From 0f8c2526cd0b74e7c575c9254be2e155c14ddf6b Mon Sep 17 00:00:00 2001
From: Baptiste Daroussin <bapt@FreeBSD.org>
Date: Sat, 1 Aug 2015 10:25:55 +0000
Subject: Validate expiration days and password days from commmand line and
 pw.conf

---
 pw/pw_conf.c | 16 ++++++++++++----
 1 file changed, 12 insertions(+), 4 deletions(-)

(limited to 'pw/pw_conf.c')

diff --git a/pw/pw_conf.c b/pw/pw_conf.c
index c6a86b7..c1b5b33 100644
--- a/pw/pw_conf.c
+++ b/pw/pw_conf.c
@@ -355,12 +355,20 @@ read_userconfig(char const * file)
 				}
 				break;
 			case _UC_EXPIRE:
-				if ((q = unquote(q)) != NULL && isdigit(*q))
-					config.expire_days = atoi(q);
+				if ((q = unquote(q)) != NULL) {
+					errstr = NULL;
+					config.expire_days = strtonum(q, 0, INT_MAX, &errstr);
+					if (errstr)
+						warnx("Invalid expire days: '%s', ignoring", q);
+				}
 				break;
 			case _UC_PASSWORD:
-				if ((q = unquote(q)) != NULL && isdigit(*q))
-					config.password_days = atoi(q);
+				if ((q = unquote(q)) != NULL) {
+					errstr = NULL;
+					config.password_days = strtonum(q, 0, INT_MAX, &errstr);
+					if (errstr)
+						warnx("Invalid password days: '%s', ignoring", q);
+				}
 				break;
 			case _UC_FIELDS:
 			case _UC_NONE:
-- 
cgit v1.2.3-56-ge451