From 1e035ac6d2ef675f6f47043c6d4b2196a83ad6c6 Mon Sep 17 00:00:00 2001
From: Maxim Konovalov <maxim@FreeBSD.org>
Date: Wed, 25 Sep 2002 08:49:19 +0000
Subject: Disqualify UID/GID with non-numeric character.

PR:		bin/41721
Reviewed by:	tjr, silence on -audit
MFC after:	2 weeks
---
 libc/gen/pw_scan.c | 16 +++++++++++++---
 1 file changed, 13 insertions(+), 3 deletions(-)

(limited to 'libc')

diff --git a/libc/gen/pw_scan.c b/libc/gen/pw_scan.c
index efe6566..95328a8 100644
--- a/libc/gen/pw_scan.c
+++ b/libc/gen/pw_scan.c
@@ -70,7 +70,7 @@ __pw_scan(char *bp, struct passwd *pw, int flags)
 {
 	uid_t id;
 	int root;
-	char *p, *sh;
+	char *ep, *p, *sh;
 
 	if (pw_big_ids_warning == -1)
 		pw_big_ids_warning = getenv("PW_SCAN_BIG_IDS") == NULL ? 1 : 0;
@@ -98,12 +98,17 @@ __pw_scan(char *bp, struct passwd *pw, int flags)
 			return (0);
 		}
 	}
-	id = strtoul(p, (char **)NULL, 10);
+	id = strtoul(p, &ep, 10);
 	if (errno == ERANGE) {
 		if (flags & _PWSCAN_WARN)
 			warnx("%s > max uid value (%lu)", p, ULONG_MAX);
 		return (0);
 	}
+	if (*ep != '\0' || ep == p) {
+		if (flags & _PWSCAN_WARN)
+			warnx("%s uid is incorrect", p);
+		return (0);
+	}
 	if (root && id) {
 		if (flags & _PWSCAN_WARN)
 			warnx("root uid should be 0");
@@ -119,12 +124,17 @@ __pw_scan(char *bp, struct passwd *pw, int flags)
 		goto fmt;
 	if (p[0])
 		pw->pw_fields |= _PWF_GID;
-	id = strtoul(p, (char **)NULL, 10);
+	id = strtoul(p, &ep, 10);
 	if (errno == ERANGE) {
 		if (flags & _PWSCAN_WARN)
 			warnx("%s > max gid value (%lu)", p, ULONG_MAX);
 		return (0);
 	}
+	if (*ep != '\0' || ep == p) {
+		if (flags & _PWSCAN_WARN)
+			warnx("%s gid is incorrect", p);
+		return (0);
+	}
 	if (flags & _PWSCAN_WARN && pw_big_ids_warning && id > USHRT_MAX) {
 		warnx("%s > recommended max gid value (%u)", p, USHRT_MAX);
 		/* return (0); This should not be fatal! */
-- 
cgit v1.2.3-56-ge451