check uid and guid more strictly and improve error messages - susmb - fork from usmb 20130204: mount SMB/CIFS shares via FUSE
HTML git clone git://git.codemadness.org/susmb
DIR Log
DIR Files
DIR Refs
DIR README
DIR LICENSE
---
DIR commit 1b3fb6b43b88bfff059230f1d09ea3f81dbbdeee
DIR parent 7c373a01d301cfedcd1c250467e8d2272b401eb6
HTML Author: Hiltjo Posthuma <hiltjo@codemadness.org>
Date: Mon, 23 Feb 2026 20:21:05 +0100
check uid and guid more strictly and improve error messages
- uid and gid needs to be a whole valid number. It cannot be empty.
- uid == 0 or gid == 0 is checked later for privdrop (cannot privdrop to root).
- Make the error message more clear when the uid or gid is invalid or cannot be found
as a passwd entry.
- clarify documentation: if uid is numeric then the gid needs to be specified
as well.
Diffstat:
M susmb.1 | 5 +++--
M susmb.c | 21 +++++++++++++--------
2 files changed, 16 insertions(+), 10 deletions(-)
---
DIR diff --git a/susmb.1 b/susmb.1
@@ -1,4 +1,4 @@
-.Dd February 22, 2026
+.Dd February 23, 2026
.Dt SUSMB 1
.Os
.Sh NAME
@@ -49,7 +49,8 @@ implementation for the supported options.
Privdrop to user.
When a name is given then the uid and gid is read from the password
database entry.
-Otherwise the option is interpreted as an uid number.
+Otherwise the option is interpreted as an uid number and the gid number needs
+to be specified as well.
.It Fl g Ar gid
Privdrop to group.
This option is interpreted as an gid number.
DIR diff --git a/susmb.c b/susmb.c
@@ -1228,7 +1228,7 @@ main(int argc, char **argv)
{
struct uri u;
struct passwd *pw;
- char *tmp, *p;
+ char *tmp, *p, *endptr;
char **fuse_argv;
char passbuf[1024];
int fuse_argc;
@@ -1256,11 +1256,13 @@ main(int argc, char **argv)
opt_uid = pw->pw_uid;
opt_gid = pw->pw_gid;
} else {
- /* try to parse number */
+ /* try to parse as number */
errno = 0;
- l = strtol(optarg, NULL, 10);
- if (l <= 0 || errno)
+ l = strtol(optarg, &endptr, 10);
+ if (l < 0 || errno || endptr == optarg || *endptr) {
+ warnx("getpwnam: %s not found and cannot be parsed as uid", optarg);
usage();
+ }
opt_uid = (uid_t)l;
}
break;
@@ -1268,9 +1270,11 @@ main(int argc, char **argv)
opt_privdrop = 1;
/* parse gid as number */
errno = 0;
- l = strtol(optarg, NULL, 10);
- if (l <= 0 || errno)
+ l = strtol(optarg, &endptr, 10);
+ if (l < 0 || errno || endptr == optarg || *endptr) {
+ warnx("invalid gid number: %s", optarg);
usage();
+ }
opt_gid = (gid_t)l;
break;
case 'v':
@@ -1286,9 +1290,10 @@ main(int argc, char **argv)
argc -= optind;
argv += optind;
- if (opt_privdrop && (opt_uid == 0 || opt_gid == 0))
+ if (opt_privdrop && (opt_uid == 0 || opt_gid == 0)) {
+ warnx("privdrop: uid or guid cannot be 0 (uid=%d, gid=%d)\n", opt_uid, opt_gid);
usage();
-
+ }
/* options were succesfully parsed */
if (ch == '?' || ch == ':') {