diff options
| author | Swen Schillig <swen@linux.ibm.com> | 2019-01-28 13:12:09 +0100 |
|---|---|---|
| committer | Jeremy Allison <jra@samba.org> | 2019-03-01 00:32:10 +0000 |
| commit | fef2a7ca0a87dc3de25480b8070f8090d5f1cb09 (patch) | |
| tree | 0e1a81874533ab6d54e50e27cb2c86ad2d4d9629 /source3/groupdb | |
| parent | c9f4b92a6131dedcaa38d6fe907d17a30a595f06 (diff) | |
| download | samba-fef2a7ca0a87dc3de25480b8070f8090d5f1cb09.tar.gz | |
groupdb: Use wrapper for string to integer conversion
In order to detect an value overflow error during
the string to integer conversion with strtoul/strtoull,
the errno variable must be set to zero before the execution and
checked after the conversion is performed. This is achieved by
using the wrapper function strtoul_err and strtoull_err.
Signed-off-by: Swen Schillig <swen@linux.ibm.com>
Reviewed-by: Ralph Böhme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Diffstat (limited to 'source3/groupdb')
| -rw-r--r-- | source3/groupdb/mapping.c | 11 | ||||
| -rw-r--r-- | source3/groupdb/mapping_tdb.c | 12 |
2 files changed, 18 insertions, 5 deletions
diff --git a/source3/groupdb/mapping.c b/source3/groupdb/mapping.c index 43722e777d4..77eb0d6e5cd 100644 --- a/source3/groupdb/mapping.c +++ b/source3/groupdb/mapping.c @@ -208,6 +208,7 @@ int smb_create_group(const char *unix_group, gid_t *new_gid) char *add_script = NULL; int ret = -1; int fd = 0; + int error = 0; *new_gid = 0; @@ -244,7 +245,15 @@ int smb_create_group(const char *unix_group, gid_t *new_gid) nread = read(fd, output, sizeof(output)-1); if (nread > 0) { output[nread] = '\0'; - *new_gid = (gid_t)strtoul(output, NULL, 10); + *new_gid = (gid_t)strtoul_err(output, + NULL, + 10, + &error); + if (error != 0) { + *new_gid = 0; + close(fd); + return -1; + } } close(fd); diff --git a/source3/groupdb/mapping_tdb.c b/source3/groupdb/mapping_tdb.c index d6a06ef199b..c80ff1f859a 100644 --- a/source3/groupdb/mapping_tdb.c +++ b/source3/groupdb/mapping_tdb.c @@ -860,6 +860,7 @@ static int convert_ldb_record(TDB_CONTEXT *ltdb, TDB_DATA key, char *q; uint32_t num_mem = 0; struct dom_sid *members = NULL; + int error = 0; p = (uint8_t *)data.dptr; if (data.dsize < 8) { @@ -974,8 +975,8 @@ static int convert_ldb_record(TDB_CONTEXT *ltdb, TDB_DATA key, /* we ignore unknown or uninteresting attributes * (objectclass, etc.) */ if (strcasecmp_m(name, "gidNumber") == 0) { - map->gid = strtoul(val, &q, 10); - if (*q) { + map->gid = strtoul_err(val, &q, 10, &error); + if (*q || (error != 0)) { errno = EIO; goto failed; } @@ -985,8 +986,11 @@ static int convert_ldb_record(TDB_CONTEXT *ltdb, TDB_DATA key, goto failed; } } else if (strcasecmp_m(name, "sidNameUse") == 0) { - map->sid_name_use = strtoul(val, &q, 10); - if (*q) { + map->sid_name_use = strtoul_err(val, + &q, + 10, + &error); + if (*q || (error != 0)) { errno = EIO; goto failed; } |