From: Alejandro Colomar <alx@kernel.org>
Date: Mon, 11 Dec 2023 00:06:05 +0000 (+0100)
Subject: lib/, src/: Replace strtou[l]l(3) by strtou[l]l_noneg()
X-Git-Tag: 4.15.0-rc1~28
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=f14670ee1a4830a57908cf672e5d386e03556adb;p=thirdparty%2Fshadow.git

lib/, src/: Replace strtou[l]l(3) by strtou[l]l_noneg()

strtou[l]l(3) silently converts negative numbers into positive.  This
behavior is wrong: a negative value should be parsed as a negative
value, which would underflow unsigned (long) long, and so would return
the smallest possible value, 0, and set errno to ERANGE to report an
error.

Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
Cc: "Serge E. Hallyn" <serge@hallyn.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
---

diff --git a/lib/getrange.c b/lib/getrange.c
index 44d2ffbd7..03b0a9139 100644
--- a/lib/getrange.c
+++ b/lib/getrange.c
@@ -12,6 +12,7 @@
 #include <ctype.h>
 #include <stdlib.h>
 
+#include "atoi/strtou_noneg.h"
 #include "defines.h"
 #include "prototypes.h"
 
@@ -40,7 +41,7 @@ getrange(const char *range,
 			return -1;
 
 		errno = 0;
-		n = strtoul(&range[1], &endptr, 10);
+		n = strtoul_noneg(&range[1], &endptr, 10);
 		if (('\0' != *endptr) || (0 != errno))
 			return -1;
 
@@ -50,7 +51,7 @@ getrange(const char *range,
 		*max = n;
 	} else {
 		errno = 0;
-		n = strtoul(range, &endptr, 10);
+		n = strtoul_noneg(range, &endptr, 10);
 		if (endptr == range || 0 != errno)
 			return -1;
 
@@ -75,7 +76,7 @@ getrange(const char *range,
 				*has_min = true;
 				*min = n;
 				errno = 0;
-				n = strtoul(endptr, &endptr, 10);
+				n = strtoul_noneg(endptr, &endptr, 10);
 				if ('\0' != *endptr || 0 != errno)
 					return -1;
 
diff --git a/lib/gettime.c b/lib/gettime.c
index 89afdbd57..19ebe4b3c 100644
--- a/lib/gettime.c
+++ b/lib/gettime.c
@@ -11,6 +11,8 @@
 #include <errno.h>
 #include <limits.h>
 #include <stdio.h>
+
+#include "atoi/strtou_noneg.h"
 #include "defines.h"
 #include "prototypes.h"
 #include "shadowlog.h"
@@ -37,7 +39,7 @@
 		return fallback;
 
 	errno = 0;
-	epoch = strtoull(source_date_epoch, &endptr, 10);
+	epoch = strtoull_noneg(source_date_epoch, &endptr, 10);
 	if (errno != 0) {
 		fprintf (shadow_logfd,
 			 _("Environment variable $SOURCE_DATE_EPOCH: strtoull: %s\n"),
diff --git a/lib/getulong.c b/lib/getulong.c
index 2e730e6e8..c86281453 100644
--- a/lib/getulong.c
+++ b/lib/getulong.c
@@ -12,6 +12,7 @@
 #include <stdlib.h>
 #include <errno.h>
 
+#include "atoi/strtou_noneg.h"
 #include "prototypes.h"
 
 
@@ -27,7 +28,7 @@ getulong(const char *restrict numstr, unsigned long *restrict result)
 	unsigned long  val;
 
 	errno = 0;
-	val = strtoul(numstr, &endptr, 0);
+	val = strtoul_noneg(numstr, &endptr, 0);
 	if (('\0' == *numstr) || ('\0' != *endptr) || (0 != errno))
 		return -1;
 
diff --git a/src/check_subid_range.c b/src/check_subid_range.c
index 160df728f..4c7bfea65 100644
--- a/src/check_subid_range.c
+++ b/src/check_subid_range.c
@@ -12,6 +12,8 @@
 #include <sys/types.h>
 #include <sys/stat.h>
 #include <fcntl.h>
+
+#include "atoi/strtou_noneg.h"
 #include "defines.h"
 #include "prototypes.h"
 #include "subordinateio.h"
@@ -35,10 +37,10 @@ int main(int argc, char **argv)
 	owner = argv[1];
 	check_uids = argv[2][0] == 'u';
 	errno = 0;
-	start = strtoul(argv[3], NULL, 10);
+	start = strtoul_noneg(argv[3], NULL, 10);
 	if (errno != 0)
 		exit(1);
-	count = strtoul(argv[4], NULL, 10);
+	count = strtoul_noneg(argv[4], NULL, 10);
 	if (errno != 0)
 		exit(1);
 	if (check_uids) {