Date: Tue, 13 May 1997 23:16:19 +0200 (MET DST) From: Wolfram Schneider <wosch@apfel.de> To: Bruce Evans <bde@zeta.org.au> Cc: wollman@khavrinen.lcs.mit.edu, freebsd-security@FreeBSD.ORG Subject: Re: Linux UID/GID 'Feature' Message-ID: <199705132116.XAA00653@campa.panke.de> In-Reply-To: <199705121615.CAA16319@godzilla.zeta.org.au> References: <199705121615.CAA16319@godzilla.zeta.org.au>
next in thread | previous in thread | raw e-mail | index | archive | help
Bruce Evans writes:
>>> id = atol(p);
>>> + for(; *p != '\0'; p++)
>>> + if (!isdigit(*p))
>>> + goto fmt;
>>> +
>>
>>This is why you should never use atol(). Always, always, always use
>>strtol(), and then you won't have these problems. Properly written to
>>use strtol:
strtol do more things which we dont want:
man strtol
The string may begin with an arbitrary amount of white space (as deter-
mined by isspace(3)) followed by a single optional `+' or `-' sign. If
base is zero or 16, the string may then include a `0x' prefix, and the
number will be read in base 16; otherwise, a zero base is taken as 10
(decimal) unless the next character is `0', in which case it is taken as
8 (octal).
>Another problem: isdigit(*p) is usually undefined if *p < 0.
What does usually means? There is no warning in the isdigit manpage.
Wolfram
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199705132116.XAA00653>