Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 15 Nov 2012 13:52:46 -0500
From:      Eitan Adler <eadler@freebsd.org>
To:        Bruce Evans <brde@optusnet.com.au>
Cc:        Konstantin Belousov <kostikbel@gmail.com>, svn-src-head@freebsd.org, svn-src-all@freebsd.org, src-committers@freebsd.org
Subject:   Re: svn commit: r243076 - head/usr.sbin/chkgrp
Message-ID:  <CAF6rxgkvh_QEw5o3-8rznkEQMvQHY=ngYVM-7HQ11jHwX2vZ=w@mail.gmail.com>
In-Reply-To: <20121116032851.I44199@besplex.bde.org>
References:  <201211151506.qAFF63v0003848@svn.freebsd.org> <20121115153030.GD73505@kib.kiev.ua> <CAF6rxgk9w0_Qwo=92g-OSe5imvupG8qg7DzpCS9UVxzwMjn20g@mail.gmail.com> <20121116032851.I44199@besplex.bde.org>

next in thread | previous in thread | raw e-mail | index | archive | help
On 15 November 2012 11:52, Bruce Evans <brde@optusnet.com.au> wrote:
> strtoul("1garbage", NULL, 10) succeeds and returns value 1, but the input
> is garbage.

This case is covered earlier
160         /* check that the GID is numeric */
161         if (strspn(f[2], "0123456789") != strlen(f[2])) {
162             warnx("%s: line %d: GID is not numeric", gfn, n);

> As the man page says, the EINVAL feature is unportable.  It is almost
> useless, since to detect garbage after the number you have to pass an
> endptr to strtoul(), and then the check for no conversion (that is,
> for garbage at the beginning) is just as easy as the check for garbage
> at the end.

This patch doesn't care about EINVAL or ERANGE. It just cares strtoul
returned an error.
I even considered just ignoring the error case because the data is
mostly sanity checked prior.


-- 
Eitan Adler
Source, Ports, Doc committer
Bugmeister, Ports Security teams



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAF6rxgkvh_QEw5o3-8rznkEQMvQHY=ngYVM-7HQ11jHwX2vZ=w>