From owner-freebsd-audit  Mon Sep 23  5:46:37 2002
Delivered-To: freebsd-audit@freebsd.org
Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 9AA1F37B401
	for <audit@freebsd.org>; Mon, 23 Sep 2002 05:46:35 -0700 (PDT)
Received: from relay1.macomnet.ru (relay1.macomnet.ru [195.128.64.10])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 541E343E6A
	for <audit@freebsd.org>; Mon, 23 Sep 2002 05:46:34 -0700 (PDT)
	(envelope-from maxim@macomnet.ru)
Received: from news1.macomnet.ru (news1.macomnet.ru [195.128.64.14])
	by relay1.macomnet.ru (8.11.6/8.11.6) with ESMTP id g8NCkWV352860
	for <audit@freebsd.org>; Mon, 23 Sep 2002 16:46:32 +0400 (MSD)
Date: Mon, 23 Sep 2002 16:46:32 +0400 (MSD)
From: Maxim Konovalov <maxim@macomnet.ru>
X-X-Sender: Maxim Konovalov <maxim@macomnet.ru>
To: audit@freebsd.org
Subject: pw_scan patch, bin/41721
Message-ID: <20020923164234.B32787-100000@news1.macomnet.ru>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-audit@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-audit.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-audit>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-audit>
X-Loop: FreeBSD.ORG


Hello,

Anything wrong with the code below? I am going to commit it in two or
three days. Thanks.

Index: pw_scan.c
===================================================================
RCS file: /home/ncvs/src/lib/libc/gen/pw_scan.c,v
retrieving revision 1.21
diff -u -r1.21 pw_scan.c
--- pw_scan.c	9 Mar 2002 04:00:53 -0000	1.21
+++ pw_scan.c	23 Sep 2002 12:13:07 -0000
@@ -70,7 +70,7 @@
 {
 	uid_t id;
 	int root;
-	char *p, *sh;
+	char *ep, *p, *sh;

 	if (pw_big_ids_warning == -1)
 		pw_big_ids_warning = getenv("PW_SCAN_BIG_IDS") == NULL ? 1 : 0;
@@ -98,12 +98,17 @@
 			return (0);
 		}
 	}
-	id = strtoul(p, (char **)NULL, 10);
+	id = strtoul(p, &ep, 10);
 	if (errno == ERANGE) {
 		if (flags & _PWSCAN_WARN)
 			warnx("%s > max uid value (%lu)", p, ULONG_MAX);
 		return (0);
 	}
+	if (*ep != '\0' || ep == p) {
+		if (flags & _PWSCAN_WARN)
+			warnx("%s uid is incorrect", p);
+		return (0);
+	}
 	if (root && id) {
 		if (flags & _PWSCAN_WARN)
 			warnx("root uid should be 0");
@@ -119,10 +124,15 @@
 		goto fmt;
 	if (p[0])
 		pw->pw_fields |= _PWF_GID;
-	id = strtoul(p, (char **)NULL, 10);
+	id = strtoul(p, &ep, 10);
 	if (errno == ERANGE) {
 		if (flags & _PWSCAN_WARN)
 			warnx("%s > max gid value (%lu)", p, ULONG_MAX);
+		return (0);
+	}
+	if (*ep != '\0' || ep == p) {
+		if (flags & _PWSCAN_WARN)
+			warnx("%s gid is incorrect", p);
 		return (0);
 	}
 	if (flags & _PWSCAN_WARN && pw_big_ids_warning && id > USHRT_MAX) {

%%%

-- 
Maxim Konovalov, MAcomnet, Internet Dept., system engineer
phone: +7 (095) 796-9079, mailto:maxim@macomnet.ru




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-audit" in the body of the message