m_str_to_uint(): ensure there is no trailing garbage in input
---
 dbutil.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/dbutil.c b/dbutil.c
index 082a5a2..2b59122 100644
--- a/dbutil.c
+++ b/dbutil.c
@@ -901,14 +901,16 @@ void disallow_core() {
 
 /* Returns DROPBEAR_SUCCESS or DROPBEAR_FAILURE, with the result in *val */
 int m_str_to_uint(const char* str, unsigned int *val) {
+	char *ep;
 	unsigned long l;
 	errno = 0;
-	l = strtoul(str, NULL, 10);
+	l = strtoul(str, &ep, 10);
 	/* The c99 spec doesn't actually seem to define EINVAL, but most platforms
 	 * I've looked at mention it in their manpage */
 	if ((l == 0 && errno == EINVAL)
 		|| (l == ULONG_MAX && errno == ERANGE)
-		|| (l > UINT_MAX)) {
+		|| (l > UINT_MAX)
+		|| *str == '\0' || *ep != '\0') {
 		return DROPBEAR_FAILURE;
 	} else {
 		*val = l;