svn commit: r243076 - head/usr.sbin/chkgrp
Eitan Adler
eadler at freebsd.org
Thu Nov 15 18:53:19 UTC 2012
On 15 November 2012 11:52, Bruce Evans <brde at optusnet.com.au> wrote:
> strtoul("1garbage", NULL, 10) succeeds and returns value 1, but the input
> is garbage.
This case is covered earlier
160 /* check that the GID is numeric */
161 if (strspn(f[2], "0123456789") != strlen(f[2])) {
162 warnx("%s: line %d: GID is not numeric", gfn, n);
> As the man page says, the EINVAL feature is unportable. It is almost
> useless, since to detect garbage after the number you have to pass an
> endptr to strtoul(), and then the check for no conversion (that is,
> for garbage at the beginning) is just as easy as the check for garbage
> at the end.
This patch doesn't care about EINVAL or ERANGE. It just cares strtoul
returned an error.
I even considered just ignoring the error case because the data is
mostly sanity checked prior.
--
Eitan Adler
Source, Ports, Doc committer
Bugmeister, Ports Security teams
More information about the svn-src-all
mailing list