From 2629f182e8ae26c155fc895a3b6dd751485ef2a7 Mon Sep 17 00:00:00 2001
From: "Matthias P. Braendli" <matthias.braendli@mpb.li>
Date: Fri, 23 Jun 2017 11:24:34 +0200
Subject: Add a few sanity checks for the configuration parser

---
 src/utils.cpp | 25 +++++++++++++++++++------
 1 file changed, 19 insertions(+), 6 deletions(-)

(limited to 'src/utils.cpp')

diff --git a/src/utils.cpp b/src/utils.cpp
index 8b4de67..885e49a 100644
--- a/src/utils.cpp
+++ b/src/utils.cpp
@@ -538,14 +538,19 @@ long hexparse(const std::string& input)
     long value = 0;
     errno = 0;
 
+    char* endptr = nullptr;
+
+    const bool is_hex = (input.find("0x") == 0);
+
     // Do not use strtol's base=0 because
     // we do not want to accept octal.
-    if (input.find("0x") == 0) {
-        value = strtol(input.c_str() + 2, nullptr, 16);
-    }
-    else {
-        value = strtol(input.c_str(), nullptr, 10);
-    }
+    const int base = is_hex ? 16 : 10;
+
+    const char* const startptr = is_hex ?
+        input.c_str() + 2 :
+        input.c_str();
+
+    value = strtol(input.c_str(), &endptr, base);
 
     if ((value == LONG_MIN or value == LONG_MAX) and errno == ERANGE) {
         throw out_of_range("hexparse: value out of range");
@@ -556,6 +561,14 @@ long hexparse(const std::string& input)
         throw invalid_argument(ss.str());
     }
 
+    if (startptr == endptr) {
+        throw out_of_range("hexparse: no value found");
+    }
+
+    if (*endptr != '\0') {
+        throw out_of_range("hexparse: superfluous characters after value found: '" + input + "'");
+    }
+
     return value;
 }
 
-- 
cgit v1.2.3