From cd7b8d78c7841e01f56502e2e6e29af2ec6fa5cd Mon Sep 17 00:00:00 2001
From: Paul Richards <paul@FreeBSD.org>
Date: Thu, 9 Mar 2000 18:11:16 +0000
Subject: [PATCH] Fix various unsigned vs signed errors that caused problems
 with uids and gids bigger than 16 bits. Added checks for uids and gids that
 are bigger than 32 bits.

Approved by:	jkh (partly, this fix is bigger than I first intended)
---
 lib/libc/gen/pw_scan.c       | 19 ++++++++++++++-----
 usr.sbin/pwd_mkdb/pw_scan.c  | 19 ++++++++++++++-----
 usr.sbin/pwd_mkdb/pwd_mkdb.c | 12 ++++++------
 3 files changed, 34 insertions(+), 16 deletions(-)

diff --git a/lib/libc/gen/pw_scan.c b/lib/libc/gen/pw_scan.c
index 849effab45d..d0fb5f17d03 100644
--- a/lib/libc/gen/pw_scan.c
+++ b/lib/libc/gen/pw_scan.c
@@ -47,6 +47,7 @@ static const char rcsid[] =
 #include <sys/param.h>
 
 #include <err.h>
+#include <errno.h>
 #include <fcntl.h>
 #include <pwd.h>
 #include <stdio.h>
@@ -72,7 +73,7 @@ pw_scan(bp, pw)
 	char *bp;
 	struct passwd *pw;
 {
-	long id;
+	uid_t id;
 	int root;
 	char *p, *sh;
 
@@ -100,13 +101,17 @@ pw_scan(bp, pw)
 			return (0);
 		}
 	}
-	id = atol(p);
+	id = strtoul(p, (char **)NULL, 10);
+	if (errno == ERANGE) {
+		warnx("%s > max uid value (%u)", p, ULONG_MAX);
+		return (0);
+	}
 	if (root && id) {
 		warnx("root uid should be 0");
 		return (0);
 	}
 	if (pw_big_ids_warning && id > USHRT_MAX) {
-		warnx("%s > max uid value (%u)", p, USHRT_MAX);
+		warnx("%s > recommended max uid value (%u)", p, USHRT_MAX);
 		/*return (0);*/ /* THIS SHOULD NOT BE FATAL! */
 	}
 	pw->pw_uid = id;
@@ -114,9 +119,13 @@ pw_scan(bp, pw)
 	if (!(p = strsep(&bp, ":")))			/* gid */
 		goto fmt;
 	if(p[0]) pw->pw_fields |= _PWF_GID;
-	id = atol(p);
+	id = strtoul(p, (char **)NULL, 10);
+	if (errno == ERANGE) {
+		warnx("%s > max gid value (%u)", p, ULONG_MAX);
+		return (0);
+	}
 	if (pw_big_ids_warning && id > USHRT_MAX) {
-		warnx("%s > max gid value (%u)", p, USHRT_MAX);
+		warnx("%s > recommended max gid value (%u)", p, USHRT_MAX);
 		/* return (0); This should not be fatal! */
 	}
 	pw->pw_gid = id;
diff --git a/usr.sbin/pwd_mkdb/pw_scan.c b/usr.sbin/pwd_mkdb/pw_scan.c
index 849effab45d..d0fb5f17d03 100644
--- a/usr.sbin/pwd_mkdb/pw_scan.c
+++ b/usr.sbin/pwd_mkdb/pw_scan.c
@@ -47,6 +47,7 @@ static const char rcsid[] =
 #include <sys/param.h>
 
 #include <err.h>
+#include <errno.h>
 #include <fcntl.h>
 #include <pwd.h>
 #include <stdio.h>
@@ -72,7 +73,7 @@ pw_scan(bp, pw)
 	char *bp;
 	struct passwd *pw;
 {
-	long id;
+	uid_t id;
 	int root;
 	char *p, *sh;
 
