Date: Thu, 23 Dec 1999 01:25:54 -0700 (MST) From: forrestc@imach.com To: FreeBSD-gnats-submit@freebsd.org Subject: misc/15658: Fix to edquota.c Message-ID: <199912230825.BAA22027@www.mt.net>
next in thread | raw e-mail | index | archive | help
>Number: 15658 >Category: misc >Synopsis: edquota misinterprets usernames as uid ranges >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Thu Dec 23 12:50:00 PST 1999 >Closed-Date: >Last-Modified: >Originator: Forrest W. Christian >Release: FreeBSD 3.4-STABLE i386 >Organization: iMach, Ltd. >Environment: Apparently all recent versions of FreeBSD. Verified to exist in latest FreeBSD 3.4-STABLE. >Description: The current version of edquota accepts parameters in the form of either a username or a range of userids. In order to determine if a parameter is a range of uid's, it looks to see if the first digit of the parameter is a number, and if the parameter contains a dash. Thus, usernames such as 2-xhibit are treated as a range of uids. The existing code also does no additional error checking and simply performs an atoi on the start of the parameter and on the string starting immediately following the hyphen. >How-To-Repeat: This problem only occurs when using a prototype user. To excersise the chunk of code with the problem, you can run the following command line: edquota -p root 2-xhibit This results in the result: edquota: ending uid (0) must be >= starting uid (2) when using uid ranges >Fix: Apply the following patch to edquota. This performs additional checks on the parameter before determining that it is, in fact, a uid range. ---START OF PATCH---TRIM HERE--- 149,153c149,152 < if (isdigit(*argv[0]) && < (cp = strchr(*argv, '-')) != NULL) { < *cp++ = '\0'; < startuid = atoi(*argv); < enduid = atoi(cp); --- > if ((startuid=(int)(strtol(argv[0],&cp,10))) && > (*(cp++)=='-') && > (enduid=(int)(strtol(cp,&cp,10))) && > (*(cp++)==0) ) { ---END OF PATCH---TRIM HERE--- >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199912230825.BAA22027>