Date: Wed, 14 May 1997 12:09:26 +1000 From: Bruce Evans <bde@zeta.org.au> To: bde@zeta.org.au, wosch@apfel.de Cc: freebsd-security@FreeBSD.ORG, wollman@khavrinen.lcs.mit.edu Subject: Re: Linux UID/GID 'Feature' Message-ID: <199705140209.MAA23416@godzilla.zeta.org.au>
next in thread | raw e-mail | index | archive | help
>Bruce Evans writes: >>>> id = atol(p); >>>> + for(; *p != '\0'; p++) >>>> + if (!isdigit(*p)) >>>> + goto fmt; >>>> + >>> >>>This is why you should never use atol(). Always, always, always use >>>strtol(), and then you won't have these problems. Properly written to >>>use strtol: > >strtol do more things which we dont want: > >man strtol > The string may begin with an arbitrary amount of white space (as deter- > mined by isspace(3)) followed by a single optional `+' or `-' sign. If > base is zero or 16, the string may then include a `0x' prefix, and the > number will be read in base 16; otherwise, a zero base is taken as 10 > (decimal) unless the next character is `0', in which case it is taken as > 8 (octal). atol(p) is equivalent to strtol(p, (char **)NULL, 10). This may also do things that we don't want (it skips leading whit space and interprets signs). >>Another problem: isdigit(*p) is usually undefined if *p < 0. > >What does usually means? There is no warning in the isdigit manpage. Except when *p == EOF. The man page is deficient. So is ctype(3). ANSI ctype functions are only valid for args that are representable as an unsigned char or equal to EOF. Bruce
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199705140209.MAA23416>