lib/, src/: Replace strtou[l]l(3) by strtou[l]l_noneg()

strtou[l]l(3) silently converts negative numbers into positive.  This
behavior is wrong: a negative value should be parsed as a negative
value, which would underflow unsigned (long) long, and so would return
the smallest possible value, 0, and set errno to ERANGE to report an
error.

Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
Cc: "Serge E. Hallyn" <serge@hallyn.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>

diff --git a/lib/getrange.c b/lib/getrange.c
index 44d2ffbd74f6da99839112712b82f48646ea78e7..03b0a91397c982b759f1815ced6d926d9d9f7e5b 100644 (file)
--- a/lib/getrange.c
+++ b/lib/getrange.c
@@ -12,6 +12,7 @@
 #include <ctype.h>
 #include <stdlib.h>
 
+#include "atoi/strtou_noneg.h"
 #include "defines.h"
 #include "prototypes.h"
 
@@ -40,7 +41,7 @@ getrange(const char *range,
                        return -1;
 
                errno = 0;
-               n = strtoul(&range[1], &endptr, 10);
+               n = strtoul_noneg(&range[1], &endptr, 10);
                if (('\0' != *endptr) || (0 != errno))
                        return -1;
 
@@ -50,7 +51,7 @@ getrange(const char *range,
                *max = n;
        } else {
                errno = 0;
-               n = strtoul(range, &endptr, 10);
+               n = strtoul_noneg(range, &endptr, 10);
                if (endptr == range || 0 != errno)
                        return -1;
 
@@ -75,7 +76,7 @@ getrange(const char *range,
                                *has_min = true;
                                *min = n;
                                errno = 0;
-                               n = strtoul(endptr, &endptr, 10);
+                               n = strtoul_noneg(endptr, &endptr, 10);
                                if ('\0' != *endptr || 0 != errno)
                                        return -1;
 

diff --git a/lib/gettime.c b/lib/gettime.c
index 89afdbd576642bee7b3d205360cb274056c9f9e7..19ebe4b3ced89e6658e9cf376749854e6215c8e2 100644 (file)
--- a/lib/gettime.c
+++ b/lib/gettime.c
@@ -11,6 +11,8 @@
 #include <errno.h>
 #include <limits.h>
 #include <stdio.h>
+
+#include "atoi/strtou_noneg.h"
 #include "defines.h"
 #include "prototypes.h"
 #include "shadowlog.h"
@@ -37,7 +39,7 @@
                return fallback;
 
        errno = 0;
-       epoch = strtoull(source_date_epoch, &endptr, 10);
+       epoch = strtoull_noneg(source_date_epoch, &endptr, 10);
        if (errno != 0) {
                fprintf (shadow_logfd,
                         _("Environment variable $SOURCE_DATE_EPOCH: strtoull: %s\n"),

diff --git a/lib/getulong.c b/lib/getulong.c
index 2e730e6e8f3bd00b701e3766f628b940c42d8738..c86281453aeb6ce12d8df632e0b4d384e429b3a0 100644 (file)
--- a/lib/getulong.c
+++ b/lib/getulong.c
@@ -12,6 +12,7 @@
 #include <stdlib.h>
 #include <errno.h>
 
+#include "atoi/strtou_noneg.h"
 #include "prototypes.h"
 
 
@@ -27,7 +28,7 @@ getulong(const char *restrict numstr, unsigned long *restrict result)
        unsigned long  val;
 
        errno = 0;
-       val = strtoul(numstr, &endptr, 0);
+       val = strtoul_noneg(numstr, &endptr, 0);
        if (('\0' == *numstr) || ('\0' != *endptr) || (0 != errno))
                return -1;
 

diff --git a/src/check_subid_range.c b/src/check_subid_range.c
index 160df728fba049ae6aa903d5571507e31bba66f8..4c7bfea65ba75042d82dcc6b88a6fec6dd5fe99f 100644 (file)
--- a/src/check_subid_range.c
+++ b/src/check_subid_range.c
@@ -12,6 +12,8 @@
 #include <sys/types.h>
 #include <sys/stat.h>
 #include <fcntl.h>
+
+#include "atoi/strtou_noneg.h"
 #include "defines.h"
 #include "prototypes.h"
 #include "subordinateio.h"
@@ -35,10 +37,10 @@ int main(int argc, char **argv)
        owner = argv[1];
        check_uids = argv[2][0] == 'u';
        errno = 0;
-       start = strtoul(argv[3], NULL, 10);
+       start = strtoul_noneg(argv[3], NULL, 10);
        if (errno != 0)
                exit(1);
-       count = strtoul(argv[4], NULL, 10);
+       count = strtoul_noneg(argv[4], NULL, 10);
        if (errno != 0)
                exit(1);
        if (check_uids) {