bin/90114: pw takes strings after option -g for GID 0

Björn König bkoenig at cs.tu-berlin.de
Thu Dec 8 11:30:23 PST 2005


>Number:         90114
>Category:       bin
>Synopsis:       pw takes strings after option -g for GID 0
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Thu Dec 08 19:30:02 GMT 2005
>Closed-Date:
>Last-Modified:
>Originator:     Björn König
>Release:        FreeBSD 6.0-RELEASE i386
>Organization:
>Environment:
>Description:
	pw assumes the group with the ID 0 if you specify a string mistakenly
	instead of a number in conjunction with option -g. This might be
	problematic because it is possible that you delete the group 'wheel'
	accidentally and silently.
	
	This issue has been discovered by Mars G. Miro (marsgmiro at gmail.com) 
>How-To-Repeat:
	Back up your /etc/group. ;)
	
	# pw groupshow -g wheel
	wheel:*:0:root
	
	# pw groupdel -g somestring
	
	# pw groupshow -g wheel
	pw: unknown group `wheel'
>Fix:
	The patch below checks the error value returned by atoi and
	aborts the current action if the user supplied an invalid GID.
	
	Note that pw still accepts erroneous values in certain cases,
	e.g. -g 0somestring.
	
--- pw-2005120801.diff begins here ---
--- src/usr.sbin/pw/pw_group.c.orig	Sun Jan 11 19:28:08 2004
+++ src/usr.sbin/pw/pw_group.c	Thu Dec  8 19:46:26 2005
@@ -93,8 +93,15 @@
 			a_name = NULL;
 		}
 	}
-	grp = (a_name != NULL) ? GETGRNAM(a_name->val) : GETGRGID((gid_t) atoi(a_gid->val));
 
+	if (a_name != NULL)
+		grp = GETGRNAM(a_name->val);
+	else {
+		grp = GETGRGID((gid_t) atoi(a_gid->val));
+		if (errno == EINVAL)
+			errx(EX_DATAERR, "invalid group id `%s'", a_gid->val);
+	}
+	
 	if (mode == M_UPDATE || mode == M_DELETE || mode == M_PRINT) {
 		if (a_name == NULL && grp == NULL)	/* Try harder */
 			grp = GETGRGID(atoi(a_gid->val));
--- pw-2005120801.diff ends here ---


>Release-Note:
>Audit-Trail:
>Unformatted:


More information about the freebsd-bugs mailing list