Security: Multiple possible Intiger Overflows in HopfieldOptions.cc

[Shinkurt]

opencog/examples/hopfield/HopfieldOptions.cc , uses and calls for atoi() multiple times (197, 200, 203, 204, 207...)

In the case of atoi, if the input recieved is not checked, the resulting number can exceed the expected range -- causing integer or stack overflows.

If source is untrusted (meaning recieved from user-input), check both minimum and maximum with INT_MAX and INT_MIN for ints, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended).

Using these to map variables while calling for atoi() would be nice

• strtol() LONG_MIN LONG_MAX
• strtoll() LLONG_MIN LLONG_MAX
• strtoimax() INTMAX_MIN INTMAX_MAX
• strtoq() LLONG_MIN LLONG_MAX

[linas]

Its possible that there's a problem here, but the suggested fixes are incorrect. parameters like width and hieght probably need to be positive and less than 65K, instead of being less that LONG_MAX.

Can you submit a patch that fixes this?

[Shinkurt]

Yes, good point -- I didn't realize that is what was going on. I can't write a patch right now -- on phone -- >.>

[ngeiswei]

On phone? @Shinkurt just curious, what kinda phone + tool set are you using?

[linas]

So, are these being fixed?