groupdb: Use wrapper for string to integer conversion

In order to detect an value overflow error during
the string to integer conversion with strtoul/strtoull,
the errno variable must be set to zero before the execution and
checked after the conversion is performed. This is achieved by
using the wrapper function strtoul_err and strtoull_err.

Signed-off-by: Swen Schillig <swen@linux.ibm.com>
Reviewed-by: Ralph Böhme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

diff --git a/source3/groupdb/mapping.c b/source3/groupdb/mapping.c
index 43722e777d49a71b37776a07feeee046db21355d..77eb0d6e5cd9e0a7cfc4f0f47d06e3fc3af37f53 100644 (file)
--- a/source3/groupdb/mapping.c
+++ b/source3/groupdb/mapping.c
@@ -208,6 +208,7 @@ int smb_create_group(const char *unix_group, gid_t *new_gid)
        char *add_script = NULL;
        int     ret = -1;
        int     fd = 0;
+       int error = 0;
 
        *new_gid = 0;
 
@@ -244,7 +245,15 @@ int smb_create_group(const char *unix_group, gid_t *new_gid)
                        nread = read(fd, output, sizeof(output)-1);
                        if (nread > 0) {
                                output[nread] = '\0';
-                               *new_gid = (gid_t)strtoul(output, NULL, 10);
+                               *new_gid = (gid_t)strtoul_err(output,
+                                                             NULL,
+                                                             10,
+                                                             &error);
+                               if (error != 0) {
+                                       *new_gid = 0;
+                                       close(fd);
+                                       return -1;
+                               }
                        }
 
                        close(fd);

diff --git a/source3/groupdb/mapping_tdb.c b/source3/groupdb/mapping_tdb.c
index d6a06ef199bb71d7938cbe998c022db8118a71b1..c80ff1f859a9f90fbf7538a5f8bd5ea2d1d9752c 100644 (file)
--- a/source3/groupdb/mapping_tdb.c
+++ b/source3/groupdb/mapping_tdb.c
@@ -860,6 +860,7 @@ static int convert_ldb_record(TDB_CONTEXT *ltdb, TDB_DATA key,
        char *q;
        uint32_t num_mem = 0;
        struct dom_sid *members = NULL;
+       int error = 0;
 
        p = (uint8_t *)data.dptr;
        if (data.dsize < 8) {
@@ -974,8 +975,8 @@ static int convert_ldb_record(TDB_CONTEXT *ltdb, TDB_DATA key,
                        /* we ignore unknown or uninteresting attributes
                         * (objectclass, etc.) */
                        if (strcasecmp_m(name, "gidNumber") == 0) {
-                               map->gid = strtoul(val, &q, 10);
-                               if (*q) {
+                               map->gid = strtoul_err(val, &q, 10, &error);
+                               if (*q || (error != 0)) {
                                        errno = EIO;
                                        goto failed;
                                }
@@ -985,8 +986,11 @@ static int convert_ldb_record(TDB_CONTEXT *ltdb, TDB_DATA key,
                                        goto failed;
                                }
                        } else if (strcasecmp_m(name, "sidNameUse") == 0) {
-                               map->sid_name_use = strtoul(val, &q, 10);
-                               if (*q) {
+                               map->sid_name_use = strtoul_err(val,
+                                                               &q,
+                                                               10,
+                                                               &error);
+                               if (*q || (error != 0)) {
                                        errno = EIO;
                                        goto failed;
                                }