[dpkg] 58/192: s-s-d: Parse usernames and groupnames starting with digits correctly
Ximin Luo
infinity0 at debian.org
Tue Oct 17 11:03:58 UTC 2017
This is an automated email from the git hooks/post-receive script.
infinity0 pushed a commit to branch pu/reproducible_builds
in repository dpkg.
commit 55c291c69bc9ee7c00731f4f5ffafd42673eb7d1
Author: Guillem Jover <guillem at debian.org>
Date: Tue Jul 4 03:33:25 2017 +0200
s-s-d: Parse usernames and groupnames starting with digits correctly
We should not consider a username or groupname that starts with digits
as a valid uid or gid. When parsing integers we should parse the strings
fully and not consider any partial parsing to be correct.
Reported-by: Bodo Eggert <7eggert at online.de>
---
debian/changelog | 2 ++
utils/start-stop-daemon.c | 6 +++---
2 files changed, 5 insertions(+), 3 deletions(-)
diff --git a/debian/changelog b/debian/changelog
index 83821bb..5b7788b 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -2,6 +2,8 @@ dpkg (1.19.0) UNRELEASED; urgency=medium
* Remove an unused variable in dpkg-shlibdeps.
Thanks to Niels Thykier <niels at thykier.net>.
+ * Parse start-stop-daemon usernames and groupnames starting with digits in
+ -u and -c correctly. Reported by Bodo Eggert <7eggert at online.de>.
* Perl modules:
- Switch from Dpkg::Util to List::Util, now that the module in the
new required Perl contains the needed functions.
diff --git a/utils/start-stop-daemon.c b/utils/start-stop-daemon.c
index 3931f5c..8135750 100644
--- a/utils/start-stop-daemon.c
+++ b/utils/start-stop-daemon.c
@@ -1205,7 +1205,7 @@ setup_options(void)
free(fullexecname);
}
- if (userspec && sscanf(userspec, "%d", &user_id) != 1) {
+ if (userspec && parse_unsigned(userspec, 10, &user_id) < 0) {
struct passwd *pw;
pw = getpwnam(userspec);
@@ -1215,7 +1215,7 @@ setup_options(void)
user_id = pw->pw_uid;
}
- if (changegroup && sscanf(changegroup, "%d", &runas_gid) != 1) {
+ if (changegroup && parse_unsigned(changegroup, 10, &runas_gid) < 0) {
struct group *gr;
gr = getgrnam(changegroup);
@@ -1228,7 +1228,7 @@ setup_options(void)
struct passwd *pw;
struct stat st;
- if (sscanf(changeuser, "%d", &runas_uid) == 1)
+ if (parse_unsigned(changeuser, 10, &runas_uid) == 0)
pw = getpwuid(runas_uid);
else
pw = getpwnam(changeuser);
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/reproducible/dpkg.git
More information about the Reproducible-commits
mailing list