Date: Thu, 15 Nov 2012 13:52:46 -0500 From: Eitan Adler <eadler@freebsd.org> To: Bruce Evans <brde@optusnet.com.au> Cc: Konstantin Belousov <kostikbel@gmail.com>, svn-src-head@freebsd.org, svn-src-all@freebsd.org, src-committers@freebsd.org Subject: Re: svn commit: r243076 - head/usr.sbin/chkgrp Message-ID: <CAF6rxgkvh_QEw5o3-8rznkEQMvQHY=ngYVM-7HQ11jHwX2vZ=w@mail.gmail.com> In-Reply-To: <20121116032851.I44199@besplex.bde.org> References: <201211151506.qAFF63v0003848@svn.freebsd.org> <20121115153030.GD73505@kib.kiev.ua> <CAF6rxgk9w0_Qwo=92g-OSe5imvupG8qg7DzpCS9UVxzwMjn20g@mail.gmail.com> <20121116032851.I44199@besplex.bde.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 15 November 2012 11:52, Bruce Evans <brde@optusnet.com.au> wrote:
> strtoul("1garbage", NULL, 10) succeeds and returns value 1, but the input
> is garbage.
This case is covered earlier
160 /* check that the GID is numeric */
161 if (strspn(f[2], "0123456789") != strlen(f[2])) {
162 warnx("%s: line %d: GID is not numeric", gfn, n);
> As the man page says, the EINVAL feature is unportable. It is almost
> useless, since to detect garbage after the number you have to pass an
> endptr to strtoul(), and then the check for no conversion (that is,
> for garbage at the beginning) is just as easy as the check for garbage
> at the end.
This patch doesn't care about EINVAL or ERANGE. It just cares strtoul
returned an error.
I even considered just ignoring the error case because the data is
mostly sanity checked prior.
--
Eitan Adler
Source, Ports, Doc committer
Bugmeister, Ports Security teams
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAF6rxgkvh_QEw5o3-8rznkEQMvQHY=ngYVM-7HQ11jHwX2vZ=w>