Do not delete the group wheel when bad argument is passed to pw groupdel -g

Check that the -g argument is actually a number, if not report an error.
This argument is converted without checking with atoi(3) later so without this
check it converts any alpha entries into 0 meaning it deletes the group wheel

Add a regression test about it

PR:		90114
Reported by:	bkoenig@cs.tu-berlin.de
MFC after:	1 week

diff --git a/pw/pw_group.c b/pw/pw_group.c
index 4ed6ea972986b701fc56886cfa263125583751b8..b20ce88fb3014c6f9cbaddfe6e650569ecbb8cb4 100644 (file)
--- a/pw/pw_group.c
+++ b/pw/pw_group.c
@@ -67,6 +67,11 @@ pw_group(struct userconf * cnf, int mode, struct cargs * args)
                NULL
        };
 
+       if (a_gid != NULL) {
+               if (strspn(a_gid->val, "0123456789") != strlen(a_gid->val))
+                       errx(EX_USAGE, "-g expects a number");
+       }
+
        if (mode == M_LOCK || mode == M_UNLOCK)
                errx(EX_USAGE, "'lock' command is not available for groups");