s3:web/swat: use strtoll() instead of atoi/atol/atoll

This is more portable, as we have a strtoll replacement
in lib/replace.

metze

Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Sat Aug  6 11:55:45 CEST 2011 on sn-devel-104
(cherry picked from commit a6be0820d09b3f3eabfbb5f4356add303aa8a494)

Fix bug #8347 (CVE-2011-2522 regression for HP-UX, AIX and OSF).
(cherry picked from commit ac5d8c0148e10a3a0af9e1dc0849bb6920c26ad7)

diff --git a/source3/web/swat.c b/source3/web/swat.c
index b35895682923efba4528da3541665e4e66f9e50a..85bc6bcd641d32e249701bb92c09324df4acaa22 100644 (file)
--- a/source3/web/swat.c
+++ b/source3/web/swat.c
@@ -192,16 +192,29 @@ bool verify_xsrf_token(const char *formname)
        const char *pass = cgi_user_pass();
        const char *token = cgi_variable_nonull(XSRF_TOKEN);
        const char *time_str = cgi_variable_nonull(XSRF_TIME);
+       char *p = NULL;
+       long long xsrf_time_ll = 0;
        time_t xsrf_time = 0;
        time_t now = time(NULL);
 
-       if (sizeof(time_t) == sizeof(int)) {
-               xsrf_time = atoi(time_str);
-       } else if (sizeof(time_t) == sizeof(long)) {
-               xsrf_time = atol(time_str);
-       } else if (sizeof(time_t) == sizeof(long long)) {
-               xsrf_time = atoll(time_str);
+       errno = 0;
+       xsrf_time_ll = strtoll(time_str, &p, 10);
+       if (errno != 0) {
+               return false;
+       }
+       if (p == NULL) {
+               return false;
+       }
+       if (PTR_DIFF(p, time_str) > strlen(time_str)) {
+               return false;
+       }
+       if (xsrf_time_ll > _TYPE_MAXIMUM(time_t)) {
+               return false;
+       }
+       if (xsrf_time_ll < _TYPE_MINIMUM(time_t)) {
+               return false;
        }
+       xsrf_time = xsrf_time_ll;
 
        if (abs(now - xsrf_time) > XSRF_TIMEOUT) {
                return false;