Re: [PATCH] Use an explicit base of 10 for strtouid()/strtogid() calls

[Date Prev][Date Next] [Thread Prev][Thread Next]

From: Arthur de Jong <arthur [at] arthurdejong.org>
To: nss-pam-ldapd-users [at] lists.arthurdejong.org
Subject: Re: [PATCH] Use an explicit base of 10 for strtouid()/strtogid() calls
Date: Tue, 27 Sep 2011 21:53:05 +0200

On Tue, 2011-09-27 at 14:14 +0200, Jakub Hrozek wrote:
> This patch came up as a suggestion during Nalin's peer code review of my
> earlier strto* patches.
> 
> If a broken LDAP server entry had the uidNumber so it looks like a number
> from a different base then 10 to strto* functions, we would have converted
> it in the respective base instead of 10. For instance "010" would have
> been converted to "8".
> 
> I managed to break the configuration by putting "0100" into a custom
> attribute and then mapping the uidNumber to it by using "map uidNumber
> foobar". "getent passwd octaluid" then reported 512 for UID.

It is debatable how 0100 should be interpreted. Also, a value of 0x400
is currently allowed and would no longer be. I don't think (hope) that
anyone uses something like this though.

I'm fine with the change but be sure to also check the other places
where strto*() is used (shadow/rpc/protocol/service).

Thanks.

-- 
-- arthur - arthur@arthurdejong.org - http://arthurdejong.org --

-- 
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
http://lists.arthurdejong.org/nss-pam-ldapd-users/

[PATCH] Use an explicit base of 10 for strtouid()/strtogid() calls, Jakub Hrozek
- Re: [PATCH] Use an explicit base of 10 for strtouid()/strtogid() calls, Arthur de Jong

Prev by Date: [PATCH] Use an explicit base of 10 for strtouid()/strtogid() calls
Next by Date: Re: [PATCH] Use an explicit base of 10 for strtouid()/strtogid() calls
Previous by thread: [PATCH] Use an explicit base of 10 for strtouid()/strtogid() calls
Next by thread: Re: [PATCH] Use an explicit base of 10 for strtouid()/strtogid() calls