diff options
| author | Lennart Poettering <lennart@poettering.net> | 2020-06-01 17:16:46 +0200 |
|---|---|---|
| committer | The Plumber <50238977+systemd-rhel-bot@users.noreply.github.com> | 2020-11-02 19:05:19 +0100 |
| commit | 87c22d3bb794118d25bc138108fd5bdd607365ef (patch) | |
| tree | 080e09d7bddfacff0a7f0e56b568d39fccee75e0 | |
| parent | 147a3696b45a872e0e21fb74e1497f02543ce871 (diff) | |
| download | systemd-87c22d3bb794118d25bc138108fd5bdd607365ef.tar.gz | |
user-util: be stricter in parse_uid()
Let's refuse "+" and "-" prefixed UIDs. Let's refuse whitespace-prefixed
UIDS, Let's refuse zero-prefixed UIDs. Let's be safe than sorry.
(cherry picked from commit f5979b63cc305ba217dfd174b1bf0583bcf75a73)
Related: #1848373
| -rw-r--r-- | src/basic/user-util.c | 10 | ||||
| -rw-r--r-- | src/test/test-user-util.c | 26 |
2 files changed, 32 insertions, 4 deletions
diff --git a/src/basic/user-util.c b/src/basic/user-util.c index 10eeb256cd..40f4e45db6 100644 --- a/src/basic/user-util.c +++ b/src/basic/user-util.c @@ -49,7 +49,15 @@ int parse_uid(const char *s, uid_t *ret) { assert(s); assert_cc(sizeof(uid_t) == sizeof(uint32_t)); - r = safe_atou32_full(s, 10, &uid); + + /* We are very strict when parsing UIDs, and prohibit +/- as prefix, leading zero as prefix, and + * whitespace. We do this, since this call is often used in a context where we parse things as UID + * first, and if that doesn't work we fall back to NSS. Thus we really want to make sure that UIDs + * are parsed as UIDs only if they really really look like UIDs. */ + r = safe_atou32_full(s, 10 + | SAFE_ATO_REFUSE_PLUS_MINUS + | SAFE_ATO_REFUSE_LEADING_ZERO + | SAFE_ATO_REFUSE_LEADING_WHITESPACE, &uid); if (r < 0) return r; diff --git a/src/test/test-user-util.c b/src/test/test-user-util.c index 8bf3dcd567..99203f7e48 100644 --- a/src/test/test-user-util.c +++ b/src/test/test-user-util.c @@ -52,13 +52,33 @@ static void test_parse_uid(void) { assert_se(r == -EINVAL); assert_se(uid == 100); + r = parse_uid("+1234", &uid); + assert_se(r == -EINVAL); + assert_se(uid == 100); + + r = parse_uid("-1234", &uid); + assert_se(r == -EINVAL); + assert_se(uid == 100); + + r = parse_uid(" 1234", &uid); + assert_se(r == -EINVAL); + assert_se(uid == 100); + r = parse_uid("01234", &uid); - assert_se(r == 0); - assert_se(uid == 1234); + assert_se(r == -EINVAL); + assert_se(uid == 100); + + r = parse_uid("-0", &uid); + assert_se(r == -EINVAL); + assert_se(uid == 100); + + r = parse_uid("+0", &uid); + assert_se(r == -EINVAL); + assert_se(uid == 100); r = parse_uid("asdsdas", &uid); assert_se(r == -EINVAL); - assert_se(uid == 1234); + assert_se(uid == 100); } static void test_uid_ptr(void) { |