Handle overflow of uid or gid in arguments for chown

chown incorrectly allows a uid or gid greater than UID_MAX/GID_MAX respectively. Using such an argument rolls over to accounts such as root, operator, etc. Approved by: re (gjb) Relnotes: yes Reviewed by: cem, kib Submitted by: Don Morris <dgmorris@earthlink.net> Sponsored by: Dell EMC Differential Revision: https://reviews.freebsd.org/D15119
2018-09-26 18:40:57 +00:00 · 2018-09-26 18:40:57 +00:00 · c496f06161
commit c496f06161
parent 7c0d7c1091
1 changed files with 4 additions and 6 deletions
--- a/usr.sbin/chown/chown.c
+++ b/usr.sbin/chown/chown.c
@ -55,6 +55,7 @@ __FBSDID("$FreeBSD$");
 #include <libgen.h>
 #include <pwd.h>
 #include <signal.h>
+#include <stddef.h>
 #include <stdint.h>
 #include <stdio.h>
 #include <stdlib.h>
@ -246,16 +247,13 @@ a_uid(const char *s)
 static uid_t
 id(const char *name, const char *type)
 {
-	uid_t val;
+	unsigned long val;
 	char *ep;

-	/*
-	 * XXX
-	 * We know that uid_t's and gid_t's are unsigned longs.
-	 */
 	errno = 0;
 	val = strtoul(name, &ep, 10);
-	if (errno || *ep != '\0')
+	_Static_assert(UID_MAX >= GID_MAX, "UID MAX less than GID MAX");
+	if (errno || *ep != '\0' || val > UID_MAX)
 		errx(1, "%s: illegal %s name", name, type);
 	return (val);
 }