Check uid/gid used when creating a user/group are not larger than UID_MAX/GID_MAX

PR:		173977
Reported by:	nvass@gmx.com

usr.sbin/pw/pw.c

@@ -269,7 +269,7 @@ main(int argc, char *argv[])
 			}
 			if (strspn(optarg, "0123456789") != strlen(optarg))
 				errx(EX_USAGE, "-g expects a number");
-			id = strtonum(optarg, 0, LONG_MAX, &errstr);
+			id = strtonum(optarg, 0, GID_MAX, &errstr);
 			if (errstr != NULL)
 				errx(EX_USAGE, "Bad id '%s': %s", optarg,
 				    errstr);
@@ -281,7 +281,7 @@ main(int argc, char *argv[])
 				addarg(&arglist, 'u', optarg);
 				break;
 			}
-			id = strtonum(optarg, 0, LONG_MAX, &errstr);
+			id = strtonum(optarg, 0, UID_MAX, &errstr);
 			if (errstr != NULL)
 				errx(EX_USAGE, "Bad id '%s': %s", optarg,
 				    errstr);

usr.sbin/pw/tests/Makefile

@@ -8,6 +8,7 @@ TESTSDIR=	${TESTSBASE}/usr.sbin/pw
 ATF_TESTS_SH=	pw_etcdir \
 		pw_lock \
 		pw_config \
+		pw_groupadd \
 		pw_groupdel \
 		pw_groupmod \
 		pw_useradd \

usr.sbin/pw/tests/pw_groupadd.sh

@@ -0,0 +1,15 @@
+# $FreeBSD$
+
+# Import helper functions
+. $(atf_get_srcdir)/helper_functions.shin
+
+atf_test_case group_add_gid_too_large
+group_add_gid_too_large_body() {
+	populate_etc_skel
+	atf_check -s exit:64 -e inline:"pw: Bad id '9999999999999': too large\n" \
+		${PW} groupadd -n test1 -g 9999999999999
+}
+
+atf_init_test_cases() {
+	atf_add_test_case group_add_gid_too_large
+}

usr.sbin/pw/tests/pw_useradd.sh

@@ -289,6 +289,13 @@ user_add_uid0_body() {
 		-s exit:0 ${PW} usershow foo
 }
 
+atf_test_case user_add_uid_too_large
+user_add_uid_too_large_body() {
+	populate_etc_skel
+	atf_check -s exit:64 -e inline:"pw: Bad id '9999999999999': too large\n" \
+		${PW} useradd -n test1 -u 9999999999999
+}
+
 atf_init_test_cases() {
 	atf_add_test_case user_add
 	atf_add_test_case user_add_noupdate
@@ -313,4 +320,5 @@ atf_init_test_cases() {
 	atf_add_test_case user_add_R
 	atf_add_test_case user_add_skel
 	atf_add_test_case user_add_uid0
+	atf_add_test_case user_add_uid_too_large
 }