Return an error for an empty timeout string. Just use strtol() for

syntax checking instead of scanning with strspn().

plugins/sudoers/timeout.c

@@ -45,31 +45,30 @@ int
 parse_timeout(const char *timestr)
 {
     debug_decl(parse_timeout, SUDOERS_DEBUG_PARSER)
-    const char digits[] = "0123456789";
     const char suffixes[] = "dhms";
-    const char *cp;
+    const char *cp = timestr;
     int timeout = 0;
-    size_t len = 0;
     int idx = 0;
 
-    for (cp = timestr; *cp != '\0'; cp += len) {
+    do {
+	char *ep;
 	char ch;
 	long l;
 
-	if ((len = strspn(cp, digits)) == 0) {
+	/* Parse number, must be present and positive. */
-	    /* parse error */
+	errno = 0;
+	l = strtol(cp, &ep, 10);
+	if (ep == cp) {
+	    /* missing timeout */
 	    errno = EINVAL;
 	    debug_return_int(-1);
 	}
-	if (cp[len] == '\0') {
+	if (errno == ERANGE || l < 0 || l > INT_MAX)
-	    /* no suffix, assume seconds. */
+	    goto overflow;
-	    ch = 's';
-	} else {
-	    ch = tolower(cp[len]);
-	    len++;
-	}
 
 	/* Find a matching suffix or return an error. */
+	if (*ep != '\0') {
+	    ch = tolower((unsigned char)*ep++);
 	    while (suffixes[idx] != ch) {
 		if (suffixes[idx] == '\0') {
 		    /* parse error */
@@ -79,10 +78,7 @@ parse_timeout(const char *timestr)
 		idx++;
 	    }
 
-	errno = 0;
+	    /* Apply suffix. */
-	l = strtol(cp, NULL, 10);
-	if (errno == ERANGE || l > INT_MAX)
-	    goto overflow;
 	    switch (ch) {
 	    case 'd':
 		if (l > INT_MAX / (24 * 60 * 60))
@@ -102,9 +98,11 @@ parse_timeout(const char *timestr)
 	    }
 	    if (l > INT_MAX - timeout)
 		goto overflow;
+	}
+	cp = ep;
 
 	timeout += l;
-    }
+    } while (*cp != '\0');
 
     debug_return_int(timeout);
 overflow: