From forrestc@imach.com  Thu Dec 23 12:43:33 1999
Return-Path: <forrestc@imach.com>
Received: from www.mt.net (mail.mt.net [206.127.64.134])
	by hub.freebsd.org (Postfix) with ESMTP id A31D61580C
	for <FreeBSD-gnats-submit@freebsd.org>; Thu, 23 Dec 1999 12:43:00 -0800 (PST)
	(envelope-from forrestc@imach.com)
Received: (from root@localhost)
	by www.mt.net (8.9.3/8.9.3) id BAA22027;
	Thu, 23 Dec 1999 01:25:54 -0700 (MST)
	(envelope-from forrestc@imach.com)
Message-Id: <199912230825.BAA22027@www.mt.net>
Date: Thu, 23 Dec 1999 01:25:54 -0700 (MST)
From: forrestc@imach.com
Reply-To: forrestc@imach.com
To: FreeBSD-gnats-submit@freebsd.org
Subject: Fix to edquota.c 
X-Send-Pr-Version: 3.2

>Number:         15658
>Category:       misc
>Synopsis:       edquota misinterprets usernames as uid ranges
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Thu Dec 23 12:50:00 PST 1999
>Closed-Date:    Thu Aug 08 18:21:54 PDT 2002
>Last-Modified:  Thu Aug 08 18:21:54 PDT 2002
>Originator:     Forrest W. Christian
>Release:        FreeBSD 3.4-STABLE i386
>Organization:
iMach, Ltd.
>Environment:

Apparently all recent versions of FreeBSD.   Verified to exist in latest
FreeBSD 3.4-STABLE.

>Description:

The current version of edquota accepts parameters in the form of either a
username or a range of userids.   In order to determine if a parameter
is a range of uid's, it looks to see if the first digit of the parameter
is a number, and if the parameter contains a dash.   Thus, usernames
such as 2-xhibit are treated as a range of uids.  The existing code
also does no additional error checking and simply performs an atoi
on the start of the parameter and on the string starting immediately
following the hyphen.

>How-To-Repeat:

This problem only occurs when using a prototype user.   To excersise
the chunk of code with the problem, you can run the following command line:

   edquota -p root 2-xhibit

This results in the result:

  edquota: ending uid (0) must be >= starting uid (2) when using uid ranges

>Fix:
	
 Apply the following patch to edquota.  This performs additional checks
 on the parameter before determining that it is, in fact, a uid range.

---START OF PATCH---TRIM HERE---
149,153c149,152
<                       if (isdigit(*argv[0]) &&
<                           (cp = strchr(*argv, '-')) != NULL) {
<                               *cp++ = '\0';
<                               startuid = atoi(*argv);
<                               enduid = atoi(cp);
---
>                       if ((startuid=(int)(strtol(argv[0],&cp,10))) &&
>                             (*(cp++)=='-') &&
>                             (enduid=(int)(strtol(cp,&cp,10))) &&
>                             (*(cp++)==0) ) {
---END OF PATCH---TRIM HERE---


>Release-Note:
>Audit-Trail:

From: Steve Price <sprice@hiwaay.net>
To: freebsd-gnats-submit@freebsd.org
Cc:  
Subject: Re: misc/15658: Fix to edquota.c (fwd)
Date: Thu, 23 Dec 1999 23:14:07 -0600 (CST)

 ---------- Forwarded message ----------
 Date: Thu, 23 Dec 1999 22:05:40 -0700 (MST)
 From: Forrest W. Christian <forrestc@iMach.com>
 To: gnats-admin@FreeBSD.org, freebsd-bugs@FreeBSD.org
 Subject: Re: misc/15658: Fix to edquota.c 
 
 In addition to the patch, something like the following should probably be
 added to the "BUGS" section of the man page:
 
 BUGS
 
     When a prototype user is specified using the -p option, if you 
     specify a username containing only digits and a single hyphen,
     edquota will assume this is a uid range.   A workaround is to
     provide the uid of the user instead of the username.
 
 
 

From: "Forrest W. Christian" <forrestc@iMach.com>
To: <freebsd-gnats-submit@freebsd.org>, <forrestc@imach.com>
Cc:  
Subject: Re: misc/15658: edquota misinterprets usernames as uid ranges
Date: Thu, 23 Dec 1999 22:17:22 -0700

 In addition to the patch, something like the following should probably be
 added to the "BUGS" section of the man page:
 
 BUGS
 
     When a prototype user is specified using the -p option, if you
     specify a username containing only digits and a single hyphen,
     edquota will assume this is a uid range.   A workaround is to
     provide the uid of the user instead of the username.
 
 

From: Ian Dowse <iedowse@maths.tcd.ie>
To: forrestc@imach.com
Cc: freebsd-gnats-submit@freebsd.org
Subject: Re: misc/15658: edquota misinterprets usernames as uid ranges
Date: Fri, 16 Nov 2001 23:52:29 +0000

 Hi, could you try the following patch to edquota instead? It looks
 as if this will also fix a bug where the code forgets to increment
 argv in the -p case.
 
 Ian
 
 Index: edquota.c
 ===================================================================
 RCS file: /dump/FreeBSD-CVS/src/usr.sbin/edquota/edquota.c,v
 retrieving revision 1.13
 diff -u -r1.13 edquota.c
 --- edquota.c	28 Sep 2001 10:22:36 -0000	1.13
 +++ edquota.c	16 Nov 2001 23:39:07 -0000
 @@ -149,8 +149,8 @@
  			qup->dqblk.dqb_btime = 0;
  			qup->dqblk.dqb_itime = 0;
  		}
 -		while (argc-- > 0) {
 -			if (isdigit(*argv[0]) && 
 +		for (; argc-- > 0; argv++) {
 +			if (strspn(*argv, "0123456789-") == strlen(*argv) && 
  			    (cp = strchr(*argv, '-')) != NULL) {
  				*cp++ = '\0';
  				startuid = atoi(*argv);
 @@ -168,7 +168,7 @@
  				}
  				continue;
  			}
 -			if ((id = getentry(*argv++, quotatype)) < 0)
 +			if ((id = getentry(*argv, quotatype)) < 0)
  				continue;
  			putprivs(id, quotatype, protoprivs);
  		}
 
State-Changed-From-To: open->feedback 
State-Changed-By: iedowse 
State-Changed-When: Fri Nov 16 16:01:01 PST 2001 
State-Changed-Why:  

Waiting for feedback on proposed patch. 

http://www.FreeBSD.org/cgi/query-pr.cgi?pr=15658 
State-Changed-From-To: feedback->closed 
State-Changed-By: iedowse 
State-Changed-When: Thu Aug 8 18:21:27 PDT 2002 
State-Changed-Why:  

Fixed in revision 1.17 of edquota.c. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=15658 
>Unformatted:
