Make sure that numbers passed as string will fit into proper types when doing string->uid_t/gid_t/prid_t conversion. Signed-off-by: Arkadiusz Miśkiewicz <arekm@xxxxxxxx> --- libxcmd/input.c | 18 +++++++++++++++--- quota/project.c | 2 +- 2 files changed, 16 insertions(+), 4 deletions(-) diff --git a/libxcmd/input.c b/libxcmd/input.c index 1bc0745..c7807fe 100644 --- a/libxcmd/input.c +++ b/libxcmd/input.c @@ -337,13 +337,17 @@ prid_from_string( { fs_project_t *prj; prid_t prid; + unsigned long int prid_long; char *sp; /* * Allow either a full numeric or a valid projectname, even * if it starts with a digit. */ - prid = (prid_t)strtoul(project, &sp, 10); + prid_long = strtoul(project, &sp, 10); + if ((prid_long == ULONG_MAX && errno == ERANGE) || (prid_long > (prid_t)-1)) + return -1; + prid = (prid_t)prid_long; if (*project != '\0' && *sp == '\0') return prid; prj = getprnam(project); @@ -358,9 +362,13 @@ uid_from_string( { struct passwd *pwd; uid_t uid; + unsigned long int uid_long; char *sp; - uid = (uid_t)strtoul(user, &sp, 10); + uid_long = strtoul(user, &sp, 10); + if ((uid_long == ULONG_MAX && errno == ERANGE) || (uid_long > (uid_t)-1)) + return -1; + uid = (uid_t)uid_long; if (sp != user) return uid; pwd = getpwnam(user); @@ -375,9 +383,13 @@ gid_from_string( { struct group *grp; gid_t gid; + unsigned long int gid_long; char *sp; - gid = (gid_t)strtoul(group, &sp, 10); + gid_long = strtoul(group, &sp, 10); + if ((gid_long == ULONG_MAX && errno == ERANGE) || (gid_long > (gid_t)-1)) + return -1; + gid = (gid_t)gid_long; if (sp != group) return gid; grp = getgrnam(group); diff --git a/quota/project.c b/quota/project.c index 1aacddd..e9baadd 100644 --- a/quota/project.c +++ b/quota/project.c @@ -331,7 +331,7 @@ project_f( prid = prid_from_string(argv[optind]); if (prid == -1) { exitcode = 1; - fprintf(stderr, _("%s - no such project in %s\n"), + fprintf(stderr, _("%s - no such project in %s or invalid project number\n"), argv[optind], projects_file); } else project(argv[optind], type); -- 1.7.1.1 _______________________________________________ xfs mailing list xfs@xxxxxxxxxxx http://oss.sgi.com/mailman/listinfo/xfs