From cb15359712d2ef7a5d75c3f9e521bd5c9ce1d329 Mon Sep 17 00:00:00 2001
From: jamie <jamie@FreeBSD.org>
Date: Fri, 18 Dec 2015 00:33:04 +0000
Subject: [PATCH] MFC r292277:

  Fix jail name checking that disallowed anything that starts with '0'.
  The intention was to just limit leading zeroes on numeric names.  That
  check is now improved to also catch the leading spaces and '+' that
  strtoul can pass through.

PR:		204897
---
 sys/kern/kern_jail.c | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/sys/kern/kern_jail.c b/sys/kern/kern_jail.c
index af5feb35517..42c53c0b900 100644
--- a/sys/kern/kern_jail.c
+++ b/sys/kern/kern_jail.c
@@ -1585,11 +1585,14 @@ kern_jail_set(struct thread *td, struct uio *optuio, int flags)
 #endif
 	onamelen = namelen = 0;
 	if (name != NULL) {
-		/* Give a default name of the jid. */
+		/* Give a default name of the jid.  Also allow the name to be
+		 * explicitly the jid - but not any other number, and only in
+		 * normal form (no leading zero/etc).
+		 */
 		if (name[0] == '\0')
 			snprintf(name = numbuf, sizeof(numbuf), "%d", jid);
-		else if (*namelc == '0' || (strtoul(namelc, &p, 10) != jid &&
-		    *p == '\0')) {
+		else if ((strtoul(namelc, &p, 10) != jid ||
+			  namelc[0] < '1' || namelc[0] > '9') && *p == '\0') {
 			error = EINVAL;
 			vfs_opterror(opts,
 			    "name cannot be numeric (unless it is the jid)");
-- 
2.45.2