 472 static BIO *pwdbio = NULL;
473 const char *errstr = NULL;
472 int i; 474 int i;
473 475
474 if (!strncmp(arg, "pass:", 5)) 476 if (!strncmp(arg, "pass:", 5))
@@ -492,10 +494,15 @@ app_get_pass(BIO *err, char *arg, int keepbio)
492 } 494 }
493 } else if (!strncmp(arg, "fd:", 3)) { 495 } else if (!strncmp(arg, "fd:", 3)) {
494 BIO *btmp; 496 BIO *btmp;
495 i = atoi(arg + 3); 497 i = strtonum(arg + 3, 1, INT_MAX, &errstr);
496 if (i >= 0) 498 if (errstr) {
497 pwdbio = BIO_new_fd(i, BIO_NOCLOSE); 499 BIO_printf(err,
498 if ((i < 0) || !pwdbio) { 500 "Invalid file descriptor %s: %s\n",
501 arg, errstr);
502 return NULL;
503 }
504 pwdbio = BIO_new_fd(i, BIO_NOCLOSE);
505 if (!pwdbio) {
499 BIO_printf(err, 506 BIO_printf(err,
500 "Can't access file descriptor %s\n", 507 "Can't access file descriptor %s\n",
501 arg + 3); 508 arg + 3);
@@ -1969,6 +1976,7 @@ args_verify(char ***pargs, int *pargc, int *badarg, BIO *err,
1969 char **oldargs = *pargs; 1976 char **oldargs = *pargs;
1970 char *arg = **pargs, *argn = (*pargs)[1]; 1977 char *arg = **pargs, *argn = (*pargs)[1];
1971 time_t at_time = 0; 1978 time_t at_time = 0;
1979 const char *errstr = NULL;
1972 1980
1973 if (!strcmp(arg, "-policy")) { 1981 if (!strcmp(arg, "-policy")) {
1974 if (!argn) 1982 if (!argn)
@@ -2001,9 +2009,10 @@ args_verify(char ***pargs, int *pargc, int *badarg, BIO *err,
2001 if (!argn) 2009 if (!argn)
2002 *badarg = 1; 2010 *badarg = 1;
2003 else { 2011 else {
2004 depth = atoi(argn); 2012 depth = strtonum(argn, 1, INT_MAX, &errstr);
2005 if (depth < 0) { 2013 if (errstr) {
2006 BIO_printf(err, "invalid depth\n"); 2014 BIO_printf(err, "invalid depth %s: %s\n",
2015 argn, errstr);
2007 *badarg = 1; 2016 *badarg = 1;
2008 } 2017 }
2009 } 2018 }
diff --git a/src/lib/libssl/src/apps/asn1pars.c b/src/lib/libssl/src/apps/asn1pars.c
index dc8a66338d..e805e3428d 100644
--- a/src/lib/libssl/src/apps/asn1pars.c
+++ b/src/lib/libssl/src/apps/asn1pars.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: asn1pars.c,v 1.24 2014/06/12 15:49:27 deraadt Exp $ */ 1/* $OpenBSD: asn1pars.c,v 1.25 2014/06/28 04:39:41 deraadt Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -62,6 +62,7 @@
62 62
63#include <stdio.h> 63#include <stdio.h>
64#include <stdlib.h> 64#include <stdlib.h>
65#include <limits.h>
65#include <string.h> 66#include <string.h>
66 67
67#include "apps.h" 68#include "apps.h"
@@ -93,6 +94,7 @@ asn1parse_main(int argc, char **argv)
93 int informat, indent = 0, noout = 0, dump = 0; 94 int informat, indent = 0, noout = 0, dump = 0;
94 char *infile = NULL, *str = NULL, *prog, *oidfile = NULL, *derfile = NULL; 95 char *infile = NULL, *str = NULL, *prog, *oidfile = NULL, *derfile = NULL;
95 char *genstr = NULL, *genconf = NULL; 96 char *genstr = NULL, *genconf = NULL;
97 const char *errstr = NULL;
96 unsigned char *tmpbuf; 98 unsigned char *tmpbuf;
97 const unsigned char *ctmpbuf; 99 const unsigned char *ctmpbuf;
98 BUF_MEM *buf = NULL; 100 BUF_MEM *buf = NULL;
@@ -135,20 +137,22 @@ asn1parse_main(int argc, char **argv)
135 } else if (strcmp(*argv, "-offset") == 0) { 137 } else if (strcmp(*argv, "-offset") == 0) {
136 if (--argc < 1) 138 if (--argc < 1)
137 goto bad; 139 goto bad;
138 offset = atoi(*(++argv)); 140 offset = strtonum(*(++argv), 0, INT_MAX, &errstr);
141 if (errstr)
142 goto bad;
139 } else if (strcmp(*argv, "-length") == 0) { 143 } else if (strcmp(*argv, "-length") == 0) {
140 if (--argc < 1) 144 if (--argc < 1)
141 goto bad; 145 goto bad;
142 length = atoi(*(++argv)); 146 length = strtonum(*(++argv), 1, UINT_MAX, &errstr);
143 if (length == 0) 147 if (errstr)
144 goto bad; 148 goto bad;
145 } else if (strcmp(*argv, "-dump") == 0) { 149 } else if (strcmp(*argv, "-dump") == 0) {
146 dump = -1; 150 dump = -1;
147 } else if (strcmp(*argv, "-dlimit") == 0) { 151 } else if (strcmp(*argv, "-dlimit") == 0) {
148 if (--argc < 1) 152 if (--argc < 1)
149 goto bad; 153 goto bad;
150 dump = atoi(*(++argv)); 154 dump = strtonum(*(++argv), 1, INT_MAX, &errstr);
151 if (dump <= 0) 155 if (errstr)
152 goto bad; 156 goto bad;
153 } else if (strcmp(*argv, "-strparse") == 0) { 157 } else if (strcmp(*argv, "-strparse") == 0) {
154 if (--argc < 1) 158 if (--argc < 1)
@@ -269,11 +273,12 @@ bad:
269 for (i = 0; i < sk_OPENSSL_STRING_num(osk); i++) { 273 for (i = 0; i < sk_OPENSSL_STRING_num(osk); i++) {
270 ASN1_TYPE *atmp; 274 ASN1_TYPE *atmp;
271 int typ; 275 int typ;
272 j = atoi(sk_OPENSSL_STRING_value(osk, i)); 276 j = strtonum(sk_OPENSSL_STRING_value(osk, i),
273 if (j == 0) { 277 1, INT_MAX, &errstr);
278 if (errstr) {
274 BIO_printf(bio_err, 279 BIO_printf(bio_err,
