[PATCH] Validate string -> number conversion. [version 3]

From: "Arkadiusz Miśkiewicz" <arekm@maven.pl>
To: xfs@oss.sgi.com
Subject: [PATCH] Validate string -> number conversion. [version 3]
Date: Fri, 27 Aug 2010 22:54:36 +0200	[thread overview]
Message-ID: <1282942476-5296-1-git-send-email-arekm@maven.pl> (raw)
In-Reply-To: <20100826082612.GE705@dastard>

Make sure that numbers passed as string will fit into proper
types when doing string->uid_t/gid_t/prid_t conversion.

Signed-off-by: Arkadiusz Miśkiewicz <arekm@maven.pl>
---
 libxcmd/input.c |   36 ++++++++++++++++++++++++------------
 quota/project.c |    2 +-
 2 files changed, 25 insertions(+), 13 deletions(-)

diff --git a/libxcmd/input.c b/libxcmd/input.c
index 1bc0745..d7f29c1 100644
--- a/libxcmd/input.c
+++ b/libxcmd/input.c
@@ -336,16 +336,20 @@ prid_from_string(
 	char		*project)
 {
 	fs_project_t	*prj;
-	prid_t		prid;
+	unsigned long	prid_long;
 	char		*sp;
 
 	/*
 	 * Allow either a full numeric or a valid projectname, even
 	 * if it starts with a digit.
 	 */
-	prid = (prid_t)strtoul(project, &sp, 10);
-	if (*project != '\0' && *sp == '\0')
-		return prid;
+	prid_long = strtoul(project, &sp, 10);
+	if (*project != '\0' && *sp == '\0') {
+		if ((prid_long == ULONG_MAX && errno == ERANGE)
+				|| (prid_long > (prid_t)-1))
+			return -1;
+		return (prid_t)prid_long;
+	}
 	prj = getprnam(project);
 	if (prj)
 		return prj->pr_prid;
@@ -357,12 +361,16 @@ uid_from_string(
 	char		*user)
 {
 	struct passwd	*pwd;
-	uid_t		uid;
+	unsigned long	uid_long;
 	char		*sp;
 
-	uid = (uid_t)strtoul(user, &sp, 10);
-	if (sp != user)
-		return uid;
+	uid_long = strtoul(user, &sp, 10);
+	if (sp != user) {
+		if ((uid_long == ULONG_MAX && errno == ERANGE)
+				|| (uid_long > (uid_t)-1))
+			return -1;
+		return (uid_t)uid_long;
+	}
 	pwd = getpwnam(user);
 	if (pwd)
 		return pwd->pw_uid;
@@ -374,12 +382,16 @@ gid_from_string(
 	char		*group)
 {
 	struct group	*grp;
-	gid_t		gid;
+	unsigned long	gid_long;
 	char		*sp;
 
-	gid = (gid_t)strtoul(group, &sp, 10);
-	if (sp != group)
-		return gid;
+	gid_long = strtoul(group, &sp, 10);
+	if (sp != group) {
+		if ((gid_long == ULONG_MAX && errno == ERANGE)
+				|| (gid_long > (gid_t)-1))
+			return -1;
+		return (gid_t)gid_long;
+	}
 	grp = getgrnam(group);
 	if (grp)
 		return grp->gr_gid;
diff --git a/quota/project.c b/quota/project.c
index 1aacddd..e9baadd 100644
--- a/quota/project.c
+++ b/quota/project.c
@@ -331,7 +331,7 @@ project_f(
 		prid = prid_from_string(argv[optind]);
 		if (prid == -1) {
 			exitcode = 1;
-			fprintf(stderr, _("%s - no such project in %s\n"),
+			fprintf(stderr, _("%s - no such project in %s or invalid project number\n"),
 				argv[optind], projects_file);
 		} else
 	                project(argv[optind], type);
-- 
1.7.2.2

_______________________________________________
xfs mailing list
xfs@oss.sgi.com
http://oss.sgi.com/mailman/listinfo/xfs
