From 65ba53f30cbea243aa891983002f687ceb599237 Mon Sep 17 00:00:00 2001 From: two-heart <12869538+two-heart@users.noreply.github.com> Date: Tue, 24 Feb 2026 10:30:10 +0100 Subject: [PATCH] genesis: fix calling strtoul on non-null terminated string get_token_to_eol prevents oob read, but would still except numeric prefixes -- and is just wrong usage --- src/discof/genesis/fd_genesis_client.c | 24 +++++++++++++++++++++--- 1 file changed, 21 insertions(+), 3 deletions(-) diff --git a/src/discof/genesis/fd_genesis_client.c b/src/discof/genesis/fd_genesis_client.c index ed48552be05..6ddbe5000c1 100644 --- a/src/discof/genesis/fd_genesis_client.c +++ b/src/discof/genesis/fd_genesis_client.c @@ -160,16 +160,34 @@ write_conn( fd_genesis_client_t * client, } } +static ulong +rpc_parse_decimal_ulong( char const * s, + ulong s_len, + ulong * out ) { + if( FD_UNLIKELY( !s_len ) ) return 0UL; + + ulong val = 0UL; + for( ulong i=0UL; i'9') ) ) return 0UL; + ulong digit = (ulong)(c-'0'); + if( FD_UNLIKELY( val>(ULONG_MAX-digit)/10UL ) ) return 0UL; + val = val*10UL + digit; + } + + *out = val; + return 1UL; +} + static ulong rpc_phr_content_length( struct phr_header * headers, ulong num_headers ) { for( ulong i=0UL; iUINT_MAX ) ) return ULONG_MAX; /* prevent overflow */ - if( FD_UNLIKELY( end==headers[i].value ) ) return ULONG_MAX; return content_length; } return ULONG_MAX;