275 "'%s' is an invalid number\n", 280 "'%s' is an invalid number: %s\n",
276 sk_OPENSSL_STRING_value(osk, i)); 281 sk_OPENSSL_STRING_value(osk, i), errstr);
277 continue; 282 continue;
278 } 283 }
279 tmpbuf += j; 284 tmpbuf += j;
diff --git a/src/lib/libssl/src/apps/ca.c b/src/lib/libssl/src/apps/ca.c
index 7de32c5daf..2192d91876 100644
--- a/src/lib/libssl/src/apps/ca.c
+++ b/src/lib/libssl/src/apps/ca.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ca.c,v 1.59 2014/06/12 15:49:27 deraadt Exp $ */ 1/* $OpenBSD: ca.c,v 1.60 2014/06/28 04:39:41 deraadt Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -63,6 +63,7 @@
63#include <ctype.h> 63#include <ctype.h>
64#include <stdio.h> 64#include <stdio.h>
65#include <stdlib.h> 65#include <stdlib.h>
66#include <limits.h>
66#include <string.h> 67#include <string.h>
67#include <unistd.h> 68#include <unistd.h>
68 69
@@ -296,6 +297,7 @@ ca_main(int argc, char **argv)
296 char *engine = NULL; 297 char *engine = NULL;
297#endif 298#endif
298 char *tofree = NULL; 299 char *tofree = NULL;
300 const char *errstr = NULL;
299 DB_ATTR db_attr; 301 DB_ATTR db_attr;
300 302
301 conf = NULL; 303 conf = NULL;
@@ -340,7 +342,9 @@ ca_main(int argc, char **argv)
340 } else if (strcmp(*argv, "-days") == 0) { 342 } else if (strcmp(*argv, "-days") == 0) {
341 if (--argc < 1) 343 if (--argc < 1)
342 goto bad; 344 goto bad;
343 days = atoi(*(++argv)); 345 days = strtonum(*(++argv), 0, LONG_MAX, &errstr);
346 if (errstr)
347 goto bad;
344 } else if (strcmp(*argv, "-md") == 0) { 348 } else if (strcmp(*argv, "-md") == 0) {
345 if (--argc < 1) 349 if (--argc < 1)
346 goto bad; 350 goto bad;
@@ -407,15 +411,21 @@ ca_main(int argc, char **argv)
407 else if (strcmp(*argv, "-crldays") == 0) { 411 else if (strcmp(*argv, "-crldays") == 0) {
408 if (--argc < 1) 412 if (--argc < 1)
409 goto bad; 413 goto bad;
410 crldays = atol(*(++argv)); 414 crldays = strtonum(*(++argv), 0, LONG_MAX, &errstr);
415 if (errstr)
416 goto bad;
411 } else if (strcmp(*argv, "-crlhours") == 0) { 417 } else if (strcmp(*argv, "-crlhours") == 0) {
412 if (--argc < 1) 418 if (--argc < 1)
413 goto bad; 419 goto bad;
414 crlhours = atol(*(++argv)); 420 crlhours = strtonum(*(++argv), 0, LONG_MAX, &errstr);
421 if (errstr)
422 goto bad;
415 } else if (strcmp(*argv, "-crlsec") == 0) { 423 } else if (strcmp(*argv, "-crlsec") == 0) {
416 if (--argc < 1) 424 if (--argc < 1)
417 goto bad; 425 goto bad;
418 crlsec = atol(*(++argv)); 426 crlsec = strtonum(*(++argv), 0, LONG_MAX, &errstr);
427 if (errstr)
428 goto bad;
419 } else if (strcmp(*argv, "-infiles") == 0) { 429 } else if (strcmp(*argv, "-infiles") == 0) {
420 argc--; 430 argc--;
421 argv++; 431 argv++;
@@ -484,7 +494,11 @@ ca_main(int argc, char **argv)
484#endif 494#endif
485 else { 495 else {
486bad: 496bad:
487 BIO_printf(bio_err, "unknown option %s\n", *argv); 497 if (errstr)
498 BIO_printf(bio_err, "invalid argument %s: %s\n",
499 *argv, errstr);
500 else
501 BIO_printf(bio_err, "unknown option %s\n", *argv);
488 badops = 1; 502 badops = 1;
489 break; 503 break;
490 } 504 }
diff --git a/src/lib/libssl/src/apps/dsaparam.c b/src/lib/libssl/src/apps/dsaparam.c
index da8be8fa1e..8d26137e7e 100644
--- a/src/lib/libssl/src/apps/dsaparam.c
+++ b/src/lib/libssl/src/apps/dsaparam.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: dsaparam.c,v 1.29 2014/06/12 15:49:27 deraadt Exp $ */ 1/* $OpenBSD: dsaparam.c,v 1.30 2014/06/28 04:39:41 deraadt Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -123,6 +123,7 @@ dsaparam_main(int argc, char **argv)
123 char *engine = NULL; 123 char *engine = NULL;
124#endif 124#endif
125#ifdef GENCB_TEST 125#ifdef GENCB_TEST
126 const char *errstr = NULL;
126 int timebomb = 0; 127 int timebomb = 0;
127#endif 128#endif
128 129
@@ -166,7 +167,9 @@ dsaparam_main(int argc, char **argv)
166 else if (strcmp(*argv, "-timebomb") == 0) { 167 else if (strcmp(*argv, "-timebomb") == 0) {
167 if (--argc < 1) 168 if (--argc < 1)
168 goto bad; 169 goto bad;
169 timebomb = atoi(*(++argv)); 170 timebomb = strtonum(*(++argv), 0, INT_MAX, &errstr);
171 if (errstr)
172 goto bad;
170 } 173 }
171#endif 174#endif
172 else if (strcmp(*argv, "-text") == 0) 175 else if (strcmp(*argv, "-text") == 0)
diff --git a/src/lib/libssl/src/apps/ocsp.c b/src/lib/libssl/src/apps/ocsp.c
index aea7892349..c77b05f27d 100644
--- a/src/lib/libssl/src/apps/ocsp.c
+++ b/src/lib/libssl/src/apps/ocsp.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ocsp.c,v 1.26 2014/06/12 15:49:27 deraadt Exp $ */ 1/* $OpenBSD: ocsp.c,v 1.27 2014/06/28 04:39:41 deraadt Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 2000. 3 * project 2000.
