[SCM] dpkg's main repository branch, master, updated. 1.15.4-123-g35efaf4

Wed, 30 Sep 2009 13:09:10 -0700 

The following commit has been merged in the master branch:
commit d96bee65e139db050bd981a42e29c3763847ee77
Author: Guillem Jover <[email protected]>
Date:   Sat Sep 26 14:30:12 2009 +0200

    statdb: Do stricter parsing validation
    
    Match the validations done on input in dpkg-statoverride, so that we can
    reuse this code when rewritting dpkg-statoverride in C.

diff --git a/debian/changelog b/debian/changelog
index a68bbc7..b48d89e 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -17,6 +17,8 @@ dpkg (1.15.5) UNRELEASED; urgency=low
     passed on the command line.
   * Abort on configure if the required C99 extensions are not supported.
   * Add C coding style document.
+  * Make dpkg as strict as dpkg-statoverride on input when validating the
+    parsed data from the statdb.
 
   [ Raphaƫl Hertzog ]
   * Add versioned dependency on base-files (>= 5.0.0) to dpkg-dev to ensure
diff --git a/src/statdb.c b/src/statdb.c
index 4e847d8..16bf4b1 100644
--- a/src/statdb.c
+++ b/src/statdb.c
@@ -52,9 +52,12 @@ statdb_parse_uid(const char *str)
        uid_t uid;
 
        if (str[0] == '#') {
-               uid = strtol(str + 1, &endptr, 10);
-               if (str + 1 == endptr || *endptr)
+               long int value;
+
+               value = strtol(str + 1, &endptr, 10);
+               if (str + 1 == endptr || *endptr || value < 0)
                        ohshit(_("syntax error: invalid uid in statoverride 
file"));
+               uid = (uid_t)value;
        } else {
                struct passwd* pw = getpwnam(str);
                if (pw == NULL)
@@ -73,9 +76,12 @@ statdb_parse_gid(const char *str)
        gid_t gid;
 
        if (str[0] == '#') {
-               gid = strtol(str + 1, &endptr, 10);
-               if (str + 1 == endptr || *endptr)
+               long int value;
+
+               value = strtol(str + 1, &endptr, 10);
+               if (str + 1 == endptr || *endptr || value < 0)
                        ohshit(_("syntax error: invalid gid in statoverride 
file"));
+               gid = (gid_t)value;
        } else {
                struct group* gr = getgrnam(str);
                if (gr == NULL)
@@ -91,13 +97,13 @@ mode_t
 statdb_parse_mode(const char *str)
 {
        char* endptr;
-       mode_t mode;
+       long int mode;
 
        mode = strtol(str, &endptr, 8);
-       if (str == endptr || *endptr)
+       if (str == endptr || *endptr || mode < 0 || mode > 07777)
                ohshit(_("syntax error: invalid mode in statoverride file"));
 
-       return mode;
+       return (mode_t)mode;
 }
 
 void

-- 
dpkg's main repository


-- 
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]

Reply via email to