From owner-freebsd-security Tue May 13 19:12:05 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.5/8.8.5) id TAA05981 for security-outgoing; Tue, 13 May 1997 19:12:05 -0700 (PDT) Received: from godzilla.zeta.org.au (godzilla.zeta.org.au [203.2.228.19]) by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id TAA05933 for ; Tue, 13 May 1997 19:11:59 -0700 (PDT) Received: (from bde@localhost) by godzilla.zeta.org.au (8.8.5/8.6.9) id MAA23416; Wed, 14 May 1997 12:09:26 +1000 Date: Wed, 14 May 1997 12:09:26 +1000 From: Bruce Evans Message-Id: <199705140209.MAA23416@godzilla.zeta.org.au> To: bde@zeta.org.au, wosch@apfel.de Subject: Re: Linux UID/GID 'Feature' Cc: freebsd-security@FreeBSD.ORG, wollman@khavrinen.lcs.mit.edu Sender: owner-security@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk >Bruce Evans writes: >>>> id = atol(p); >>>> + for(; *p != '\0'; p++) >>>> + if (!isdigit(*p)) >>>> + goto fmt; >>>> + >>> >>>This is why you should never use atol(). Always, always, always use >>>strtol(), and then you won't have these problems. Properly written to >>>use strtol: > >strtol do more things which we dont want: > >man strtol > The string may begin with an arbitrary amount of white space (as deter- > mined by isspace(3)) followed by a single optional `+' or `-' sign. If > base is zero or 16, the string may then include a `0x' prefix, and the > number will be read in base 16; otherwise, a zero base is taken as 10 > (decimal) unless the next character is `0', in which case it is taken as > 8 (octal). atol(p) is equivalent to strtol(p, (char **)NULL, 10). This may also do things that we don't want (it skips leading whit space and interprets signs). >>Another problem: isdigit(*p) is usually undefined if *p < 0. > >What does usually means? There is no warning in the isdigit manpage. Except when *p == EOF. The man page is deficient. So is ctype(3). ANSI ctype functions are only valid for args that are representable as an unsigned char or equal to EOF. Bruce