From 80a23c5363fbf64cd4420edd462e23d89b3e8a39 Mon Sep 17 00:00:00 2001 From: Baptiste Daroussin Date: Sat, 24 Jan 2015 19:13:03 +0000 Subject: Allow negative numbers in -u and -g options PR: 196514 MFC after: 1 week --- pw/pw_group.c | 6 +++++- pw/pw_user.c | 5 ++++- 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/pw/pw_group.c b/pw/pw_group.c index b20ce88..51166cd 100644 --- a/pw/pw_group.c +++ b/pw/pw_group.c @@ -68,7 +68,11 @@ pw_group(struct userconf * cnf, int mode, struct cargs * args) }; if (a_gid != NULL) { - if (strspn(a_gid->val, "0123456789") != strlen(a_gid->val)) + const char *teststr; + teststr = a_gid->val; + if (*teststr == '-') + teststr++; + if (strspn(teststr, "0123456789") != strlen(teststr)) errx(EX_USAGE, "-g expects a number"); } diff --git a/pw/pw_user.c b/pw/pw_user.c index 483148a..f146b46 100644 --- a/pw/pw_user.c +++ b/pw/pw_user.c @@ -322,7 +322,10 @@ pw_user(struct userconf * cnf, int mode, struct cargs * args) a_name = NULL; } } else { - if (strspn(a_uid->val, "0123456789") != strlen(a_uid->val)) + const char *teststr = a_uid->val; + if (*teststr == '-') + teststr++; + if (strspn(teststr, "0123456789") != strlen(teststr)) errx(EX_USAGE, "-u expects a number"); } -- cgit v1.2.3 From d43b0a43ca09d1f11cbe2612df6d8b0761a08591 Mon Sep 17 00:00:00 2001 From: Mark Johnston Date: Sun, 25 Jan 2015 00:47:06 +0000 Subject: gr_equal(): Fix a crash that could occur if the first group's member list was longer than the second's. There is no need to compute and compare the member list lengths in a separate pass, since we now just return false when comparing member names if the list lengths are not equal. MFC after: 2 weeks --- libutil/gr_util.c | 25 ++++++++++--------------- 1 file changed, 10 insertions(+), 15 deletions(-) diff --git a/libutil/gr_util.c b/libutil/gr_util.c index 465efd9..b0b0b36 100644 --- a/libutil/gr_util.c +++ b/libutil/gr_util.c @@ -351,8 +351,6 @@ gr_fini(void) int gr_equal(const struct group *gr1, const struct group *gr2) { - int gr1_ndx; - int gr2_ndx; /* Check that the non-member information is the same. */ if (gr1->gr_name == NULL || gr2->gr_name == NULL) { @@ -368,7 +366,8 @@ gr_equal(const struct group *gr1, const struct group *gr2) if (gr1->gr_gid != gr2->gr_gid) return (false); - /* Check all members in both groups. + /* + * Check all members in both groups. * getgrnam can return gr_mem with a pointer to NULL. * gr_dup and gr_add strip out this superfluous NULL, setting * gr_mem to NULL for no members. @@ -376,22 +375,18 @@ gr_equal(const struct group *gr1, const struct group *gr2) if (gr1->gr_mem != NULL && gr2->gr_mem != NULL) { int i; - for (i = 0; gr1->gr_mem[i] != NULL; i++) { + for (i = 0; + gr1->gr_mem[i] != NULL && gr2->gr_mem[i] != NULL; i++) { if (strcmp(gr1->gr_mem[i], gr2->gr_mem[i]) != 0) return (false); } - } - /* Count number of members in both structs */ - gr2_ndx = 0; - if (gr2->gr_mem != NULL) - for(; gr2->gr_mem[gr2_ndx] != NULL; gr2_ndx++) - /* empty */; - gr1_ndx = 0; - if (gr1->gr_mem != NULL) - for(; gr1->gr_mem[gr1_ndx] != NULL; gr1_ndx++) - /* empty */; - if (gr1_ndx != gr2_ndx) + if (gr1->gr_mem[i] != NULL || gr2->gr_mem[i] != NULL) + return (false); + } else if (gr1->gr_mem != NULL && gr1->gr_mem[0] != NULL) { return (false); + } else if (gr2->gr_mem != NULL && gr2->gr_mem[0] != NULL) { + return (false); + } return (true); } -- cgit v1.2.3 From f31ec719878d9025a455971cbe1d0976dc9ef719 Mon Sep 17 00:00:00 2001 From: Baptiste Daroussin Date: Mon, 26 Jan 2015 16:50:42 +0000 Subject: Revert r277652 uid and gid are never and should never be negative. The pw(8) manpage clearly states the -u and -g arguments are for uids/gids, hence using negative values is abusing a bug in former versions of pw(8) --- pw/pw_group.c | 6 +----- pw/pw_user.c | 5 +---- 2 files changed, 2 insertions(+), 9 deletions(-) diff --git a/pw/pw_group.c b/pw/pw_group.c index 51166cd..b20ce88 100644 --- a/pw/pw_group.c +++ b/pw/pw_group.c @@ -68,11 +68,7 @@ pw_group(struct userconf * cnf, int mode, struct cargs * args) }; if (a_gid != NULL) { - const char *teststr; - teststr = a_gid->val; - if (*teststr == '-') - teststr++; - if (strspn(teststr, "0123456789") != strlen(teststr)) + if (strspn(a_gid->val, "0123456789") != strlen(a_gid->val)) errx(EX_USAGE, "-g expects a number"); } diff --git a/pw/pw_user.c b/pw/pw_user.c index f146b46..483148a 100644 --- a/pw/pw_user.c +++ b/pw/pw_user.c @@ -322,10 +322,7 @@ pw_user(struct userconf * cnf, int mode, struct cargs * args) a_name = NULL; } } else { - const char *teststr = a_uid->val; - if (*teststr == '-') - teststr++; - if (strspn(teststr, "0123456789") != strlen(teststr)) + if (strspn(a_uid->val, "0123456789") != strlen(a_uid->val)) errx(EX_USAGE, "-u expects a number"); } -- cgit v1.2.3