jail_getid(3): validate jid string input

Currently, if jail_getid(3) is passed in a numeric string, it assumes that
this is a jid string and passes it back converted to an int without checking
that it's a valid/existing jid. This breaks consumers that might use
jail_getid(3) to see if it can trivially grab a jid from a name if that name
happens to be numeric but not actually the name/jid of the jail. Instead of
returning -1 for the jail not existing, it'll return the int version of the
input and the consumer will not fallback to trying other methods.

Pass the numeric input to jail_get(2) as the jid for validation, rather than
the name. This works well- the kernel enforces that jid=name if name is
numeric, so doing the safe thing and checking numeric input as a jid will
still DTRT based on the description of jail_getid.

Reported by:	Wes Maag
Reviewed by:	jamie, Wes Maag
MFC after:	3 days
Differential Revision:	https://reviews.freebsd.org/D20388

1 files changed, 12 insertions, 7 deletions

diff --git a/lib/libjail/jail_getid.c b/lib/libjail/jail_getid.c
index 6ab6d9eff98a..f99a175fd398 100644
--- a/lib/libjail/jail_getid.c
+++ b/lib/libjail/jail_getid.c
@@ -53,13 +53,18 @@ jail_getid(const char *name)
 	struct iovec jiov[4];
 
 	jid = strtoul(name, &ep, 10);
-	if (*name && !*ep)
-		return jid;
-	jiov[0].iov_base = __DECONST(char *, "name");
-	jiov[0].iov_len = sizeof("name");
-	jiov[1].iov_len = strlen(name) + 1;
-	jiov[1].iov_base = alloca(jiov[1].iov_len);
-	strcpy(jiov[1].iov_base, name);
+	if (*name && !*ep) {
+		jiov[0].iov_base = __DECONST(char *, "jid");
+		jiov[0].iov_len = sizeof("jid");
+		jiov[1].iov_base = &jid;
+		jiov[1].iov_len = sizeof(jid);
+	} else {
+		jiov[0].iov_base = __DECONST(char *, "name");
+		jiov[0].iov_len = sizeof("name");
+		jiov[1].iov_len = strlen(name) + 1;
+		jiov[1].iov_base = alloca(jiov[1].iov_len);
+		strcpy(jiov[1].iov_base, name);
+	}
 	jiov[2].iov_base = __DECONST(char *, "errmsg");
 	jiov[2].iov_len = sizeof("errmsg");
 	jiov[3].iov_base = jail_errmsg;