Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 23 Dec 1999 01:25:54 -0700 (MST)
From:      forrestc@imach.com
To:        FreeBSD-gnats-submit@freebsd.org
Subject:   misc/15658: Fix to edquota.c 
Message-ID:  <199912230825.BAA22027@www.mt.net>
next in thread | raw e-mail | index | archive | help 

>Number:         15658
>Category:       misc
>Synopsis:       edquota misinterprets usernames as uid ranges
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Thu Dec 23 12:50:00 PST 1999
>Closed-Date:
>Last-Modified:
>Originator:     Forrest W. Christian
>Release:        FreeBSD 3.4-STABLE i386
>Organization:
iMach, Ltd.
>Environment:

Apparently all recent versions of FreeBSD.   Verified to exist in latest
FreeBSD 3.4-STABLE.

>Description:

The current version of edquota accepts parameters in the form of either a
username or a range of userids.   In order to determine if a parameter
is a range of uid's, it looks to see if the first digit of the parameter
is a number, and if the parameter contains a dash.   Thus, usernames
such as 2-xhibit are treated as a range of uids.  The existing code
also does no additional error checking and simply performs an atoi
on the start of the parameter and on the string starting immediately
following the hyphen.

>How-To-Repeat:

This problem only occurs when using a prototype user.   To excersise
the chunk of code with the problem, you can run the following command line:

   edquota -p root 2-xhibit

This results in the result:

  edquota: ending uid (0) must be >= starting uid (2) when using uid ranges

>Fix:
	
 Apply the following patch to edquota.  This performs additional checks
 on the parameter before determining that it is, in fact, a uid range.

---START OF PATCH---TRIM HERE---
149,153c149,152
<                       if (isdigit(*argv[0]) &&
<                           (cp = strchr(*argv, '-')) != NULL) {
<                               *cp++ = '\0';
<                               startuid = atoi(*argv);
<                               enduid = atoi(cp);
---
>                       if ((startuid=(int)(strtol(argv[0],&cp,10))) &&
>                             (*(cp++)=='-') &&
>                             (enduid=(int)(strtol(cp,&cp,10))) &&
>                             (*(cp++)==0) ) {
---END OF PATCH---TRIM HERE---


>Release-Note:
>Audit-Trail:
>Unformatted:


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199912230825.BAA22027>