4 */ 4 */
@@ -59,6 +59,7 @@
59 59
60#include <stdio.h> 60#include <stdio.h>
61#include <stdlib.h> 61#include <stdlib.h>
62#include <limits.h>
62#include <string.h> 63#include <string.h>
63#include <time.h> 64#include <time.h>
64 65
@@ -144,6 +145,7 @@ ocsp_main(int argc, char **argv)
144 CA_DB *rdb = NULL; 145 CA_DB *rdb = NULL;
145 int nmin = 0, ndays = -1; 146 int nmin = 0, ndays = -1;
146 const EVP_MD *cert_id_md = NULL; 147 const EVP_MD *cert_id_md = NULL;
148 const char *errstr = NULL;
147 149
148 if (!load_config(bio_err, NULL)) 150 if (!load_config(bio_err, NULL))
149 goto end; 151 goto end;
@@ -164,11 +166,12 @@ ocsp_main(int argc, char **argv)
164 } else if (!strcmp(*args, "-timeout")) { 166 } else if (!strcmp(*args, "-timeout")) {
165 if (args[1]) { 167 if (args[1]) {
166 args++; 168 args++;
167 req_timeout = atol(*args); 169 req_timeout = strtonum(*args, 0,
168 if (req_timeout < 0) { 170 INT_MAX, &errstr);
171 if (errstr) {
169 BIO_printf(bio_err, 172 BIO_printf(bio_err,
170 "Illegal timeout value %s\n", 173 "Illegal timeout value %s: %s\n",
171 *args); 174 *args, errstr);
172 badarg = 1; 175 badarg = 1;
173 } 176 }
174 } else 177 } else
@@ -288,11 +291,11 @@ ocsp_main(int argc, char **argv)
288 } else if (!strcmp(*args, "-validity_period")) { 291 } else if (!strcmp(*args, "-validity_period")) {
289 if (args[1]) { 292 if (args[1]) {
290 args++; 293 args++;
291 nsec = atol(*args); 294 nsec = strtonum(*args, 0, LONG_MAX, &errstr);
292 if (nsec < 0) { 295 if (errstr) {
293 BIO_printf(bio_err, 296 BIO_printf(bio_err,
294 "Illegal validity period %s\n", 297 "Illegal validity period %s: %s\n",
295 *args); 298 *args, errstr);
296 badarg = 1; 299 badarg = 1;
297 } 300 }
298 } else 301 } else
@@ -300,11 +303,11 @@ ocsp_main(int argc, char **argv)
300 } else if (!strcmp(*args, "-status_age")) { 303 } else if (!strcmp(*args, "-status_age")) {
301 if (args[1]) { 304 if (args[1]) {
302 args++; 305 args++;
303 maxage = atol(*args); 306 maxage = strtonum(*args, 0, LONG_MAX, &errstr);
304 if (maxage < 0) { 307 if (errstr) {
305 BIO_printf(bio_err, 308 BIO_printf(bio_err,
306 "Illegal validity age %s\n", 309 "Illegal validity age %s: %s\n",
307 *args); 310 *args, errstr);
308 badarg = 1; 311 badarg = 1;
309 } 312 }
310 } else 313 } else
@@ -385,11 +388,11 @@ ocsp_main(int argc, char **argv)
385 } else if (!strcmp(*args, "-nmin")) { 388 } else if (!strcmp(*args, "-nmin")) {
386 if (args[1]) { 389 if (args[1]) {
387 args++; 390 args++;
388 nmin = atol(*args); 391 nmin = strtonum(*args, 0, INT_MAX, &errstr);
389 if (nmin < 0) { 392 if (errstr) {
390 BIO_printf(bio_err, 393 BIO_printf(bio_err,
391 "Illegal update period %s\n", 394 "Illegal update period %s: %s\n",
392 *args); 395 *args, errstr);
393 badarg = 1; 396 badarg = 1;
394 } 397 }
395 } 398 }
@@ -400,11 +403,11 @@ ocsp_main(int argc, char **argv)
400 } else if (!strcmp(*args, "-nrequest")) { 403 } else if (!strcmp(*args, "-nrequest")) {
401 if (args[1]) { 404 if (args[1]) {
402 args++; 405 args++;
403 accept_count = atol(*args); 406 accept_count = strtonum(*args, 0, INT_MAX, &errstr);
404 if (accept_count < 0) { 407 if (errstr) {
405 BIO_printf(bio_err, 408 BIO_printf(bio_err,
406 "Illegal accept count %s\n", 409 "Illegal accept count %s: %s\n",
407 *args); 410 *args, errstr);
408 badarg = 1; 411 badarg = 1;
409 } 412 }
410 } else 413 } else
@@ -412,11 +415,11 @@ ocsp_main(int argc, char **argv)
412 } else if (!strcmp(*args, "-ndays")) { 415 } else if (!strcmp(*args, "-ndays")) {
413 if (args[1]) { 416 if (args[1]) {
414 args++; 417 args++;
415 ndays = atol(*args); 418 ndays = strtonum(*args, 0, INT_MAX, &errstr);
416 if (ndays < 0) { 419 if (errstr) {
417 BIO_printf(bio_err, 420 BIO_printf(bio_err,
418 "Illegal update period %s\n", 421 "Illegal update period %s: %s\n",
419 *args); 422 *args, errstr);
420 badarg = 1; 423 badarg = 1;
421 } 424 }
422 } else 425 } else
diff --git a/src/lib/libssl/src/apps/prime.c b/src/lib/libssl/src/apps/prime.c
index fca43a2a99..9918db06c7 100644
--- a/src/lib/libssl/src/apps/prime.c
+++ b/src/lib/libssl/src/apps/prime.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: prime.c,v 1.10 2014/06/12 15:49:27 deraadt Exp $ */ 1/* $OpenBSD: prime.c,v 1.11 2014/06/28 04:39:41 deraadt Exp $ */
2/* ==================================================================== 2/* ====================================================================
3 * Copyright (c) 2004 The OpenSSL Project. All rights reserved. 3 * Copyright (c) 2004 The OpenSSL Project. All rights reserved.
