Fix missing error checks for strtoul(3)

author: Xavier Del Campo Romero <xavi.dcr@tutanota.com> 2023-04-30 22:12:57 +0200
committer: Xavier Del Campo Romero <xavi.dcr@tutanota.com> 2023-07-20 23:52:54 +0200
commit: 7b729f89e6cadfa508d95132625ba15f36fc7c2a (patch)
tree: 5ae0a90d953f2cee2c50b45c5efc612cc99acbbe
parent: ad2ab22d00cb05f006a59f05cc2ff6879e7e7ba0 (diff)
1 files changed, 9 insertions, 1 deletions
diff --git a/http.c b/http.c
index feb74eb..26c30bf 100644
--- a/http.c
+++ b/http.c
@@ -1897,9 +1897,17 @@ char *http_decode_url(const char *url)
         else if (*(url + 1) && *(url + 2))
         {
             const char buf[sizeof "00"] = {*(url + 1), *(url + 2)};
+            char *endptr;
+            const unsigned long res = strtoul(buf, &endptr, 16);
+
+            if (*endptr)
+            {
+                fprintf(stderr, "%s: invalid number %s\n", __func__, buf);
+                goto failure;
+            }
 
-            ret[n++] = strtoul(buf, NULL, 16);
             url += 3;
+            ret[n++] = res;
         }
         else
         {
author	Xavier Del Campo Romero <xavi.dcr@tutanota.com>	2023-04-30 22:12:57 +0200
committer	Xavier Del Campo Romero <xavi.dcr@tutanota.com>	2023-07-20 23:52:54 +0200
commit	7b729f89e6cadfa508d95132625ba15f36fc7c2a (patch)
tree	5ae0a90d953f2cee2c50b45c5efc612cc99acbbe
parent	ad2ab22d00cb05f006a59f05cc2ff6879e7e7ba0 (diff)