From 4bbe01def134e991abd2c96aa7eac2add7ef1f2b Mon Sep 17 00:00:00 2001
From: Emanuele Torre <torreemanuele6@gmail.com>
Date: Sun, 21 Jun 2020 09:54:07 +0200
Subject: [PATCH] chown: Don't allow "invalid" uid/gid specs (#2596)

The usage message states that a uid/gid spec should be <uid[:gid]>.

Let's not allow `anon:`, `anon:users:hello` and `:users` then.
---
 Userland/chown.cpp | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/Userland/chown.cpp b/Userland/chown.cpp
index 0dba8b7f74..6e5040380b 100644
--- a/Userland/chown.cpp
+++ b/Userland/chown.cpp
@@ -48,11 +48,15 @@ int main(int argc, char** argv)
     uid_t new_uid = -1;
     gid_t new_gid = -1;
 
-    auto parts = String(argv[1]).split(':');
+    auto parts = String(argv[1]).split(':', true);
     if (parts.is_empty()) {
         fprintf(stderr, "Empty uid/gid spec\n");
         return 1;
     }
+    if (parts[0].is_empty() || (parts.size() == 2 && parts[1].is_empty()) || parts.size() > 2) {
+        fprintf(stderr, "Invalid uid/gid spec\n");
+        return 1;
+    }
 
     auto number = parts[0].to_uint();
     if (number.has_value()) {