From 7b729f89e6cadfa508d95132625ba15f36fc7c2a Mon Sep 17 00:00:00 2001
From: Xavier Del Campo Romero <xavi.dcr@tutanota.com>
Date: Sun, 30 Apr 2023 22:12:57 +0200
Subject: Fix missing error checks for strtoul(3)

---
 http.c | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/http.c b/http.c
index feb74eb..26c30bf 100644
--- a/http.c
+++ b/http.c
@@ -1897,9 +1897,17 @@ char *http_decode_url(const char *url)
         else if (*(url + 1) && *(url + 2))
         {
             const char buf[sizeof "00"] = {*(url + 1), *(url + 2)};
+            char *endptr;
+            const unsigned long res = strtoul(buf, &endptr, 16);
+
+            if (*endptr)
+            {
+                fprintf(stderr, "%s: invalid number %s\n", __func__, buf);
+                goto failure;
+            }
 
-            ret[n++] = strtoul(buf, NULL, 16);
             url += 3;
+            ret[n++] = res;
         }
         else
         {
-- 
cgit v1.2.3