From 90a4edb58491b8048a6bdd7c885099629797558f Mon Sep 17 00:00:00 2001 From: Baptiste Daroussin Date: Tue, 28 Jul 2015 21:10:58 +0000 Subject: [PATCH] Check uid/gid used when creating a user/group are not larger than UID_MAX/GID_MAX PR: 173977 Reported by: nvass@gmx.com --- usr.sbin/pw/pw.c | 4 ++-- usr.sbin/pw/tests/Makefile | 1 + usr.sbin/pw/tests/pw_groupadd.sh | 15 +++++++++++++++ usr.sbin/pw/tests/pw_useradd.sh | 8 ++++++++ 4 files changed, 26 insertions(+), 2 deletions(-) create mode 100755 usr.sbin/pw/tests/pw_groupadd.sh diff --git a/usr.sbin/pw/pw.c b/usr.sbin/pw/pw.c index 3db427afe44b..c1d9cd32a708 100644 --- a/usr.sbin/pw/pw.c +++ b/usr.sbin/pw/pw.c @@ -269,7 +269,7 @@ main(int argc, char *argv[]) } if (strspn(optarg, "0123456789") != strlen(optarg)) errx(EX_USAGE, "-g expects a number"); - id = strtonum(optarg, 0, LONG_MAX, &errstr); + id = strtonum(optarg, 0, GID_MAX, &errstr); if (errstr != NULL) errx(EX_USAGE, "Bad id '%s': %s", optarg, errstr); @@ -281,7 +281,7 @@ main(int argc, char *argv[]) addarg(&arglist, 'u', optarg); break; } - id = strtonum(optarg, 0, LONG_MAX, &errstr); + id = strtonum(optarg, 0, UID_MAX, &errstr); if (errstr != NULL) errx(EX_USAGE, "Bad id '%s': %s", optarg, errstr); diff --git a/usr.sbin/pw/tests/Makefile b/usr.sbin/pw/tests/Makefile index 193b8ab58530..c43285fa7fff 100644 --- a/usr.sbin/pw/tests/Makefile +++ b/usr.sbin/pw/tests/Makefile @@ -8,6 +8,7 @@ TESTSDIR= ${TESTSBASE}/usr.sbin/pw ATF_TESTS_SH= pw_etcdir \ pw_lock \ pw_config \ + pw_groupadd \ pw_groupdel \ pw_groupmod \ pw_useradd \ diff --git a/usr.sbin/pw/tests/pw_groupadd.sh b/usr.sbin/pw/tests/pw_groupadd.sh new file mode 100755 index 000000000000..9c8fdf12ebe8 --- /dev/null +++ b/usr.sbin/pw/tests/pw_groupadd.sh @@ -0,0 +1,15 @@ +# $FreeBSD$ + +# Import helper functions +. $(atf_get_srcdir)/helper_functions.shin + +atf_test_case group_add_gid_too_large +group_add_gid_too_large_body() { + populate_etc_skel + atf_check -s exit:64 -e inline:"pw: Bad id '9999999999999': too large\n" \ + ${PW} groupadd -n test1 -g 9999999999999 +} + +atf_init_test_cases() { + atf_add_test_case group_add_gid_too_large +} diff --git a/usr.sbin/pw/tests/pw_useradd.sh b/usr.sbin/pw/tests/pw_useradd.sh index 880dab5ca7bb..7306387bd194 100755 --- a/usr.sbin/pw/tests/pw_useradd.sh +++ b/usr.sbin/pw/tests/pw_useradd.sh @@ -289,6 +289,13 @@ user_add_uid0_body() { -s exit:0 ${PW} usershow foo } +atf_test_case user_add_uid_too_large +user_add_uid_too_large_body() { + populate_etc_skel + atf_check -s exit:64 -e inline:"pw: Bad id '9999999999999': too large\n" \ + ${PW} useradd -n test1 -u 9999999999999 +} + atf_init_test_cases() { atf_add_test_case user_add atf_add_test_case user_add_noupdate @@ -313,4 +320,5 @@ atf_init_test_cases() { atf_add_test_case user_add_R atf_add_test_case user_add_skel atf_add_test_case user_add_uid0 + atf_add_test_case user_add_uid_too_large }