@@ -100,13 +101,17 @@ pw_scan(bp, pw)
 			return (0);
 		}
 	}
-	id = atol(p);
+	id = strtoul(p, (char **)NULL, 10);
+	if (errno == ERANGE) {
+		warnx("%s > max uid value (%u)", p, ULONG_MAX);
+		return (0);
+	}
 	if (root && id) {
 		warnx("root uid should be 0");
 		return (0);
 	}
 	if (pw_big_ids_warning && id > USHRT_MAX) {
-		warnx("%s > max uid value (%u)", p, USHRT_MAX);
+		warnx("%s > recommended max uid value (%u)", p, USHRT_MAX);
 		/*return (0);*/ /* THIS SHOULD NOT BE FATAL! */
 	}
 	pw->pw_uid = id;
@@ -114,9 +119,13 @@ pw_scan(bp, pw)
 	if (!(p = strsep(&bp, ":")))			/* gid */
 		goto fmt;
 	if(p[0]) pw->pw_fields |= _PWF_GID;
-	id = atol(p);
+	id = strtoul(p, (char **)NULL, 10);
+	if (errno == ERANGE) {
+		warnx("%s > max gid value (%u)", p, ULONG_MAX);
+		return (0);
+	}
 	if (pw_big_ids_warning && id > USHRT_MAX) {
-		warnx("%s > max gid value (%u)", p, USHRT_MAX);
+		warnx("%s > recommended max gid value (%u)", p, USHRT_MAX);
 		/* return (0); This should not be fatal! */
 	}
 	pw->pw_gid = id;
diff --git a/usr.sbin/pwd_mkdb/pwd_mkdb.c b/usr.sbin/pwd_mkdb/pwd_mkdb.c
index 5ee9699d57b..9d77b279e50 100644
--- a/usr.sbin/pwd_mkdb/pwd_mkdb.c
+++ b/usr.sbin/pwd_mkdb/pwd_mkdb.c
@@ -320,9 +320,9 @@ main(argc, argv)
 			p = buf;
 			COMPACT(pwd.pw_name);
 			COMPACT("*");
-			memmove(p, &pwd.pw_uid, sizeof(int));
+			memmove(p, &pwd.pw_uid, sizeof(pwd.pw_uid));
 			p += sizeof(int);
-			memmove(p, &pwd.pw_gid, sizeof(int));
+			memmove(p, &pwd.pw_gid, sizeof(pwd.pw_gid));
 			p += sizeof(int);
 			memmove(p, &pwd.pw_change, sizeof(time_t));
 			p += sizeof(time_t);
@@ -340,9 +340,9 @@ main(argc, argv)
 			p = sbuf;
 			COMPACT(pwd.pw_name);
 			COMPACT(pwd.pw_passwd);
-			memmove(p, &pwd.pw_uid, sizeof(int));
+			memmove(p, &pwd.pw_uid, sizeof(pwd.pw_uid));
 			p += sizeof(int);
-			memmove(p, &pwd.pw_gid, sizeof(int));
+			memmove(p, &pwd.pw_gid, sizeof(pwd.pw_gid));
 			p += sizeof(int);
 			memmove(p, &pwd.pw_change, sizeof(time_t));
 			p += sizeof(time_t);
@@ -420,8 +420,8 @@ main(argc, argv)
 			char uidstr[20];
 			char gidstr[20];
 
-			snprintf(uidstr, sizeof(uidstr), "%d", pwd.pw_uid);
-			snprintf(gidstr, sizeof(gidstr), "%d", pwd.pw_gid);
+			snprintf(uidstr, sizeof(uidstr), "%u", pwd.pw_uid);
+			snprintf(gidstr, sizeof(gidstr), "%u", pwd.pw_gid);
 
 			if (fprintf(oldfp, "%s:*:%s:%s:%s:%s:%s\n",
 			    pwd.pw_name, pwd.pw_fields & _PWF_UID ? uidstr : "",