From 67cdecaeaf9939114d15c7a93ed990e5d98a0cba Mon Sep 17 00:00:00 2001
From: Ben Kibbey <bjk@luxsci.net>
Date: Mon, 28 May 2012 10:31:01 -0400
Subject: [PATCH] pwmc: check for invalid numeric arguments.

---
 src/pwmc.c | 46 +++++++++++++++++++++++++++-------------------
 1 file changed, 27 insertions(+), 19 deletions(-)

diff --git a/src/pwmc.c b/src/pwmc.c
index 40a16054..0756de51 100644
--- a/src/pwmc.c
+++ b/src/pwmc.c
@@ -1100,7 +1100,7 @@ int main(int argc, char *argv[])
     int connected = 0;
     gpg_error_t rc;
     int opt;
-    char command[ASSUAN_LINELENGTH], *p;
+    char command[ASSUAN_LINELENGTH], *p = NULL;
     char *result = NULL;
     size_t len;
     char *pinentry_path = NULL;
@@ -1235,10 +1235,10 @@ int main(int argc, char *argv[])
 			use_ssh_agent = 0;
 			break;
 		    case OPT_SSH_TIMEOUT:
-			ssh_timeout = strtol(optarg, NULL, 10);
+			ssh_timeout = strtol(optarg, &p, 10);
 			break;
 		    case OPT_SSH_KEEPALIVE:
-			ssh_keepalive = strtol(optarg, NULL, 10);
+			ssh_keepalive = strtol(optarg, &p, 10);
 			break;
 #endif
 #ifdef WITH_GNUTLS
@@ -1286,20 +1286,22 @@ int main(int argc, char *argv[])
 			lcmessages = pwmd_strdup(optarg);
 			break;
 		    case OPT_TIMEOUT:
-			timeout = atoi(optarg);
+			timeout = strtol(optarg, &p, 10);
 			break;
 		    case OPT_TRIES:
-			tries = atoi(optarg);
+			tries = strtol(optarg, &p, 10);
 			break;
 		    case OPT_INQUIRE:
 			inquire = optarg;
 			break;
 		    case OPT_INQUIRE_FD:
-			inquirefd = atoi(optarg);
-			inquirefp = fdopen(inquirefd, "r");
-			if (!inquirefp) {
-			    pwmd_free(password);
-			    err(EXIT_FAILURE, "%i", inquirefd);
+			inquirefd = strtol(optarg, &p, 10);
+			if (!p) {
+			    inquirefp = fdopen(inquirefd, "r");
+			    if (!inquirefp) {
+				pwmd_free(password);
+				err(EXIT_FAILURE, "%i", inquirefd);
+			    }
 			}
 			break;
 		    case OPT_INQUIRE_FILE:
@@ -1308,16 +1310,16 @@ int main(int argc, char *argv[])
 			    pwmd_free(password);
 			    err(EXIT_FAILURE, "%s", optarg);
 			}
-
 			inquirefp = fdopen(inquirefd, "r");
 			break;
 		    case OPT_OUTPUT_FD:
-			outfd = atoi(optarg);
-			outfp = fdopen(outfd, "w");
-
-			if (!outfp) {
-			    pwmd_free(password);
-			    err(EXIT_FAILURE, "%i", outfd);
+			outfd = strtol(optarg, &p, 10);
+			if (!p) {
+			    outfp = fdopen(outfd, "w");
+			    if (!outfp) {
+				pwmd_free(password);
+				err(EXIT_FAILURE, "%i", outfd);
+			    }
 			}
 			break;
 		    case OPT_NO_STATUS:
@@ -1375,10 +1377,10 @@ int main(int argc, char *argv[])
 			sign_keygrip = optarg;
 			break;
 		    case OPT_S2K_COUNT:
-			s2k_count = strtoul(optarg, NULL, 10);
+			s2k_count = strtoul(optarg, &p, 10);
 			break;
 		    case OPT_ITERATIONS:
-			iterations = strtoull(optarg, NULL, 10);
+			iterations = strtoull(optarg, &p, 10);
 			iterations_arg = 1;
 			break;
 		    case OPT_NOPASSPHRASE:
@@ -1399,6 +1401,12 @@ int main(int argc, char *argv[])
 			usage(argv[0], EXIT_FAILURE);
 		}
 
+		if (p && *p) {
+		    fprintf(stderr, N_("%s: invalid argument for option '--%s'\n"),
+			    argv[0], long_opts[opt_index].name);
+		    usage(argv[0], EXIT_FAILURE);
+		}
+
 		break;
 #ifdef WITH_SSH
 	    case 'i':
-- 
2.11.4.GIT