Date: Tue, 23 Apr 2013 18:14:49 +0400 From: Alexander Cherepanov <cherepan@...me.ru> To: john-dev@...ts.openwall.com Subject: atoi -- undefined behavior Hi! From the C99 standard: "The functions atof, atoi, atol, and atoll need not affect the value of the integer expression errno on an error. If the value of the result cannot be represented, the behavior is undefined." This means that if atoi meets a number which overflows int the behavior of all the program is undefined which is not good. Dealing with this in jumbo is for another time but there is one atoi in core john -- in BF_fmt.c: 117- 118- if (ciphertext < '0' || ciphertext > '9') return 0; 119- if (ciphertext < '0' || ciphertext > '9') return 0; 120: rounds = atoi(ciphertext + 4); 121- if (rounds < 4 || rounds > 31) return 0; 122- 123- if (ciphertext != '$') return 0; Possible solutions -- move check for '$' before atoi, convert by hand istead of atoi, use strtol. -- Alexander Cherepanov
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.