bin/149972: pw(8): usermod -u <non-numeric> should error

[Ilya Bakulin]

The following reply was made to PR bin/149972; it has been noted by GNATS.

From: Ilya Bakulin <webmaster at kibab.com>
To: bug-followup at FreeBSD.org, jschauma at netmeister.org
Cc: gavin at FreeBSD.org
Subject: Re: bin/149972: pw(8): usermod -u <non-numeric> should error
Date: Sun, 10 Oct 2010 00:36:27 +0200

 --MP_/DYFS_+in8U_jcKIbTLh57db
 Content-Type: text/plain; charset=US-ASCII
 Content-Transfer-Encoding: 7bit
 Content-Disposition: inline
 
 Fixed. Now pw(1) will exit with error if supplied with non-numeric ID.
 Generated at:	EuroBSDCon-2010 hackers lounge by gpf@, kibab@, bcr@
 
 --MP_/DYFS_+in8U_jcKIbTLh57db
 Content-Type: text/x-patch
 Content-Transfer-Encoding: 7bit
 Content-Disposition: attachment; filename=pw_current.diff
 
 Index: pw_user.c
 ===================================================================
 --- pw_user.c	(revision 213663)
 +++ pw_user.c	(working copy)
 @@ -468,13 +468,22 @@
  			edited = 1;
  		}
  
 -		if ((arg = getarg(args, 'u')) != NULL && isdigit((unsigned char)*arg->val)) {
 +		if ((arg = getarg(args, 'u')) != NULL) {
 +		    if(isdigit((unsigned char)*arg->val)) {
  			pwd->pw_uid = (uid_t) atol(arg->val);
  			edited = 1;
  			if (pwd->pw_uid != 0 && strcmp(pwd->pw_name, "root") == 0)
  				errx(EX_DATAERR, "can't change uid of `root' account");
  			if (pwd->pw_uid == 0 && strcmp(pwd->pw_name, "root") != 0)
  				warnx("WARNING: account `%s' will have a uid of 0 (superuser access!)", pwd->pw_name);
 +		    } else {
 +			/* Found something, but not a number */
 +			/*
 +			 * XXX Shouldn't we try to map the passed string to the username?
 +			 * man page however says that we're expecting numeric uid...
 +			 */
 +			 errx(EX_DATAERR, "Expected numeric user id as an argument to -u\n");
 +		    }
  		}
  
  		if ((arg = getarg(args, 'g')) != NULL && pwd->pw_uid != 0) {	/* Already checked this */
 
 --MP_/DYFS_+in8U_jcKIbTLh57db--