--uid,--gid don't validate their argument

[danielshahaf]

Basic Information
Version of libarchive: 3.2.2-5 Debian package (tested); latest HEAD (source inspection)
How you obtained it: Built from source
Operating system and version: Debian stretch
What compiler and/or IDE you are using (include version): clang version 3.8.1-24

Description of the problem you are seeing:
What did you do? bsdtar --uid=foo (literally)
What did you expect to happen? Error message: 'foo' is not an integer
What actually happened? Behaved as though --uid=0 was passed
What log files or error messages were produced? errno was 0 both before and after the atoi() call

How the libarchive developers can reproduce your problem:
What other software was involved? N/A
What other files were involved? N/A
How can we obtain any of the above? N/A

The argument to bsdtar's --uid option is parsed as follows:

libarchive/tar/bsdtar.c

Lines 650 to 656 in 23b142e

	case OPTION_UID: /* cpio */
	t = atoi(bsdtar->argument);
	if (t < 0)
	lafe_errc(1, 0,
	"Argument to --uid must be positive");
	bsdtar->uid = t;
	break;

When the argument isn't numeric, atoi() returns 0 and bsdtar->uid is set to zero. I expect an error message instead.

All of the above applies to --gid as well.