- deraadt@cvs.openbsd.org 2006/03/27 13:03:54

[dh.c]
     use strtonum() instead of atoi(), limit dhg size to 64k; ok djm

ChangeLog

@@ -4,6 +4,9 @@
      [xmalloc.c]
      we can do the size & nmemb check before the integer overflow check; 
      evol
+   - deraadt@cvs.openbsd.org 2006/03/27 13:03:54
+     [dh.c]
+     use strtonum() instead of atoi(), limit dhg size to 64k; ok djm
 
 20060326
  - OpenBSD CVS Sync
@@ -4453,4 +4456,4 @@
    - (djm) Trim deprecated options from INSTALL. Mention UsePAM
    - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu
 
-$Id: ChangeLog,v 1.4288 2006/03/31 12:09:17 djm Exp $
+$Id: ChangeLog,v 1.4289 2006/03/31 12:09:41 djm Exp $

dh.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: dh.c,v 1.34 2006/03/25 13:17:01 djm Exp $ */
+/* $OpenBSD: dh.c,v 1.35 2006/03/27 13:03:54 deraadt Exp $ */
 /*
  * Copyright (c) 2000 Niels Provos.  All rights reserved.
  *
@@ -44,6 +44,7 @@ parse_prime(int linenum, char *line, struct dhgroup *dhg)
 {
 	char *cp, *arg;
 	char *strsize, *gen, *prime;
+	const char *errstr = NULL;
 
 	cp = line;
 	if ((arg = strdelim(&cp)) == NULL)
@@ -68,7 +69,8 @@ parse_prime(int linenum, char *line, struct dhgroup *dhg)
 		goto fail;
 	strsize = strsep(&cp, " "); /* size */
 	if (cp == NULL || *strsize == '\0' ||
-	    (dhg->size = atoi(strsize)) == 0)
+	    (dhg->size = (u_int)strtonum(strsize, 0, 64*1024, &errstr)) == 0 ||
+	    errstr)
 		goto fail;
 	/* The whole group is one bit larger */
 	dhg->size++;