bin/173977: pw(8) does not do range-checking on UIDs/GUIs from user's input, passwd DB becomes inconsistent
Eitan Adler
lists at eitanadler.com
Fri Nov 30 23:25:38 UTC 2012
On 28 November 2012 13:41, Nikos Vassiliadis <nvass at gmx.com> wrote:
> Index: usr.sbin/pw/pw_group.c
> ===================================================================
> --- usr.sbin/pw/pw_group.c (revision 243652)
> +++ usr.sbin/pw/pw_group.c (working copy)
> @@ -350,6 +350,8 @@
> */
> if (a_gid != NULL) {
> gid = (gid_t) atol(a_gid->val);
atoi overflow is considered undefined behavior so the error can not be
meaningfully be checked. In particular the compiler may assume the
error will never occur and elide the check. Ideally this call is
replaced with one of the stro* functions.
> + if (errno == ERANGE || errno == EINVAL)
> + errx(EX_DATAERR, "gid %s is invalid", a_gid->val);
--
Eitan Adler
More information about the freebsd-bugs
mailing list