Author: bdrewery Date: Wed Sep 26 18:40:57 2018 New Revision: 338950 URL: https://svnweb.freebsd.org/changeset/base/338950
Log: Handle overflow of uid or gid in arguments for chown chown incorrectly allows a uid or gid greater than UID_MAX/GID_MAX respectively. Using such an argument rolls over to accounts such as root, operator, etc. Approved by: re (gjb) Relnotes: yes Reviewed by: cem, kib Submitted by: Don Morris <dgmor...@earthlink.net> Sponsored by: Dell EMC Differential Revision: https://reviews.freebsd.org/D15119 Modified: head/usr.sbin/chown/chown.c Modified: head/usr.sbin/chown/chown.c ============================================================================== --- head/usr.sbin/chown/chown.c Wed Sep 26 17:12:30 2018 (r338949) +++ head/usr.sbin/chown/chown.c Wed Sep 26 18:40:57 2018 (r338950) @@ -55,6 +55,7 @@ __FBSDID("$FreeBSD$"); #include <libgen.h> #include <pwd.h> #include <signal.h> +#include <stddef.h> #include <stdint.h> #include <stdio.h> #include <stdlib.h> @@ -246,16 +247,13 @@ a_uid(const char *s) static uid_t id(const char *name, const char *type) { - uid_t val; + unsigned long val; char *ep; - /* - * XXX - * We know that uid_t's and gid_t's are unsigned longs. - */ errno = 0; val = strtoul(name, &ep, 10); - if (errno || *ep != '\0') + _Static_assert(UID_MAX >= GID_MAX, "UID MAX less than GID MAX"); + if (errno || *ep != '\0' || val > UID_MAX) errx(1, "%s: illegal %s name", name, type); return (val); } _______________________________________________ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"