You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
94 lines
3.6 KiB
94 lines
3.6 KiB
From 57d2e6e64ba490054f8de1a2aad4ffae7778eddc Mon Sep 17 00:00:00 2001
|
|
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
|
|
Date: Sun, 31 May 2020 18:21:09 +0200
|
|
Subject: [PATCH] basic/user-util: always use base 10 for user/group numbers
|
|
|
|
We would parse numbers with base prefixes as user identifiers. For example,
|
|
"0x2b3bfa0" would be interpreted as UID==45334432 and "01750" would be
|
|
interpreted as UID==1000. This parsing was used also in cases where either a
|
|
user/group name or number may be specified. This means that names like
|
|
0x2b3bfa0 would be ambiguous: they are a valid user name according to our
|
|
documented relaxed rules, but they would also be parsed as numeric uids.
|
|
|
|
This behaviour is definitely not expected by users, since tools generally only
|
|
accept decimal numbers (e.g. id, getent passwd), while other tools only accept
|
|
user names and thus will interpret such strings as user names without even
|
|
attempting to convert them to numbers (su, ssh). So let's follow suit and only
|
|
accept numbers in decimal notation. Effectively this means that we will reject
|
|
such strings as a username/uid/groupname/gid where strict mode is used, and try
|
|
to look up a user/group with such a name in relaxed mode.
|
|
|
|
Since the function changed is fairly low-level and fairly widely used, this
|
|
affects multiple tools: loginctl show-user/enable-linger/disable-linger foo',
|
|
the third argument in sysusers.d, fourth and fifth arguments in tmpfiles.d,
|
|
etc.
|
|
|
|
Fixes #15985.
|
|
|
|
(cherry picked from commit 156a5fd297b61bce31630d7a52c15614bf784843)
|
|
|
|
Resolves: #1848373
|
|
---
|
|
src/basic/parse-util.h | 8 ++++++--
|
|
src/basic/user-util.c | 2 +-
|
|
src/test/test-user-util.c | 10 ++++++++++
|
|
3 files changed, 17 insertions(+), 3 deletions(-)
|
|
|
|
diff --git a/src/basic/parse-util.h b/src/basic/parse-util.h
|
|
index f3267f4cfe..1fc1af7615 100644
|
|
--- a/src/basic/parse-util.h
|
|
+++ b/src/basic/parse-util.h
|
|
@@ -50,9 +50,13 @@ static inline int safe_atoux16(const char *s, uint16_t *ret) {
|
|
|
|
int safe_atoi16(const char *s, int16_t *ret);
|
|
|
|
-static inline int safe_atou32(const char *s, uint32_t *ret_u) {
|
|
+static inline int safe_atou32_full(const char *s, unsigned base, uint32_t *ret_u) {
|
|
assert_cc(sizeof(uint32_t) == sizeof(unsigned));
|
|
- return safe_atou(s, (unsigned*) ret_u);
|
|
+ return safe_atou_full(s, base, (unsigned*) ret_u);
|
|
+}
|
|
+
|
|
+static inline int safe_atou32(const char *s, uint32_t *ret_u) {
|
|
+ return safe_atou32_full(s, 0, (unsigned*) ret_u);
|
|
}
|
|
|
|
static inline int safe_atoi32(const char *s, int32_t *ret_i) {
|
|
diff --git a/src/basic/user-util.c b/src/basic/user-util.c
|
|
index d92969c966..10eeb256cd 100644
|
|
--- a/src/basic/user-util.c
|
|
+++ b/src/basic/user-util.c
|
|
@@ -49,7 +49,7 @@ int parse_uid(const char *s, uid_t *ret) {
|
|
assert(s);
|
|
|
|
assert_cc(sizeof(uid_t) == sizeof(uint32_t));
|
|
- r = safe_atou32(s, &uid);
|
|
+ r = safe_atou32_full(s, 10, &uid);
|
|
if (r < 0)
|
|
return r;
|
|
|
|
diff --git a/src/test/test-user-util.c b/src/test/test-user-util.c
|
|
index 9114d30b8c..8bf3dcd567 100644
|
|
--- a/src/test/test-user-util.c
|
|
+++ b/src/test/test-user-util.c
|
|
@@ -46,9 +46,19 @@ static void test_parse_uid(void) {
|
|
|
|
r = parse_uid("65535", &uid);
|
|
assert_se(r == -ENXIO);
|
|
+ assert_se(uid == 100);
|
|
+
|
|
+ r = parse_uid("0x1234", &uid);
|
|
+ assert_se(r == -EINVAL);
|
|
+ assert_se(uid == 100);
|
|
+
|
|
+ r = parse_uid("01234", &uid);
|
|
+ assert_se(r == 0);
|
|
+ assert_se(uid == 1234);
|
|
|
|
r = parse_uid("asdsdas", &uid);
|
|
assert_se(r == -EINVAL);
|
|
+ assert_se(uid == 1234);
|
|
}
|
|
|
|
static void test_uid_ptr(void) {
|