On Thu, Nov 15, 2012 at 01:52:46PM -0500, Eitan Adler wrote:
> On 15 November 2012 11:52, Bruce Evans <b...@optusnet.com.au> wrote:
> > strtoul("1garbage", NULL, 10) succeeds and returns value 1, but the input
> > is garbage.
>
> This case is covered earlier
> 160 /* check that the GID is numeric */
> 161 if (strspn(f[2], "0123456789") != strlen(f[2])) {
> 162 warnx("%s: line %d: GID is not numeric", gfn, n);
So this code shall be removed, if you are introducing strtoul() to check
for errors at all.> > > As the man page says, the EINVAL feature is unportable. It is almost > > useless, since to detect garbage after the number you have to pass an > > endptr to strtoul(), and then the check for no conversion (that is, > > for garbage at the beginning) is just as easy as the check for garbage > > at the end. > > This patch doesn't care about EINVAL or ERANGE. It just cares strtoul > returned an error. > I even considered just ignoring the error case because the data is > mostly sanity checked prior. > > > -- > Eitan Adler > Source, Ports, Doc committer > Bugmeister, Ports Security teams
pgpNINpYvWKHJ.pgp
Description: PGP signature
