Disallow numeric nonlocal user/group names that look like local uid/gids.

This prevents nonlocal users and groups from disturbing a command like
‘chown 0:0 file’.

Signed-off-by: Anders Kaseorg <andersk@mit.edu>

diff --git a/nonlocal-group.c b/nonlocal-group.c
index af422dda72b4030bcaf0fb69ec7cdb80d06802de..074fc4e3703f356b8978120bdeada04e594c776c 100644 (file)
--- a/nonlocal-group.c
+++ b/nonlocal-group.c
@@ -129,6 +129,19 @@ check_nonlocal_gid(const char *user, gid_t gid, int *errnop)
 enum nss_status
 check_nonlocal_group(const char *user, struct group *grp, int *errnop)
 {
+    enum nss_status status = NSS_STATUS_SUCCESS;
+    int old_errno = errno;
+    char *end;
+    unsigned long gid;
+
+    errno = 0;
+    gid = strtoul(grp->gr_name, &end, 10);
+    if (errno == 0 && *end == '\0' && (gid_t)gid == gid)
+       status = check_nonlocal_gid(user, gid, errnop);
+    errno = old_errno;
+    if (status != NSS_STATUS_SUCCESS)
+       return status;
+
     return check_nonlocal_gid(user, grp->gr_gid, errnop);
 }
 

diff --git a/nonlocal-passwd.c b/nonlocal-passwd.c
index ffd5375fe6e0125dda81369a880e4c5110090ddd..0d71fe35d118dcd6bb2c8f978e024be1b08b6b30 100644 (file)
--- a/nonlocal-passwd.c
+++ b/nonlocal-passwd.c
@@ -127,6 +127,19 @@ check_nonlocal_uid(const char *user, uid_t uid, int *errnop)
 enum nss_status
 check_nonlocal_passwd(const char *user, struct passwd *pwd, int *errnop)
 {
+    enum nss_status status = NSS_STATUS_SUCCESS;
+    int old_errno = errno;
+    char *end;
+    unsigned long uid;
+
+    errno = 0;
+    uid = strtoul(pwd->pw_name, &end, 10);
+    if (errno == 0 && *end == '\0' && (uid_t)uid == uid)
+       status = check_nonlocal_uid(user, uid, errnop);
+    errno = old_errno;
+    if (status != NSS_STATUS_SUCCESS)
+       return status;
+
     return check_nonlocal_uid(user, pwd->pw_uid, errnop);
 }