4 * 4 *
@@ -49,6 +49,7 @@
49 */ 49 */
50 50
51#include <string.h> 51#include <string.h>
52#include <limits.h>
52 53
53#include "apps.h" 54#include "apps.h"
54 55
@@ -65,6 +66,7 @@ prime_main(int argc, char **argv)
65 int bits = 0; 66 int bits = 0;
66 int safe = 0; 67 int safe = 0;
67 BIGNUM *bn = NULL; 68 BIGNUM *bn = NULL;
69 const char *errstr = NULL;
68 BIO *bio_out; 70 BIO *bio_out;
69 71
70 --argc; 72 --argc;
@@ -74,19 +76,23 @@ prime_main(int argc, char **argv)
74 hex = 1; 76 hex = 1;
75 else if (!strcmp(*argv, "-generate")) 77 else if (!strcmp(*argv, "-generate"))
76 generate = 1; 78 generate = 1;
77 else if (!strcmp(*argv, "-bits")) 79 else if (!strcmp(*argv, "-bits")) {
78 if (--argc < 1) 80 if (--argc < 1)
79 goto bad; 81 goto bad;
80 else 82 else
81 bits = atoi(*++argv); 83 bits = strtonum(*(++argv), 0, INT_MAX, &errstr);
82 else if (!strcmp(*argv, "-safe")) 84 if (errstr)
85 goto bad;
86 } else if (!strcmp(*argv, "-safe"))
83 safe = 1; 87 safe = 1;
84 else if (!strcmp(*argv, "-checks")) 88 else if (!strcmp(*argv, "-checks")) {
85 if (--argc < 1) 89 if (--argc < 1)
86 goto bad; 90 goto bad;
87 else 91 else
88 checks = atoi(*++argv); 92 checks = strtonum(*(++argv), 0, INT_MAX, &errstr);
89 else { 93 if (errstr)
94 goto bad;
95 } else {
90 BIO_printf(bio_err, "Unknown option '%s'\n", *argv); 96 BIO_printf(bio_err, "Unknown option '%s'\n", *argv);
91 goto bad; 97 goto bad;
92 } 98 }
@@ -130,8 +136,12 @@ prime_main(int argc, char **argv)
130 return 0; 136 return 0;
131 137
132bad: 138bad:
133 BIO_printf(bio_err, "options are\n"); 139 if (errstr)
134 BIO_printf(bio_err, "%-14s hex\n", "-hex"); 140 BIO_printf(bio_err, "invalid argument %s: %s\n", *argv, errstr);
135 BIO_printf(bio_err, "%-14s number of checks\n", "-checks <n>"); 141 else {
142 BIO_printf(bio_err, "options are\n");
143 BIO_printf(bio_err, "%-14s hex\n", "-hex");
144 BIO_printf(bio_err, "%-14s number of checks\n", "-checks <n>");
145 }
136 return 1; 146 return 1;
137} 147}
diff --git a/src/lib/libssl/src/apps/req.c b/src/lib/libssl/src/apps/req.c
index c3ac0a6b9e..dcb7ab4a4a 100644
--- a/src/lib/libssl/src/apps/req.c
+++ b/src/lib/libssl/src/apps/req.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: req.c,v 1.43 2014/06/12 15:49:27 deraadt Exp $ */ 1/* $OpenBSD: req.c,v 1.44 2014/06/28 04:39:41 deraadt Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -64,6 +64,7 @@
64 64
65#include <stdio.h> 65#include <stdio.h>
66#include <stdlib.h> 66#include <stdlib.h>
67#include <limits.h>
67#include <string.h> 68#include <string.h>
68#include <time.h> 69#include <time.h>
69 70
@@ -322,11 +323,16 @@ req_main(int argc, char **argv)
322 } else if (strcmp(*argv, "-multivalue-rdn") == 0) 323 } else if (strcmp(*argv, "-multivalue-rdn") == 0)
323 multirdn = 1; 324 multirdn = 1;
324 else if (strcmp(*argv, "-days") == 0) { 325 else if (strcmp(*argv, "-days") == 0) {
326 const char *errstr;
327
325 if (--argc < 1) 328 if (--argc < 1)
326 goto bad; 329 goto bad;
327 days = atoi(*(++argv)); 330 days = strtonum(*(++argv), 1, INT_MAX, &errstr);
328 if (days == 0) 331 if (errstr) {
332 BIO_printf(bio_err, "bad -days %s, using 0: %s\n",
333 *argv, errstr);
329 days = 30; 334 days = 30;
335 }
330 } else if (strcmp(*argv, "-set_serial") == 0) { 336 } else if (strcmp(*argv, "-set_serial") == 0) {
331 if (--argc < 1) 337 if (--argc < 1)
332 goto bad; 338 goto bad;
@@ -1383,13 +1389,18 @@ set_keygen_ctx(BIO * err, const char *gstr, int *pkey_type,
1383 long keylen = -1; 1389 long keylen = -1;
1384 BIO *pbio = NULL; 1390 BIO *pbio = NULL;
1385 const char *paramfile = NULL; 1391 const char *paramfile = NULL;
1392 const char *errstr;
1386 1393
1387 if (gstr == NULL) { 1394 if (gstr == NULL) {
1388 *pkey_type = EVP_PKEY_RSA; 1395 *pkey_type = EVP_PKEY_RSA;
1389 keylen = *pkeylen; 1396 keylen = *pkeylen;
1390 } else if (gstr[0] >= '0' && gstr[0] <= '9') { 1397 } else if (gstr[0] >= '0' && gstr[0] <= '9') {
1391 *pkey_type = EVP_PKEY_RSA; 1398 *pkey_type = EVP_PKEY_RSA;
1392 keylen = atol(gstr); 1399 keylen = strtonum(gstr, 0, LONG_MAX, &errstr);
1400 if (errstr) {
1401 BIO_printf(err, "bad algorithm %s: %s\n", gstr, errstr);
1402 return NULL;
1403 }
1393 *pkeylen = keylen; 1404 *pkeylen = keylen;
1394 } else if (!strncmp(gstr, "param:", 6)) 1405 } else if (!strncmp(gstr, "param:", 6))
1395 paramfile = gstr + 6; 1406 paramfile = gstr + 6;
