[PATCH] Validate string -> number conversion.

Wed Aug 25 03:22:36 CDT 2010

Make sure that numbers passed as string will fit into proper
types when doing string->uid_t/gid_t/prid_t conversion.

Signed-off-by: Arkadiusz Miśkiewicz <arekm at maven.pl>
---
 libxcmd/input.c |   18 +++++++++++++++---
 quota/project.c |    2 +-
 2 files changed, 16 insertions(+), 4 deletions(-)

diff --git a/libxcmd/input.c b/libxcmd/input.c
index 1bc0745..c7807fe 100644
--- a/libxcmd/input.c
+++ b/libxcmd/input.c
@@ -337,13 +337,17 @@ prid_from_string(
 {
 	fs_project_t	*prj;
 	prid_t		prid;
+	unsigned long int	prid_long;
 	char		*sp;
 
 	/*
 	 * Allow either a full numeric or a valid projectname, even
 	 * if it starts with a digit.
 	 */
-	prid = (prid_t)strtoul(project, &sp, 10);
+	prid_long = strtoul(project, &sp, 10);
+	if ((prid_long == ULONG_MAX && errno == ERANGE) || (prid_long > (prid_t)-1))
+		return -1;
+	prid = (prid_t)prid_long;
 	if (*project != '\0' && *sp == '\0')
 		return prid;
 	prj = getprnam(project);
@@ -358,9 +362,13 @@ uid_from_string(
 {
 	struct passwd	*pwd;
 	uid_t		uid;
+	unsigned long int	uid_long;
 	char		*sp;
 
-	uid = (uid_t)strtoul(user, &sp, 10);
+	uid_long = strtoul(user, &sp, 10);
+	if ((uid_long == ULONG_MAX && errno == ERANGE) || (uid_long > (uid_t)-1))
+		return -1;
+	uid = (uid_t)uid_long;
 	if (sp != user)
 		return uid;
 	pwd = getpwnam(user);
@@ -375,9 +383,13 @@ gid_from_string(
 {
 	struct group	*grp;
 	gid_t		gid;
+	unsigned long int	gid_long;
 	char		*sp;
 
-	gid = (gid_t)strtoul(group, &sp, 10);
+	gid_long = strtoul(group, &sp, 10);
+	if ((gid_long == ULONG_MAX && errno == ERANGE) || (gid_long > (gid_t)-1))
+		return -1;
+	gid = (gid_t)gid_long;
 	if (sp != group)
 		return gid;
 	grp = getgrnam(group);
diff --git a/quota/project.c b/quota/project.c
index 1aacddd..e9baadd 100644
--- a/quota/project.c
+++ b/quota/project.c
@@ -331,7 +331,7 @@ project_f(
 		prid = prid_from_string(argv[optind]);
 		if (prid == -1) {
 			exitcode = 1;
-			fprintf(stderr, _("%s - no such project in %s\n"),
+			fprintf(stderr, _("%s - no such project in %s or invalid project number\n"),
 				argv[optind], projects_file);
 		} else
 	                project(argv[optind], type);
-- 
1.7.1.1


