Ensure strtonum returns a number that is always positive in int range

We should be using INT_MAX, not UINT_MAX, and checking for errors via errstr, as opposed to allowing negative numbers.
openssh · Jul 4, 2023 · b939309 · b939309
1 parent 8a6cd08
commit b939309
Showing 1 changed file with 5 additions and 4 deletions.
diff --git a/ssh-add.c b/ssh-add.c
@@ -788,6 +788,7 @@ main(int argc, char **argv)
 	extern char *optarg;
 	extern int optind;
 	int agent_fd;
+	const char *errstr = NULL;
 	char *pkcs11provider = NULL, *skprovider = NULL;
 	char **dest_constraint_strings = NULL, **hostkey_files = NULL;
 	int r, i, ch, deleting = 0, ret = 0, key_only = 0, do_download = 0;
@@ -863,16 +864,16 @@ main(int argc, char **argv)
 			confirm = 1;
 			break;
 		case 'm':
-			minleft = (int)strtonum(optarg, 1, UINT_MAX, NULL);
-			if (minleft == 0) {
+			minleft = (int)strtonum(optarg, 1, INT_MAX, &errstr);
+			if (errstr) {
 				usage();
 				ret = 1;
 				goto done;
 			}
 			break;
 		case 'M':
-			maxsign = (int)strtonum(optarg, 1, UINT_MAX, NULL);
-			if (maxsign == 0) {
+			maxsign = (int)strtonum(optarg, 1, INT_MAX, &errstr);
+			if (errstr) {
 				usage();
 				ret = 1;
 				goto done;