@@ -1422,7 +1433,12 @@ set_keygen_ctx(BIO * err, const char *gstr, int *pkey_type,
1422#endif 1433#endif
1423 if (*pkey_type == EVP_PKEY_RSA) { 1434 if (*pkey_type == EVP_PKEY_RSA) {
1424 if (p) { 1435 if (p) {
1425 keylen = atol(p + 1); 1436 keylen = strtonum(p + 1, 0, LONG_MAX, &errstr);
1437 if (errstr) {
1438 BIO_printf(err, "bad algorithm %s: %s\n",
1439 p + 1, errstr);
1440 return NULL;
1441 }
1426 *pkeylen = keylen; 1442 *pkeylen = keylen;
1427 } else 1443 } else
1428 keylen = *pkeylen; 1444 keylen = *pkeylen;
diff --git a/src/lib/libssl/src/apps/s_client.c b/src/lib/libssl/src/apps/s_client.c
index c453875c07..7c96443a11 100644
--- a/src/lib/libssl/src/apps/s_client.c
+++ b/src/lib/libssl/src/apps/s_client.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: s_client.c,v 1.61 2014/06/13 04:29:13 miod Exp $ */ 1/* $OpenBSD: s_client.c,v 1.62 2014/06/28 04:39:41 deraadt Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -147,6 +147,7 @@
147#include <netdb.h> 147#include <netdb.h>
148#include <stdio.h> 148#include <stdio.h>
149#include <stdlib.h> 149#include <stdlib.h>
150#include <limits.h>
150#include <string.h> 151#include <string.h>
151#include <unistd.h> 152#include <unistd.h>
152 153
@@ -438,6 +439,7 @@ s_client_main(int argc, char **argv)
438 BIO *sbio; 439 BIO *sbio;
439 int mbuf_len = 0; 440 int mbuf_len = 0;
440 struct timeval timeout, *timeoutp; 441 struct timeval timeout, *timeoutp;
442 const char *errstr = NULL;
441#ifndef OPENSSL_NO_ENGINE 443#ifndef OPENSSL_NO_ENGINE
442 char *engine_id = NULL; 444 char *engine_id = NULL;
443 char *ssl_client_engine_id = NULL; 445 char *ssl_client_engine_id = NULL;
@@ -503,7 +505,9 @@ s_client_main(int argc, char **argv)
503 verify = SSL_VERIFY_PEER; 505 verify = SSL_VERIFY_PEER;
504 if (--argc < 1) 506 if (--argc < 1)
505 goto bad; 507 goto bad;
506 verify_depth = atoi(*(++argv)); 508 verify_depth = strtonum(*(++argv), 0, INT_MAX, &errstr);
509 if (errstr)
510 goto bad;
507 BIO_printf(bio_err, "verify depth is %d\n", verify_depth); 511 BIO_printf(bio_err, "verify depth is %d\n", verify_depth);
508 } else if (strcmp(*argv, "-cert") == 0) { 512 } else if (strcmp(*argv, "-cert") == 0) {
509 if (--argc < 1) 513 if (--argc < 1)
@@ -592,7 +596,9 @@ s_client_main(int argc, char **argv)
592 else if (strcmp(*argv, "-mtu") == 0) { 596 else if (strcmp(*argv, "-mtu") == 0) {
593 if (--argc < 1) 597 if (--argc < 1)
594 goto bad; 598 goto bad;
595 socket_mtu = atol(*(++argv)); 599 socket_mtu = strtonum(*(++argv), 0, LONG_MAX, &errstr);
600 if (errstr)
601 goto bad;
596 } 602 }
597#endif 603#endif
598 else if (strcmp(*argv, "-bugs") == 0) 604 else if (strcmp(*argv, "-bugs") == 0)
@@ -715,10 +721,12 @@ s_client_main(int argc, char **argv)
715 goto bad; 721 goto bad;
716 keymatexportlabel = *(++argv); 722 keymatexportlabel = *(++argv);
717 } else if (strcmp(*argv, "-keymatexportlen") == 0) { 723 } else if (strcmp(*argv, "-keymatexportlen") == 0) {
724 const char *errstr;
725
718 if (--argc < 1) 726 if (--argc < 1)
719 goto bad; 727 goto bad;
720 keymatexportlen = atoi(*(++argv)); 728 keymatexportlen = strtonum(*(++argv), 1, INT_MAX, &errstr);
721 if (keymatexportlen == 0) 729 if (errstr)
722 goto bad; 730 goto bad;
723 } else { 731 } else {
724 BIO_printf(bio_err, "unknown option %s\n", *argv); 732 BIO_printf(bio_err, "unknown option %s\n", *argv);
@@ -730,7 +738,11 @@ s_client_main(int argc, char **argv)
730 } 738 }
731 if (badop) { 739 if (badop) {
732bad: 740bad:
733 sc_usage(); 741 if (errstr)
742 BIO_printf(bio_err, "invalid argument %s: %s\n",
743 *argv, errstr);
744 else
745 sc_usage();
734 goto end; 746 goto end;
735 } 747 }
736 748
diff --git a/src/lib/libssl/src/apps/s_server.c b/src/lib/libssl/src/apps/s_server.c
index e73b249ca3..61eb667c38 100644
--- a/src/lib/libssl/src/apps/s_server.c
+++ b/src/lib/libssl/src/apps/s_server.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: s_server.c,v 1.53 2014/06/13 04:29:13 miod Exp $ */ 1/* $OpenBSD: s_server.c,v 1.54 2014/06/28 04:39:41 deraadt Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -154,6 +154,7 @@
154#include <ctype.h> 154#include <ctype.h>
155#include <stdio.h> 155#include <stdio.h>
156#include <stdlib.h> 156#include <stdlib.h>
157#include <limits.h>
157#include <string.h> 158#include <string.h>
158#include <unistd.h> 159#include <unistd.h>
159 160
@@ -702,6 +703,7 @@ s_server_main(int argc, char *argv[])
