lib/, src/: Replace strtou[l]l(3) by strtou[l]l_noneg()

strtou[l]l(3) silently converts negative numbers into positive. This behavior is wrong: a negative value should be parsed as a negative value, which would underflow unsigned (long) long, and so would return the smallest possible value, 0, and set errno to ERANGE to report an error. Signed-off-by: Alejandro Colomar <alx@kernel.org>
shadow-maint · Jan 6, 2024 · 5a30949 · 5a30949
1 parent 8d14302
commit 5a30949
Show file tree

Hide file tree

Showing 4 changed files with 13 additions and 7 deletions.
diff --git a/lib/getrange.c b/lib/getrange.c
@@ -12,6 +12,7 @@
 #include <ctype.h>
 #include <stdlib.h>
 
+#include "atoi/strtoul.h"
 #include "defines.h"
 #include "prototypes.h"
 
@@ -40,7 +41,7 @@ getrange(const char *range,
 			return -1;
 
 		errno = 0;
-		n = strtoul(&range[1], &endptr, 10);
+		n = strtoul_noneg(&range[1], &endptr, 10);
 		if (('\0' != *endptr) || (0 != errno))
 			return -1;
 
@@ -50,7 +51,7 @@ getrange(const char *range,
 		*max = n;
 	} else {
 		errno = 0;
-		n = strtoul(range, &endptr, 10);
+		n = strtoul_noneg(range, &endptr, 10);
 		if (endptr == range || 0 != errno)
 			return -1;
 
@@ -75,7 +76,7 @@ getrange(const char *range,
 				*has_min = true;
 				*min = n;
 				errno = 0;
-				n = strtoul(endptr, &endptr, 10);
+				n = strtoul_noneg(endptr, &endptr, 10);
 				if ('\0' != *endptr || 0 != errno)
 					return -1;
 

diff --git a/lib/gettime.c b/lib/gettime.c
@@ -11,6 +11,8 @@
 #include <errno.h>
 #include <limits.h>
 #include <stdio.h>
+
+#include "atoi/strtoul.h"
 #include "defines.h"
 #include "prototypes.h"
 #include "shadowlog.h"
@@ -37,7 +39,7 @@
 		return fallback;
 
 	errno = 0;
-	epoch = strtoull(source_date_epoch, &endptr, 10);
+	epoch = strtoull_noneg(source_date_epoch, &endptr, 10);
 	if (errno != 0) {
 		fprintf (shadow_logfd,
 			 _("Environment variable $SOURCE_DATE_EPOCH: strtoull: %s\n"),

diff --git a/lib/getulong.c b/lib/getulong.c
@@ -12,6 +12,7 @@
 #include <stdlib.h>
 #include <errno.h>
 
+#include "atoi/strtoul.h"
 #include "prototypes.h"
 
 
@@ -27,7 +28,7 @@ getulong(const char *numstr, /*@out@*/unsigned long *result)
 	unsigned long  val;
 
 	errno = 0;
-	val = strtoul(numstr, &endptr, 0);
+	val = strtoul_noneg(numstr, &endptr, 0);
 	if (('\0' == *numstr) || ('\0' != *endptr) || (0 != errno))
 		return -1;
 

diff --git a/src/check_subid_range.c b/src/check_subid_range.c
@@ -12,6 +12,8 @@
 #include <sys/types.h>
 #include <sys/stat.h>
 #include <fcntl.h>
+
+#include "atoi/strtoul.h"
 #include "defines.h"
 #include "prototypes.h"
 #include "subordinateio.h"
@@ -35,10 +37,10 @@ int main(int argc, char **argv)
 	owner = argv[1];
 	check_uids = argv[2][0] == 'u';
 	errno = 0;
-	start = strtoul(argv[3], NULL, 10);
+	start = strtoul_noneg(argv[3], NULL, 10);
 	if (errno != 0)
 		exit(1);
-	count = strtoul(argv[4], NULL, 10);
+	count = strtoul_noneg(argv[4], NULL, 10);
 	if (errno != 0)
 		exit(1);
 	if (check_uids) {