From 1c3b9acf2ed7483d48ec7d0da5df120bdf7d2d0e Mon Sep 17 00:00:00 2001 From: Kyle Evans Date: Tue, 31 Dec 2019 04:36:14 +0000 Subject: [PATCH] inetd: prefer strtonum(3) to strspn(3)+atoi(3), NFC strtonum(3) does effectively the same validation as we had, but it's more concise. --- usr.sbin/inetd/builtins.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/usr.sbin/inetd/builtins.c b/usr.sbin/inetd/builtins.c index 028ca8d96b2c..a2302ee62eef 100644 --- a/usr.sbin/inetd/builtins.c +++ b/usr.sbin/inetd/builtins.c @@ -649,8 +649,14 @@ ident_stream(int s, struct servtab *sep) goto fakeid_fail; if (!Fflag) { if (iflag) { - if (p[strspn(p, "0123456789")] == '\0' && - getpwuid(atoi(p)) != NULL) + const char *errstr; + uid_t uid; + + uid = strtonum(p, 0, UID_MAX, &errstr); + if (errstr != NULL) + goto fakeid_fail; + + if (getpwuid(uid) != NULL) goto fakeid_fail; } else { if (getpwnam(p) != NULL)