702 X509 *s_cert = NULL, *s_dcert = NULL; 703 X509 *s_cert = NULL, *s_dcert = NULL;
703 EVP_PKEY *s_key = NULL, *s_dkey = NULL; 704 EVP_PKEY *s_key = NULL, *s_dkey = NULL;
704 int no_cache = 0; 705 int no_cache = 0;
706 const char *errstr = NULL;
705#ifndef OPENSSL_NO_TLSEXT 707#ifndef OPENSSL_NO_TLSEXT
706 EVP_PKEY *s_key2 = NULL; 708 EVP_PKEY *s_key2 = NULL;
707 X509 *s_cert2 = NULL; 709 X509 *s_cert2 = NULL;
@@ -743,14 +745,18 @@ s_server_main(int argc, char *argv[])
743 s_server_verify = SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE; 745 s_server_verify = SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE;
744 if (--argc < 1) 746 if (--argc < 1)
745 goto bad; 747 goto bad;
746 verify_depth = atoi(*(++argv)); 748 verify_depth = strtonum(*(++argv), 0, INT_MAX, &errstr);
749 if (errstr)
750 goto bad;
747 BIO_printf(bio_err, "verify depth is %d\n", verify_depth); 751 BIO_printf(bio_err, "verify depth is %d\n", verify_depth);
748 } else if (strcmp(*argv, "-Verify") == 0) { 752 } else if (strcmp(*argv, "-Verify") == 0) {
749 s_server_verify = SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT | 753 s_server_verify = SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT |
750 SSL_VERIFY_CLIENT_ONCE; 754 SSL_VERIFY_CLIENT_ONCE;
751 if (--argc < 1) 755 if (--argc < 1)
752 goto bad; 756 goto bad;
753 verify_depth = atoi(*(++argv)); 757 verify_depth = strtonum(*(++argv), 0, INT_MAX, &errstr);
758 if (errstr)
759 goto bad;
754 BIO_printf(bio_err, "verify depth is %d, must return a certificate\n", verify_depth); 760 BIO_printf(bio_err, "verify depth is %d, must return a certificate\n", verify_depth);
755 } else if (strcmp(*argv, "-context") == 0) { 761 } else if (strcmp(*argv, "-context") == 0) {
756 if (--argc < 1) 762 if (--argc < 1)
@@ -856,7 +862,9 @@ s_server_main(int argc, char *argv[])
856 s_tlsextstatus = 1; 862 s_tlsextstatus = 1;
857 if (--argc < 1) 863 if (--argc < 1)
858 goto bad; 864 goto bad;
859 tlscstatp.timeout = atoi(*(++argv)); 865 tlscstatp.timeout = strtonum(*(++argv), 0, INT_MAX, &errstr);
866 if (errstr)
867 goto bad;
860 } else if (!strcmp(*argv, "-status_url")) { 868 } else if (!strcmp(*argv, "-status_url")) {
861 s_tlsextstatus = 1; 869 s_tlsextstatus = 1;
862 if (--argc < 1) 870 if (--argc < 1)
@@ -951,7 +959,9 @@ s_server_main(int argc, char *argv[])
951 else if (strcmp(*argv, "-mtu") == 0) { 959 else if (strcmp(*argv, "-mtu") == 0) {
952 if (--argc < 1) 960 if (--argc < 1)
953 goto bad; 961 goto bad;
954 socket_mtu = atol(*(++argv)); 962 socket_mtu = strtonum(*(++argv), 0, LONG_MAX, &errstr);
963 if (errstr)
964 goto bad;
955 } else if (strcmp(*argv, "-chain") == 0) 965 } else if (strcmp(*argv, "-chain") == 0)
956 cert_chain = 1; 966 cert_chain = 1;
957#endif 967#endif
@@ -1005,8 +1015,8 @@ s_server_main(int argc, char *argv[])
1005 } else if (strcmp(*argv, "-keymatexportlen") == 0) { 1015 } else if (strcmp(*argv, "-keymatexportlen") == 0) {
1006 if (--argc < 1) 1016 if (--argc < 1)
1007 goto bad; 1017 goto bad;
1008 keymatexportlen = atoi(*(++argv)); 1018 keymatexportlen = strtonum(*(++argv), 1, INT_MAX, &errstr);
1009 if (keymatexportlen == 0) 1019 if (errstr)
1010 goto bad; 1020 goto bad;
1011 } else { 1021 } else {
1012 BIO_printf(bio_err, "unknown option %s\n", *argv); 1022 BIO_printf(bio_err, "unknown option %s\n", *argv);
@@ -1018,7 +1028,11 @@ s_server_main(int argc, char *argv[])
1018 } 1028 }
1019 if (badop) { 1029 if (badop) {
1020bad: 1030bad:
1021 sv_usage(); 1031 if (errstr)
1032 BIO_printf(bio_err, "invalid argument %s: %s\n",
1033 *argv, errstr);
1034 else
1035 sv_usage();
1022 goto end; 1036 goto end;
1023 } 1037 }
1024 1038
diff --git a/src/lib/libssl/src/apps/s_socket.c b/src/lib/libssl/src/apps/s_socket.c
index d5757af66e..c5f3a28519 100644
--- a/src/lib/libssl/src/apps/s_socket.c
+++ b/src/lib/libssl/src/apps/s_socket.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: s_socket.c,v 1.41 2014/06/12 15:49:27 deraadt Exp $ */ 1/* $OpenBSD: s_socket.c,v 1.42 2014/06/28 04:39:41 deraadt Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -333,12 +333,13 @@ int
333extract_port(char *str, short *port_ptr) 333extract_port(char *str, short *port_ptr)
334{ 334{
335 int i; 335 int i;
336 const char *errstr;
336 struct servent *s; 337 struct servent *s;
337 338
338 i = atoi(str); 339 i = strtonum(str, 1, 65535, &errstr);
