From owner-svn-src-head@freebsd.org  Tue Jul 28 23:21:11 2015
Return-Path: <owner-svn-src-head@freebsd.org>
Delivered-To: svn-src-head@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 8AEAE9ADD34;
 Tue, 28 Jul 2015 23:21:11 +0000 (UTC)
 (envelope-from baptiste.daroussin@gmail.com)
Received: from mail-wi0-x22c.google.com (mail-wi0-x22c.google.com
 [IPv6:2a00:1450:400c:c05::22c])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G2" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 21659795;
 Tue, 28 Jul 2015 23:21:11 +0000 (UTC)
 (envelope-from baptiste.daroussin@gmail.com)
Received: by wicgb10 with SMTP id gb10so176860338wic.1;
 Tue, 28 Jul 2015 16:21:09 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
 h=sender:date:from:to:cc:subject:message-id:references:mime-version
 :content-type:content-disposition:in-reply-to:user-agent;
 bh=7jbAcSyA4aY3CDEbqihPOdr/6iZZlRB8JfjpSWlBUGI=;
 b=oEhtsCpkx3yR7S8RKbd0w0cPPvoTvk2yUll/yD9k7+2KEiUuJsLUp7Xi+0hr2rd6h4
 p73i4CAvqXaLoG5ig32MZBMG0/YIvusUtWZvX493Pl4ymGAOfQ1bBMO2O2h/fpsuIoF8
 Li+V59u0HIX3RRlR1WfKELoAcx+RW/1bLSkIBpJsXbpDLQz3xqWlZvKDSQwSLI+dwI4u
 moaoFsVbYFLH9vQJvqQD+FL6+Oorbk1APK7jGelAkU8RAOikP4O0e/9Qe8vjoNuiAcFr
 lQK233Ci1a15dBNDYOw193ijcXQK7qXQ2xDz6CmbWLc4uf671Yy9rhOnHkjCtpMGO2MH
 LwSA==
X-Received: by 10.180.73.2 with SMTP id h2mr11750807wiv.72.1438125669607;
 Tue, 28 Jul 2015 16:21:09 -0700 (PDT)
Received: from ivaldir.etoilebsd.net ([2001:41d0:8:db4c::1])
 by smtp.gmail.com with ESMTPSA id u7sm21291442wif.3.2015.07.28.16.21.08
 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
 Tue, 28 Jul 2015 16:21:08 -0700 (PDT)
Sender: Baptiste Daroussin <baptiste.daroussin@gmail.com>
Date: Wed, 29 Jul 2015 01:21:06 +0200
From: Baptiste Daroussin <bapt@freebsd.org>
To: Bruce Evans <brde@optusnet.com.au>
Cc: svn-src-head@freebsd.org, svn-src-all@freebsd.org,
 src-committers@freebsd.org
Subject: Re: svn commit: r285985 - in head/usr.sbin/pw: . tests
Message-ID: <20150728232106.GG28638@ivaldir.etoilebsd.net>
References: <201507282110.t6SLAx0k035167@repo.freebsd.org>
 <20150729080932.S5059@besplex.bde.org>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
 protocol="application/pgp-signature"; boundary="4ndw/alBWmZEhfcZ"
Content-Disposition: inline
In-Reply-To: <20150729080932.S5059@besplex.bde.org>
User-Agent: Mutt/1.5.23 (2014-03-12)
X-BeenThere: svn-src-head@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: SVN commit messages for the src tree for head/-current
 <svn-src-head.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/svn-src-head>,
 <mailto:svn-src-head-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-head/>
List-Post: <mailto:svn-src-head@freebsd.org>
List-Help: <mailto:svn-src-head-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/svn-src-head>,
 <mailto:svn-src-head-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 28 Jul 2015 23:21:11 -0000


--4ndw/alBWmZEhfcZ
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Wed, Jul 29, 2015 at 08:52:52AM +1000, Bruce Evans wrote:
> On Tue, 28 Jul 2015, Baptiste Daroussin wrote:
>=20
> > Log:
> >  Check uid/gid used when creating a user/group are not larger than UID_=
MAX/GID_MAX
> >
> >  PR:		173977
> >  Reported by:	nvass@gmx.com
>=20
> This is broken in a different way than before.
>=20
> > Modified: head/usr.sbin/pw/pw.c
> > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D
> > --- head/usr.sbin/pw/pw.c	Tue Jul 28 20:52:10 2015	(r285984)
> > +++ head/usr.sbin/pw/pw.c	Tue Jul 28 21:10:58 2015	(r285985)
> > @@ -269,7 +269,7 @@ main(int argc, char *argv[])
> > 			}
> > 			if (strspn(optarg, "0123456789") !=3D strlen(optarg))
> > 				errx(EX_USAGE, "-g expects a number");
> > -			id =3D strtonum(optarg, 0, LONG_MAX, &errstr);
> > +			id =3D strtonum(optarg, 0, GID_MAX, &errstr);
>=20
> `id' still has type long.  The assignment overflows on 32-bit arches when
> the value exceeds 0x7fffffff.  That is for half of all valid values.  pw
> is broken in not supporting these values, but at least it detected them
> as errors in the previous version.  Old versions implemented this bug
> using atoi() with no error checking.

So writting a function like strtonum like function with that prototype
intmax_t strtonumber(const char *, intmax_t min, intmax_t max, const char *=
*);
and an unsigned equivalent
uintmax_t strtonumber(const char *, uintmax_t min, uintmax_t max, const cha=
r **);

would do the right thing?

Best regards,
Bapt

--4ndw/alBWmZEhfcZ
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iEYEARECAAYFAlW4DmIACgkQ8kTtMUmk6EwZ/gCgn/AN+ahJg1D4LUOPWmSHgC9P
nAAAmQEWweWAbtcDYfml3rDxoOllsffM
=fezR
-----END PGP SIGNATURE-----

--4ndw/alBWmZEhfcZ--