From ebeae5dcbad898e8ee0d64c4ed44751b753f27de Mon Sep 17 00:00:00 2001 From: Swen Schillig Date: Tue, 29 Jan 2019 14:36:44 +0100 Subject: wbinfo: Use wrapper for string to integer conversion MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit In order to detect an value overflow error during the string to integer conversion with strtoul/strtoull, the errno variable must be set to zero before the execution and checked after the conversion is performed. This is achieved by using the wrapper function strtoul_err and strtoull_err. Signed-off-by: Swen Schillig Reviewed-by: Ralph Böhme Reviewed-by: Jeremy Allison --- nsswitch/wbinfo.c | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) (limited to 'nsswitch') diff --git a/nsswitch/wbinfo.c b/nsswitch/wbinfo.c index 6a1dbd9b56b..b8f04536299 100644 --- a/nsswitch/wbinfo.c +++ b/nsswitch/wbinfo.c @@ -141,6 +141,7 @@ static bool parse_wbinfo_domain_user(const char *domuser, fstring domain, static bool parse_mapping_arg(char *arg, int *id, char **sid) { char *tmp, *endptr; + int error = 0; if (!arg || !*arg) return false; @@ -153,9 +154,9 @@ static bool parse_mapping_arg(char *arg, int *id, char **sid) /* Because atoi() can return 0 on invalid input, which would be a valid * UID/GID we must use strtoul() and do error checking */ - *id = strtoul(tmp, &endptr, 10); + *id = strtoul_err(tmp, &endptr, 10, &error); - if (endptr[0] != '\0') + if (endptr[0] != '\0' || error != 0) return false; return true; @@ -1417,7 +1418,14 @@ static bool wbinfo_lookuprids(const char *domain, const char *arg) p = arg; while (next_token_talloc(mem_ctx, &p, &ridstr, " ,\n")) { - uint32_t rid = strtoul(ridstr, NULL, 10); + int error = 0; + uint32_t rid; + + rid = strtoul_err(ridstr, NULL, 10, &error); + if (error != 0) { + d_printf("failed to convert rid\n"); + goto done; + } rids = talloc_realloc(mem_ctx, rids, uint32_t, num_rids + 1); if (rids == NULL) { d_printf("talloc_realloc failed\n"); -- cgit v1.2.1