339 if (i != 0) 340 if (!errstr) {
340 *port_ptr = (unsigned short) i; 341 *port_ptr = (unsigned short) i;
341 else { 342 } else {
342 s = getservbyname(str, "tcp"); 343 s = getservbyname(str, "tcp");
343 if (s == NULL) { 344 if (s == NULL) {
344 BIO_printf(bio_err, "getservbyname failure for %s\n", str); 345 BIO_printf(bio_err, "getservbyname failure for %s\n", str);
diff --git a/src/lib/libssl/src/apps/s_time.c b/src/lib/libssl/src/apps/s_time.c
index 2f6f3cc192..14d2e12dcd 100644
--- a/src/lib/libssl/src/apps/s_time.c
+++ b/src/lib/libssl/src/apps/s_time.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: s_time.c,v 1.31 2014/06/12 15:49:27 deraadt Exp $ */ 1/* $OpenBSD: s_time.c,v 1.32 2014/06/28 04:39:41 deraadt Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -67,6 +67,7 @@
67 67
68#include <stdio.h> 68#include <stdio.h>
69#include <stdlib.h> 69#include <stdlib.h>
70#include <limits.h>
70#include <string.h> 71#include <string.h>
71#include <unistd.h> 72#include <unistd.h>
72 73
@@ -181,6 +182,7 @@ static int
181parseArgs(int argc, char **argv) 182parseArgs(int argc, char **argv)
182{ 183{
183 int badop = 0; 184 int badop = 0;
185 const char *errstr;
184 186
185 verify_depth = 0; 187 verify_depth = 0;
186 verify_error = X509_V_OK; 188 verify_error = X509_V_OK;
@@ -210,11 +212,14 @@ parseArgs(int argc, char **argv)
210 else if (strcmp(*argv, "-new") == 0) 212 else if (strcmp(*argv, "-new") == 0)
211 perform = 1; 213 perform = 1;
212 else if (strcmp(*argv, "-verify") == 0) { 214 else if (strcmp(*argv, "-verify") == 0) {
215 const char *errstr;
213 216
214 tm_verify = SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE; 217 tm_verify = SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE;
215 if (--argc < 1) 218 if (--argc < 1)
216 goto bad; 219 goto bad;
217 verify_depth = atoi(*(++argv)); 220 verify_depth = strtonum(*(++argv), 0, INT_MAX, &errstr);
221 if (errstr)
222 goto bad;
218 BIO_printf(bio_err, "verify depth is %d\n", verify_depth); 223 BIO_printf(bio_err, "verify depth is %d\n", verify_depth);
219 224
220 } else if (strcmp(*argv, "-cert") == 0) { 225 } else if (strcmp(*argv, "-cert") == 0) {
@@ -266,7 +271,9 @@ parseArgs(int argc, char **argv)
266 271
267 if (--argc < 1) 272 if (--argc < 1)
268 goto bad; 273 goto bad;
269 maxTime = atoi(*(++argv)); 274 maxTime = strtonum(*(++argv), 0, INT_MAX, &errstr);
275 if (errstr)
276 goto bad;
270 } else { 277 } else {
271 BIO_printf(bio_err, "unknown option %s\n", *argv); 278 BIO_printf(bio_err, "unknown option %s\n", *argv);
272 badop = 1; 279 badop = 1;
diff --git a/src/lib/libssl/src/apps/speed.c b/src/lib/libssl/src/apps/speed.c
index 7b4bce1c99..1d320db010 100644
--- a/src/lib/libssl/src/apps/speed.c
+++ b/src/lib/libssl/src/apps/speed.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: speed.c,v 1.48 2014/06/12 15:49:27 deraadt Exp $ */ 1/* $OpenBSD: speed.c,v 1.49 2014/06/28 04:39:41 deraadt Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -86,6 +86,7 @@
86#include <signal.h> 86#include <signal.h>
87#include <stdio.h> 87#include <stdio.h>
88#include <stdlib.h> 88#include <stdlib.h>
89#include <limits.h>
89#include <string.h> 90#include <string.h>
90#include <unistd.h> 91#include <unistd.h>
91 92
@@ -516,6 +517,7 @@ speed_main(int argc, char **argv)
516 const EVP_MD *evp_md = NULL; 517 const EVP_MD *evp_md = NULL;
517 int decrypt = 0; 518 int decrypt = 0;
518 int multi = 0; 519 int multi = 0;
520 const char *errstr = NULL;
519 521
520#ifndef TIMES 522#ifndef TIMES
521 usertime = -1; 523 usertime = -1;
@@ -627,9 +629,9 @@ speed_main(int argc, char **argv)
627 BIO_printf(bio_err, "no multi count given\n"); 629 BIO_printf(bio_err, "no multi count given\n");
628 goto end; 630 goto end;
629 } 631 }
630 multi = atoi(argv[0]); 632 multi = strtonum(argv[0], 1, INT_MAX, &errstr);
631 if (multi <= 0) { 633 if (errstr) {
632 BIO_printf(bio_err, "bad multi count\n"); 634 BIO_printf(bio_err, "bad multi count: %s", errstr);
633 goto end; 635 goto end;
634 } 636 }
635 j--; /* Otherwise, -mr gets confused with an 637 j--; /* Otherwise, -mr gets confused with an
@@ -2105,6 +2107,7 @@ do_multi(int multi)
2105 int fd[2]; 2107 int fd[2];
2106 int *fds; 2108 int *fds;
2107 static char sep[] = ":"; 2109 static char sep[] = ":";
2110 const char *errstr = NULL;
2108 2111
2109 fds = reallocarray(NULL, multi, sizeof *fds); 2112 fds = reallocarray(NULL, multi, sizeof *fds);
