From fef2a7ca0a87dc3de25480b8070f8090d5f1cb09 Mon Sep 17 00:00:00 2001 From: Swen Schillig Date: Mon, 28 Jan 2019 13:12:09 +0100 Subject: groupdb: Use wrapper for string to integer conversion MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit In order to detect an value overflow error during the string to integer conversion with strtoul/strtoull, the errno variable must be set to zero before the execution and checked after the conversion is performed. This is achieved by using the wrapper function strtoul_err and strtoull_err. Signed-off-by: Swen Schillig Reviewed-by: Ralph Böhme Reviewed-by: Jeremy Allison --- source3/groupdb/mapping_tdb.c | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) (limited to 'source3/groupdb/mapping_tdb.c') diff --git a/source3/groupdb/mapping_tdb.c b/source3/groupdb/mapping_tdb.c index d6a06ef199b..c80ff1f859a 100644 --- a/source3/groupdb/mapping_tdb.c +++ b/source3/groupdb/mapping_tdb.c @@ -860,6 +860,7 @@ static int convert_ldb_record(TDB_CONTEXT *ltdb, TDB_DATA key, char *q; uint32_t num_mem = 0; struct dom_sid *members = NULL; + int error = 0; p = (uint8_t *)data.dptr; if (data.dsize < 8) { @@ -974,8 +975,8 @@ static int convert_ldb_record(TDB_CONTEXT *ltdb, TDB_DATA key, /* we ignore unknown or uninteresting attributes * (objectclass, etc.) */ if (strcasecmp_m(name, "gidNumber") == 0) { - map->gid = strtoul(val, &q, 10); - if (*q) { + map->gid = strtoul_err(val, &q, 10, &error); + if (*q || (error != 0)) { errno = EIO; goto failed; } @@ -985,8 +986,11 @@ static int convert_ldb_record(TDB_CONTEXT *ltdb, TDB_DATA key, goto failed; } } else if (strcasecmp_m(name, "sidNameUse") == 0) { - map->sid_name_use = strtoul(val, &q, 10); - if (*q) { + map->sid_name_use = strtoul_err(val, + &q, + 10, + &error); + if (*q || (error != 0)) { errno = EIO; goto failed; } -- cgit v1.2.1