From d41715fc9f0050b18b8e976b92e02e86041ee448 Mon Sep 17 00:00:00 2001

From: Dave Love <dave.love@manchester.ac.uk>

Date: Sun, 14 May 2017 23:14:09 +0100

Subject: [PATCH 16/30] Use strtol, not atoi

---

 src/lib/message.c | 10 +++++++++-

 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/src/lib/message.c b/src/lib/message.c

index 502cb454..f84537c7 100644

--- a/src/lib/message.c

+++ b/src/lib/message.c

@@ -26,6 +26,7 @@

 #include <string.h>

 #include <stdarg.h>

 #include <syslog.h>

+#include <limits.h>

 #include "config.h"

 #include "util/util.h"

@@ -37,13 +38,20 @@ extern const char *__progname;

 void init(void) {

     char *messagelevel_string = getenv("MESSAGELEVEL"); // Flawfinder: ignore (need to get string, validation in atol())

+    char **endptr = &messagelevel_string;

+    long l;

     openlog("Singularity", LOG_CONS | LOG_NDELAY, LOG_LOCAL0);

     if ( messagelevel_string == NULL ) {

         messagelevel = 1;

     } else {

-        messagelevel = atoi(messagelevel_string); // Flawfinder: ignore

+      l = strtol(messagelevel_string, endptr, 10);

+        if (LONG_MIN == l || LONG_MAX == l || l < 0 || l > 9

+            || (*messagelevel_string != '\0' && **endptr != '\0')) {

+            singularity_message(VERBOSE, "Bad MESSAGELEVEL: %s\n", messagelevel_string);

+        }

+        messagelevel = l;

         if ( messagelevel < 0 ) {

             messagelevel = 0;

         } else if ( messagelevel > 9 ) {

-- 

2.11.0