From bc997ea6b81eace14f999e782502ae060687db2c Mon Sep 17 00:00:00 2001 From: Alan Somers Date: Fri, 11 Jun 2021 10:38:07 -0600 Subject: [PATCH] id: sanitize arguments better The -[AMc] flags ignore the user argument. Better if id rejects invocations that include a user argument along with any of those flags. PR: 256554 Reviewed by: trasz Sponsored by: Axcient Differential Revision: https://reviews.freebsd.org/D30734 (cherry picked from commit 4a06e9377398b34922f8a67d7cb3ea980b95bde8) --- usr.bin/id/id.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/usr.bin/id/id.c b/usr.bin/id/id.c index 5abfb655c94..b8988dedd6f 100644 --- a/usr.bin/id/id.c +++ b/usr.bin/id/id.c @@ -144,6 +144,8 @@ main(int argc, char *argv[]) if (iswhoami && argc > 0) usage(); + if ((cflag || Aflag || Mflag) && argc > 0) + usage(); switch(Aflag + Gflag + Mflag + Pflag + gflag + pflag + uflag) { case 1: