|
 |
bd1529 |
From 87c22d3bb794118d25bc138108fd5bdd607365ef Mon Sep 17 00:00:00 2001
|
|
|
bd1529 |
From: Lennart Poettering <lennart@poettering.net>
|
|
|
bd1529 |
Date: Mon, 1 Jun 2020 17:16:46 +0200
|
|
|
bd1529 |
Subject: [PATCH] user-util: be stricter in parse_uid()
|
|
|
bd1529 |
|
|
|
bd1529 |
Let's refuse "+" and "-" prefixed UIDs. Let's refuse whitespace-prefixed
|
|
|
bd1529 |
UIDS, Let's refuse zero-prefixed UIDs. Let's be safe than sorry.
|
|
|
bd1529 |
|
|
|
bd1529 |
(cherry picked from commit f5979b63cc305ba217dfd174b1bf0583bcf75a73)
|
|
|
bd1529 |
|
|
|
bd1529 |
Related: #1848373
|
|
|
bd1529 |
---
|
|
|
bd1529 |
src/basic/user-util.c | 10 +++++++++-
|
|
|
bd1529 |
src/test/test-user-util.c | 26 +++++++++++++++++++++++---
|
|
|
bd1529 |
2 files changed, 32 insertions(+), 4 deletions(-)
|
|
|
bd1529 |
|
|
|
bd1529 |
diff --git a/src/basic/user-util.c b/src/basic/user-util.c
|
|
|
bd1529 |
index 10eeb256cd..40f4e45db6 100644
|
|
|
bd1529 |
--- a/src/basic/user-util.c
|
|
|
bd1529 |
+++ b/src/basic/user-util.c
|
|
|
bd1529 |
@@ -49,7 +49,15 @@ int parse_uid(const char *s, uid_t *ret) {
|
|
|
bd1529 |
assert(s);
|
|
|
bd1529 |
|
|
|
bd1529 |
assert_cc(sizeof(uid_t) == sizeof(uint32_t));
|
|
|
bd1529 |
- r = safe_atou32_full(s, 10, &uid);
|
|
|
bd1529 |
+
|
|
|
bd1529 |
+ /* We are very strict when parsing UIDs, and prohibit +/- as prefix, leading zero as prefix, and
|
|
|
bd1529 |
+ * whitespace. We do this, since this call is often used in a context where we parse things as UID
|
|
|
bd1529 |
+ * first, and if that doesn't work we fall back to NSS. Thus we really want to make sure that UIDs
|
|
|
bd1529 |
+ * are parsed as UIDs only if they really really look like UIDs. */
|
|
|
bd1529 |
+ r = safe_atou32_full(s, 10
|
|
|
bd1529 |
+ | SAFE_ATO_REFUSE_PLUS_MINUS
|
|
|
bd1529 |
+ | SAFE_ATO_REFUSE_LEADING_ZERO
|
|
|
bd1529 |
+ | SAFE_ATO_REFUSE_LEADING_WHITESPACE, &uid);
|
|
|
bd1529 |
if (r < 0)
|
|
|
bd1529 |
return r;
|
|
|
bd1529 |
|
|
|
bd1529 |
diff --git a/src/test/test-user-util.c b/src/test/test-user-util.c
|
|
|
bd1529 |
index 8bf3dcd567..99203f7e48 100644
|
|
|
bd1529 |
--- a/src/test/test-user-util.c
|
|
|
bd1529 |
+++ b/src/test/test-user-util.c
|
|
|
bd1529 |
@@ -52,13 +52,33 @@ static void test_parse_uid(void) {
|
|
|
bd1529 |
assert_se(r == -EINVAL);
|
|
|
bd1529 |
assert_se(uid == 100);
|
|
|
bd1529 |
|
|
|
bd1529 |
+ r = parse_uid("+1234", &uid);
|
|
|
bd1529 |
+ assert_se(r == -EINVAL);
|
|
|
bd1529 |
+ assert_se(uid == 100);
|
|
|
bd1529 |
+
|
|
|
bd1529 |
+ r = parse_uid("-1234", &uid);
|
|
|
bd1529 |
+ assert_se(r == -EINVAL);
|
|
|
bd1529 |
+ assert_se(uid == 100);
|
|
|
bd1529 |
+
|
|
|
bd1529 |
+ r = parse_uid(" 1234", &uid);
|
|
|
bd1529 |
+ assert_se(r == -EINVAL);
|
|
|
bd1529 |
+ assert_se(uid == 100);
|
|
|
bd1529 |
+
|
|
|
bd1529 |
r = parse_uid("01234", &uid);
|
|
|
bd1529 |
- assert_se(r == 0);
|
|
|
bd1529 |
- assert_se(uid == 1234);
|
|
|
bd1529 |
+ assert_se(r == -EINVAL);
|
|
|
bd1529 |
+ assert_se(uid == 100);
|
|
|
bd1529 |
+
|
|
|
bd1529 |
+ r = parse_uid("-0", &uid);
|
|
|
bd1529 |
+ assert_se(r == -EINVAL);
|
|
|
bd1529 |
+ assert_se(uid == 100);
|
|
|
bd1529 |
+
|
|
|
bd1529 |
+ r = parse_uid("+0", &uid);
|
|
|
bd1529 |
+ assert_se(r == -EINVAL);
|
|
|
bd1529 |
+ assert_se(uid == 100);
|
|
|
bd1529 |
|
|
|
bd1529 |
r = parse_uid("asdsdas", &uid);
|
|
|
bd1529 |
assert_se(r == -EINVAL);
|
|
|
bd1529 |
- assert_se(uid == 1234);
|
|
|
bd1529 |
+ assert_se(uid == 100);
|
|
|
bd1529 |
}
|
|
|
bd1529 |
|
|
|
bd1529 |
static void test_uid_ptr(void) {
|