mirrors/systemd
0
0
Fork 0
mirror of https://github.com/systemd/systemd.git synced 2024-11-28 04:33:36 +08:00
Code Issues Packages Projects Releases Wiki Activity

user-util: be stricter in parse_uid()

Browse Source 
Let's refuse "+" and "-" prefixed UIDs. Let's refuse whitespace-prefixed
UIDS, Let's refuse zero-prefixed UIDs. Let's be safe than sorry.
This commit is contained in:
Lennart Poettering 2020-06-01 17:16:46 +02:00
parent c44702a8bd
commit f5979b63cc
2 changed files with 32 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
src/basic/user-util.c
View File

@ -49,7 +49,15 @@ int parse_uid(const char *s, uid_t *ret) {
assert(s);
assert_cc(sizeof(uid_t) == sizeof(uint32_t));
r = safe_atou32_full(s, 10, &uid);
/* We are very strict when parsing UIDs, and prohibit +/- as prefix, leading zero as prefix, and
* whitespace. We do this, since this call is often used in a context where we parse things as UID
* first, and if that doesn't work we fall back to NSS. Thus we really want to make sure that UIDs
* are parsed as UIDs only if they really really look like UIDs. */
r = safe_atou32_full(s, 10
| SAFE_ATO_REFUSE_PLUS_MINUS
| SAFE_ATO_REFUSE_LEADING_ZERO
| SAFE_ATO_REFUSE_LEADING_WHITESPACE, &uid);
if (r < 0)
return r;

26
src/test/test-user-util.c
View File

@ -54,13 +54,33 @@ static void test_parse_uid(void) {
assert_se(r == -EINVAL);
assert_se(uid == 100);
r = parse_uid("+1234", &uid);
assert_se(r == -EINVAL);
assert_se(uid == 100);
r = parse_uid("-1234", &uid);
assert_se(r == -EINVAL);
assert_se(uid == 100);
r = parse_uid(" 1234", &uid);
assert_se(r == -EINVAL);
assert_se(uid == 100);
r = parse_uid("01234", &uid);
assert_se(r == 0);
assert_se(uid == 1234);
assert_se(r == -EINVAL);
assert_se(uid == 100);
r = parse_uid("-0", &uid);
assert_se(r == -EINVAL);
assert_se(uid == 100);
r = parse_uid("+0", &uid);
assert_se(r == -EINVAL);
assert_se(uid == 100);
r = parse_uid("asdsdas", &uid);
assert_se(r == -EINVAL);
assert_se(uid == 1234);
assert_se(uid == 100);
}
static void test_uid_ptr(void) {