I’m just curious about this. strtol does not require you to specify the number of bytes to process, so in theory it may be fed a string containing an endless sequence of digits to consume, leading to a denial-of-service attack. Of course, it is easily thwarted by realizing that at once the precision of the long has been exhausted (couldn’t really be more than 65 chars of a binary number) there is no point in reading any further.
However, strtol is also required to discard as many whitespace characters as necessary until the first non-whitespace character is encountered. So could it not be attacked with an endless whitespace string even if it is smart about reading digits?
As
strtolworks on a string already in memory you would have had to store (and read from an attacker) an “endless” amount of whitespace (or forgotten to NUL-terminate your string) before even feeding it to strtol.Since an implementation can keep calculate the maximum number of digits there can ever be in a valid string it doesn’t have to keep going, as you suspect.
DOS attacks can occur with faulty implementations though, check out this related case (this was in java and PHP when reading doubles, but the same could occur in a C or C++ implementation).