From 07d3f305ea24da68aec66c7e4be39317f6ea7dae Mon Sep 17 00:00:00 2001
From: op <>
Date: Mon, 26 Aug 2024 22:01:28 +0000
Subject: replace atoi(3) usage with strtonum(3); ok/tweaks tb@

---
 src/lib/libcrypto/ts/ts_conf.c | 36 +++++++++++++++++++++++++++++-------
 1 file changed, 29 insertions(+), 7 deletions(-)

(limited to 'src/lib/libcrypto/ts')

diff --git a/src/lib/libcrypto/ts/ts_conf.c b/src/lib/libcrypto/ts/ts_conf.c
index ef8569ef04..bd499238f5 100644
--- a/src/lib/libcrypto/ts/ts_conf.c
+++ b/src/lib/libcrypto/ts/ts_conf.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ts_conf.c,v 1.14 2024/03/26 00:39:22 beck Exp $ */
+/* $OpenBSD: ts_conf.c,v 1.15 2024/08/26 22:01:28 op Exp $ */
 /* Written by Zoltan Glozik (zglozik@stones.com) for the OpenSSL
  * project 2002.
  */
@@ -56,6 +56,8 @@
  *
  */
 
+#include <limits.h>
+#include <stdlib.h>
 #include <string.h>
 
 #include <openssl/opensslconf.h>
@@ -394,6 +396,7 @@ TS_CONF_set_accuracy(CONF *conf, const char *section, TS_RESP_CTX *ctx)
 	int secs = 0, millis = 0, micros = 0;
 	STACK_OF(CONF_VALUE) *list = NULL;
 	char *accuracy = NCONF_get_string(conf, section, ENV_ACCURACY);
+	const char *errstr;
 
 	if (accuracy && !(list = X509V3_parse_list(accuracy))) {
 		TS_CONF_invalid(section, ENV_ACCURACY);
@@ -402,14 +405,33 @@ TS_CONF_set_accuracy(CONF *conf, const char *section, TS_RESP_CTX *ctx)
 	for (i = 0; i < sk_CONF_VALUE_num(list); ++i) {
 		CONF_VALUE *val = sk_CONF_VALUE_value(list, i);
 		if (strcmp(val->name, ENV_VALUE_SECS) == 0) {
-			if (val->value)
-				secs = atoi(val->value);
+			if (val->value) {
+				secs = strtonum(val->value, 0, INT_MAX,
+				    &errstr);
+				if (errstr != NULL) {
+					TS_CONF_invalid(section,
+					    ENV_VALUE_SECS);
+					goto err;
+				}
+			}
 		} else if (strcmp(val->name, ENV_VALUE_MILLISECS) == 0) {
-			if (val->value)
-				millis = atoi(val->value);
+			if (val->value) {
+				millis = strtonum(val->value, 1, 999, &errstr);
+				if (errstr != NULL) {
+					TS_CONF_invalid(section,
+					    ENV_VALUE_MILLISECS);
+					goto err;
+				}
+			}
 		} else if (strcmp(val->name, ENV_VALUE_MICROSECS) == 0) {
-			if (val->value)
-				micros = atoi(val->value);
+			if (val->value) {
+				micros = strtonum(val->value, 1, 999, &errstr);
+				if (errstr != NULL) {
+					TS_CONF_invalid(section,
+					    ENV_VALUE_MICROSECS);
+					goto err;
+				}
+			}
 		} else {
 			TS_CONF_invalid(section, ENV_ACCURACY);
 			goto err;
-- 
cgit v1.2.3-55-g6feb