Re: bin/173977: pw(8) does not do range-checking on UIDs/GUIs fr
On 28 November 2012 13:41, Nikos Vassiliadis <nvass@gmx.com> wrote:
> Index: usr.sbin/pw/pw_group.c
> ===================================================================
> --- usr.sbin/pw/pw_group.c (revision 243652)
> +++ usr.sbin/pw/pw_group.c (working copy)
> @@ -350,6 +350,8 @@
> */
> if (a_gid != NULL) {
> gid = (gid_t) atol(a_gid->val);
atoi overflow is considered undefined behavior so the error can not be
meaningfully be checked. In particular the compiler may assume the
error will never occur and elide the check. Ideally this call is
replaced with one of the stro* functions.
> + if (errno == ERANGE || errno == EINVAL)
> + errx(EX_DATAERR, "gid %s is invalid", a_gid->val);
--
Eitan Adler
_______________________________________________
freebsd-bugs@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-bugs
To unsubscribe, send any mail to "freebsd-bugs-unsubscribe@freebsd.org"
討論串 (同標題文章)
完整討論串 (本文為第 5 之 5 篇):