svn commit: r338950 - head/usr.sbin/chown
Bryan Drewery
bdrewery at FreeBSD.org
Wed Sep 26 18:40:58 UTC 2018
Author: bdrewery
Date: Wed Sep 26 18:40:57 2018
New Revision: 338950
URL: https://svnweb.freebsd.org/changeset/base/338950
Log:
Handle overflow of uid or gid in arguments for chown
chown incorrectly allows a uid or gid greater than UID_MAX/GID_MAX respectively.
Using such an argument rolls over to accounts such as root, operator, etc.
Approved by: re (gjb)
Relnotes: yes
Reviewed by: cem, kib
Submitted by: Don Morris <dgmorris at earthlink.net>
Sponsored by: Dell EMC
Differential Revision: https://reviews.freebsd.org/D15119
Modified:
head/usr.sbin/chown/chown.c
Modified: head/usr.sbin/chown/chown.c
==============================================================================
--- head/usr.sbin/chown/chown.c Wed Sep 26 17:12:30 2018 (r338949)
+++ head/usr.sbin/chown/chown.c Wed Sep 26 18:40:57 2018 (r338950)
@@ -55,6 +55,7 @@ __FBSDID("$FreeBSD$");
#include <libgen.h>
#include <pwd.h>
#include <signal.h>
+#include <stddef.h>
#include <stdint.h>
#include <stdio.h>
#include <stdlib.h>
@@ -246,16 +247,13 @@ a_uid(const char *s)
static uid_t
id(const char *name, const char *type)
{
- uid_t val;
+ unsigned long val;
char *ep;
- /*
- * XXX
- * We know that uid_t's and gid_t's are unsigned longs.
- */
errno = 0;
val = strtoul(name, &ep, 10);
- if (errno || *ep != '\0')
+ _Static_assert(UID_MAX >= GID_MAX, "UID MAX less than GID MAX");
+ if (errno || *ep != '\0' || val > UID_MAX)
errx(1, "%s: illegal %s name", name, type);
return (val);
}
More information about the svn-src-head
mailing list