Author: bapt
Date: Sat Aug 1 10:10:13 2015
New Revision: 286151
URL: https://svnweb.freebsd.org/changeset/base/286151
Log:
Validate the max_uid/max_gid boundaries and entry type in pw.conf
Modified:
head/usr.sbin/pw/pw_conf.c
Modified: head/usr.sbin/pw/pw_conf.c
==============================================================================
--- head/usr.sbin/pw/pw_conf.c Sat Aug 1 09:55:47 2015 (r286150)
+++ head/usr.sbin/pw/pw_conf.c Sat Aug 1 10:10:13 2015 (r286151)
@@ -230,6 +230,7 @@ read_userconfig(char const * file)
char *buf, *p;
size_t linecap;
ssize_t linelen;
+ const char *errstr;
buf = NULL;
linecap = 0;
@@ -323,20 +324,35 @@ read_userconfig(char const * file)
? NULL : newstr(q);
break;
case _UC_MINUID:
- if ((q = unquote(q)) != NULL && isdigit(*q))
- config.min_uid = (uid_t) atol(q);
+ if ((q = unquote(q)) != NULL) {
+ errstr = NULL;
+ config.min_uid = strtounum(q, 0,
UID_MAX, &errstr);
+ if (errstr)
+ warnx("Invalid min_uid: '%s',
ignoring", q);
+ }
break;
case _UC_MAXUID:
- if ((q = unquote(q)) != NULL && isdigit(*q))
- config.max_uid = (uid_t) atol(q);
+ if ((q = unquote(q)) != NULL) {
+ errstr = NULL;
+ config.max_uid = strtounum(q, 0,
UID_MAX, &errstr);
+ if (errstr)
+ warnx("Invalid max_uid: '%s',
ignoring", q);
+ }
break;
case _UC_MINGID:
if ((q = unquote(q)) != NULL && isdigit(*q))
- config.min_gid = (gid_t) atol(q);
+ errstr = NULL;
+ config.min_gid = strtounum(q, 0,
GID_MAX, &errstr);
+ if (errstr)
+ warnx("Invalid min_gid: '%s',
ignoring", q);
break;
case _UC_MAXGID:
- if ((q = unquote(q)) != NULL && isdigit(*q))
- config.max_gid = (gid_t) atol(q);
+ if ((q = unquote(q)) != NULL) {
+ errstr = NULL;
+ config.max_gid = strtounum(q, 0,
GID_MAX, &errstr);
+ if (errstr)
+ warnx("Invalid max_gid: '%s',
ignoring", q);
+ }
break;
case _UC_EXPIRE:
if ((q = unquote(q)) != NULL && isdigit(*q))
_______________________________________________
svn-src-head@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