2110 for (n = 0; n < multi; ++n) { 2113 for (n = 0; n < multi; ++n) {
@@ -2155,7 +2158,8 @@ do_multi(int multi)
2155 int j; 2158 int j;
2156 2159
2157 p = buf + 3; 2160 p = buf + 3;
2158 alg = atoi(sstrsep(&p, sep)); 2161 alg = strtonum(sstrsep(&p, sep),
2162 0, ALGOR_NUM - 1, &errstr);
2159 sstrsep(&p, sep); 2163 sstrsep(&p, sep);
2160 for (j = 0; j < SIZE_NUM; ++j) 2164 for (j = 0; j < SIZE_NUM; ++j)
2161 results[alg][j] += atof(sstrsep(&p, sep)); 2165 results[alg][j] += atof(sstrsep(&p, sep));
@@ -2164,7 +2168,8 @@ do_multi(int multi)
2164 double d; 2168 double d;
2165 2169
2166 p = buf + 4; 2170 p = buf + 4;
2167 k = atoi(sstrsep(&p, sep)); 2171 k = strtonum(sstrsep(&p, sep),
2172 0, ALGOR_NUM - 1, &errstr);
2168 sstrsep(&p, sep); 2173 sstrsep(&p, sep);
2169 2174
2170 d = atof(sstrsep(&p, sep)); 2175 d = atof(sstrsep(&p, sep));
@@ -2183,7 +2188,8 @@ do_multi(int multi)
2183 double d; 2188 double d;
2184 2189
2185 p = buf + 4; 2190 p = buf + 4;
2186 k = atoi(sstrsep(&p, sep)); 2191 k = strtonum(sstrsep(&p, sep),
2192 0, ALGOR_NUM - 1, &errstr);
2187 sstrsep(&p, sep); 2193 sstrsep(&p, sep);
2188 2194
2189 d = atof(sstrsep(&p, sep)); 2195 d = atof(sstrsep(&p, sep));
@@ -2204,7 +2210,8 @@ do_multi(int multi)
2204 double d; 2210 double d;
2205 2211
2206 p = buf + 4; 2212 p = buf + 4;
2207 k = atoi(sstrsep(&p, sep)); 2213 k = strtonum(sstrsep(&p, sep),
2214 0, ALGOR_NUM - 1, &errstr);
2208 sstrsep(&p, sep); 2215 sstrsep(&p, sep);
2209 2216
2210 d = atof(sstrsep(&p, sep)); 2217 d = atof(sstrsep(&p, sep));
@@ -2226,7 +2233,8 @@ do_multi(int multi)
2226 double d; 2233 double d;
2227 2234
2228 p = buf + 4; 2235 p = buf + 4;
2229 k = atoi(sstrsep(&p, sep)); 2236 k = strtonum(sstrsep(&p, sep),
2237 0, ALGOR_NUM - 1, &errstr);
2230 sstrsep(&p, sep); 2238 sstrsep(&p, sep);
2231 2239
2232 d = atof(sstrsep(&p, sep)); 2240 d = atof(sstrsep(&p, sep));
@@ -2249,7 +2257,8 @@ do_multi(int multi)
2249 double d; 2257 double d;
2250 2258
2251 p = buf + 4; 2259 p = buf + 4;
2252 k = atoi(sstrsep(&p, sep)); 2260 k = strtonum(sstrsep(&p, sep),
2261 0, ALGOR_NUM - 1, &errstr);
2253 sstrsep(&p, sep); 2262 sstrsep(&p, sep);
2254 2263
2255 d = atof(sstrsep(&p, sep)); 2264 d = atof(sstrsep(&p, sep));
diff --git a/src/lib/libssl/src/apps/x509.c b/src/lib/libssl/src/apps/x509.c
index b8570d30c9..4f86a1bb53 100644
--- a/src/lib/libssl/src/apps/x509.c
+++ b/src/lib/libssl/src/apps/x509.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: x509.c,v 1.45 2014/06/12 15:49:27 deraadt Exp $ */ 1/* $OpenBSD: x509.c,v 1.46 2014/06/28 04:39:41 deraadt Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -59,6 +59,7 @@
59#include <assert.h> 59#include <assert.h>
60#include <stdio.h> 60#include <stdio.h>
61#include <stdlib.h> 61#include <stdlib.h>
62#include <limits.h>
62#include <string.h> 63#include <string.h>
63 64
64#include "apps.h" 65#include "apps.h"
@@ -208,6 +209,7 @@ x509_main(int argc, char **argv)
208#ifndef OPENSSL_NO_ENGINE 209#ifndef OPENSSL_NO_ENGINE
209 char *engine = NULL; 210 char *engine = NULL;
210#endif 211#endif
212 const char *errstr = NULL;
211 213
212 reqfile = 0; 214 reqfile = 0;
213 215
@@ -263,9 +265,9 @@ x509_main(int argc, char **argv)
263 } else if (strcmp(*argv, "-days") == 0) { 265 } else if (strcmp(*argv, "-days") == 0) {
264 if (--argc < 1) 266 if (--argc < 1)
265 goto bad; 267 goto bad;
266 days = atoi(*(++argv)); 268 days = strtonum(*(++argv), 1, INT_MAX, &errstr);
267 if (days == 0) { 269 if (errstr) {
268 BIO_printf(bio_err, "bad number of days\n"); 270 BIO_printf(bio_err, "bad number of days: %s\n", errstr);
269 goto bad; 271 goto bad;
270 } 272 }
271 } else if (strcmp(*argv, "-passin") == 0) { 273 } else if (strcmp(*argv, "-passin") == 0) {
@@ -407,7 +409,11 @@ x509_main(int argc, char **argv)
407 else if (strcmp(*argv, "-checkend") == 0) { 409 else if (strcmp(*argv, "-checkend") == 0) {
408 if (--argc < 1) 410 if (--argc < 1)
409 goto bad; 411 goto bad;
410 checkoffset = atoi(*(++argv)); 412 checkoffset = strtonum(*(++argv), 0, INT_MAX, &errstr);
413 if (errstr) {
414 BIO_printf(bio_err, "checkend unusable: %s\n", errstr);
415 goto bad;
416 }
411 checkend = 1; 417 checkend = 1;
412 } else if (strcmp(*argv, "-noout") == 0) 418 } else if (strcmp(*argv, "-noout") == 0)
413 noout = ++num; 419 noout = ++num;
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-22 18:24:36 +0000