- djm@cvs.openbsd.org 2012/11/14 02:32:15

[ssh-keygen.c] allow the full range of unsigned serial numbers; 'fine' deraadt@
2024-12-26 03:42:07 +00:00 · 2012-11-14 19:04:33 +11:00 · 2012-11-14 19:04:33 +11:00 · 6f3b362fa8
commit 6f3b362fa8
parent 1e85469fcb
2 changed files with 10 additions and 6 deletions
--- a/4
+++ b/4
@ -5,7 +5,9 @@
     fix username passed to helper program
     prepare stdio fds before closefrom()
     spotted by landry@
-
+   - djm@cvs.openbsd.org 2012/11/14 02:32:15
+     [ssh-keygen.c]
+     allow the full range of unsigned serial numbers; 'fine' deraadt@

 20121107
 - (djm) OpenBSD CVS Sync
--- a/ssh-keygen.c
+++ b/ssh-keygen.c
@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-keygen.c,v 1.218 2012/10/02 07:07:45 djm Exp $ */
+/* $OpenBSD: ssh-keygen.c,v 1.219 2012/11/14 02:32:15 djm Exp $ */
 /*
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
 * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -1937,7 +1937,7 @@ main(int argc, char **argv)
 {
 	char dotsshdir[MAXPATHLEN], comment[1024], *passphrase1, *passphrase2;
 	char *checkpoint = NULL;
-	char out_file[MAXPATHLEN], *rr_hostname = NULL;
+	char out_file[MAXPATHLEN], *rr_hostname = NULL, *ep;
 	Key *private, *public;
 	struct passwd *pw;
 	struct stat st;
@ -2145,9 +2145,11 @@ main(int argc, char **argv)
 			parse_cert_times(optarg);
 			break;
 		case 'z':
-			cert_serial = strtonum(optarg, 0, LLONG_MAX, &errstr);
-			if (errstr)
-				fatal("Invalid serial number: %s", errstr);
+			errno = 0;
+			cert_serial = strtoull(optarg, &ep, 10);
+			if (*optarg < '0' || *optarg > '9' || *ep != '\0' ||
+			    (errno == ERANGE && cert_serial == ULLONG_MAX))
+				fatal("Invalid serial number \"%s\"", optarg);
 			break;
 		case '?':
 		default: