On Thu, Nov 15, 2012 at 03:06:03PM +0000, Eitan Adler wrote: > Author: eadler > Date: Thu Nov 15 15:06:03 2012 > New Revision: 243076 > URL: http://svnweb.freebsd.org/changeset/base/243076 > > Log: > Check the range of the gid > > Approved by: cperciva > MFC after: 1 week > > Modified: > head/usr.sbin/chkgrp/chkgrp.c > > Modified: head/usr.sbin/chkgrp/chkgrp.c > ============================================================================== > --- head/usr.sbin/chkgrp/chkgrp.c Thu Nov 15 15:06:00 2012 > (r243075) > +++ head/usr.sbin/chkgrp/chkgrp.c Thu Nov 15 15:06:03 2012 > (r243076) > @@ -30,7 +30,10 @@ > __FBSDID("$FreeBSD$"); > > #include <err.h> > +#include <errno.h> > #include <ctype.h> > +#include <limits.h> > +#include <stdint.h> > #include <stdio.h> > #include <stdlib.h> > #include <string.h> > @@ -150,6 +153,18 @@ main(int argc, char *argv[]) > warnx("%s: line %d: GID is not numeric", gfn, n); > e++; > } > + > + /* check the range of the group id */ > + errno = 0; > + unsigned long groupid = strtoul(f[2], NULL, 10); And this violates style. The checks for strtoul failure are not exhaustive.
> + if (errno != 0) {
> + warnx("%s: line %d: strtoul failed", gfn, n);
> + }
> + else if (groupid > GID_MAX) {
> + warnx("%s: line %d: group id is too large (> %ju)",
> + gfn, n, (uintmax_t)GID_MAX);
> + e++;
> + }
>
> #if 0
> /* entry is correct, so print it */
pgpihrDFv7YB2.pgp
Description: PGP signature
