svn commit: r243076 - head/usr.sbin/chkgrp
Konstantin Belousov
kostikbel at gmail.com
Thu Nov 15 19:00:02 UTC 2012
On Thu, Nov 15, 2012 at 01:52:46PM -0500, Eitan Adler wrote:
> On 15 November 2012 11:52, Bruce Evans <brde at optusnet.com.au> wrote:
> > strtoul("1garbage", NULL, 10) succeeds and returns value 1, but the input
> > is garbage.
>
> This case is covered earlier
> 160 /* check that the GID is numeric */
> 161 if (strspn(f[2], "0123456789") != strlen(f[2])) {
> 162 warnx("%s: line %d: GID is not numeric", gfn, n);
So this code shall be removed, if you are introducing strtoul() to check
for errors at all.
>
> > As the man page says, the EINVAL feature is unportable. It is almost
> > useless, since to detect garbage after the number you have to pass an
> > endptr to strtoul(), and then the check for no conversion (that is,
> > for garbage at the beginning) is just as easy as the check for garbage
> > at the end.
>
> This patch doesn't care about EINVAL or ERANGE. It just cares strtoul
> returned an error.
> I even considered just ignoring the error case because the data is
> mostly sanity checked prior.
>
>
> --
> Eitan Adler
> Source, Ports, Doc committer
> Bugmeister, Ports Security teams
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 196 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/svn-src-all/attachments/20121115/facca67c/attachment.sig>
More information about the svn-src-all
mailing list