From: Jan Engelhardt <jengelh@medozas.de>
To: netfilter-devel@vger.kernel.org
Subject: [PATCH 03/16] libxt_owner: use correct UID/GID boundaries
Date: Mon, 9 Feb 2009 18:34:47 +0100 [thread overview]
Message-ID: <1234200900-5964-4-git-send-email-jengelh@medozas.de> (raw)
In-Reply-To: <1234200900-5964-1-git-send-email-jengelh@medozas.de>
-1 is a reserved number (chown uses it to denote "do not change"),
so the maximum libxt_owner should permit is up to UINT32_MAX-1.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
---
extensions/libxt_owner.c | 14 +++++++-------
1 files changed, 7 insertions(+), 7 deletions(-)
diff --git a/extensions/libxt_owner.c b/extensions/libxt_owner.c
index 4cd173e..c8677a8 100644
--- a/extensions/libxt_owner.c
+++ b/extensions/libxt_owner.c
@@ -110,7 +110,7 @@ owner_mt_parse_v0(int c, char **argv, int invert, unsigned int *flags,
param_act(P_ONLY_ONCE, "owner", "--uid-owner", *flags & FLAG_UID_OWNER);
if ((pwd = getpwnam(optarg)) != NULL)
id = pwd->pw_uid;
- else if (!strtonum(optarg, NULL, &id, 0, ~(uid_t)0))
+ else if (!strtonum(optarg, NULL, &id, 0, UINT32_MAX - 1))
param_act(P_BAD_VALUE, "owner", "--uid-owner", optarg);
if (invert)
info->invert |= IPT_OWNER_UID;
@@ -123,7 +123,7 @@ owner_mt_parse_v0(int c, char **argv, int invert, unsigned int *flags,
param_act(P_ONLY_ONCE, "owner", "--gid-owner", *flags & FLAG_GID_OWNER);
if ((grp = getgrnam(optarg)) != NULL)
id = grp->gr_gid;
- else if (!strtonum(optarg, NULL, &id, 0, ~(gid_t)0))
+ else if (!strtonum(optarg, NULL, &id, 0, UINT32_MAX - 1))
param_act(P_BAD_VALUE, "owner", "--gid-owner", optarg);
if (invert)
info->invert |= IPT_OWNER_GID;
@@ -190,7 +190,7 @@ owner_mt6_parse_v0(int c, char **argv, int invert, unsigned int *flags,
*flags & FLAG_UID_OWNER);
if ((pwd = getpwnam(optarg)) != NULL)
id = pwd->pw_uid;
- else if (!strtonum(optarg, NULL, &id, 0, ~(uid_t)0))
+ else if (!strtonum(optarg, NULL, &id, 0, UINT32_MAX - 1))
param_act(P_BAD_VALUE, "owner", "--uid-owner", optarg);
if (invert)
info->invert |= IP6T_OWNER_UID;
@@ -204,7 +204,7 @@ owner_mt6_parse_v0(int c, char **argv, int invert, unsigned int *flags,
*flags & FLAG_GID_OWNER);
if ((grp = getgrnam(optarg)) != NULL)
id = grp->gr_gid;
- else if (!strtonum(optarg, NULL, &id, 0, ~(gid_t)0))
+ else if (!strtonum(optarg, NULL, &id, 0, UINT32_MAX - 1))
param_act(P_BAD_VALUE, "owner", "--gid-owner", optarg);
if (invert)
info->invert |= IP6T_OWNER_GID;
@@ -245,12 +245,12 @@ static void owner_parse_range(const char *s, unsigned int *from,
{
char *end;
- /* 4294967295 is reserved, so subtract one from ~0 */
- if (!strtonum(s, &end, from, 0, (~(uid_t)0) - 1))
+ /* -1 is reversed, so the max is one less than that. */
+ if (!strtonum(s, &end, from, 0, UINT32_MAX - 1))
param_act(P_BAD_VALUE, "owner", opt, s);
*to = *from;
if (*end == '-' || *end == ':')
- if (!strtonum(end + 1, &end, to, 0, (~(uid_t)0) - 1))
+ if (!strtonum(end + 1, &end, to, 0, UINT32_MAX - 1))
param_act(P_BAD_VALUE, "owner", opt, s);
if (*end != '\0')
param_act(P_BAD_VALUE, "owner", opt, s);
--
1.6.1.2
next prev parent reply other threads:[~2009-02-09 17:35 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-02-09 17:34 libxtables rework Jan Engelhardt
2009-02-09 17:34 ` [PATCH 01/16] src: remove redundant returns at end of void-returning functions Jan Engelhardt
2009-02-09 17:34 ` [PATCH 02/16] src: remove redundant casts Jan Engelhardt
2009-02-09 17:34 ` Jan Engelhardt [this message]
2009-02-09 17:34 ` [PATCH 04/16] extensions: use UINT_MAX constants over open-coded bits (1/2) Jan Engelhardt
2009-02-09 17:34 ` [PATCH 05/16] extensions: use UINT_MAX constants over open-coded numbers (2/2) Jan Engelhardt
2009-02-09 17:34 ` [PATCH 06/16] libxtables: prefix/order - libdir Jan Engelhardt
2009-02-10 6:38 ` Amos Jeffries
2009-02-10 9:04 ` Jan Engelhardt
2009-02-09 17:34 ` [PATCH 07/16] libxtables: prefix/order - strtoui Jan Engelhardt
2009-02-09 17:34 ` [PATCH 08/16] libxtables: prefix/order - program_name Jan Engelhardt
2009-02-09 17:34 ` [PATCH 09/16] libxtables: prefix/order - param_act Jan Engelhardt
2009-02-09 17:34 ` [PATCH 10/16] libxtables: prefix/order - ipaddr/ipmask to ascii output Jan Engelhardt
2009-02-09 17:34 ` [PATCH 11/16] libxtables: prefix/order - ascii to ipaddr/ipmask input Jan Engelhardt
2009-02-09 17:34 ` [PATCH 12/16] libxtables: prefix - misc functions Jan Engelhardt
2009-02-09 17:34 ` [PATCH 13/16] libxtables: prefix - parse and escaped output func Jan Engelhardt
2009-02-09 17:34 ` [PATCH 14/16] libxtables: prefix/order - move check_inverse to xtables.c Jan Engelhardt
2009-02-09 17:34 ` [PATCH 15/16] libxtables: prefix/order - move parse_protocol " Jan Engelhardt
2009-02-09 17:35 ` [PATCH 16/16] libxtables: move afinfo around Jan Engelhardt
2009-02-09 17:39 ` libxtables rework Patrick McHardy
2009-02-09 17:45 ` Jan Engelhardt
2009-02-09 17:50 ` Patrick McHardy
2009-02-09 18:00 ` Patrick McHardy
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1234200900-5964-4-git-send-email-jengelh@medozas.de \
--to=jengelh@medozas.de \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).