mirrors/shadow
0
0
Fork 0
mirror of https://github.com/shadow-maint/shadow.git synced 2024-11-23 01:56:51 +08:00
Code Issues Packages Projects Releases Wiki Activity

lib/idmapping.c: Fix get_map_ranges range check

Browse Source 
The get_map_ranges function shall support the whole accepted range
as specified in user_namespaces(7), i.e. upper and lower from 0 to
UINT_MAX - 1 as well as range from 1 to UINT_MAX. The actual limit of
range depends on values of upper and lower and adding the range
to either upper or lower shall never overflow UINT_MAX.

Fixes: 7c43eb2c4e (2024-07-11, "lib/idmapping.c: get_map_ranges(): Move range check to a2ul() call")
Fixes: ff2baed5db (2016-08-14, "idmapping: add more checks for overflow")
Fixes: 94da3dc5c8 (2016-08-14, "also check upper for wrap")
Fixes: 7f5a14817d (2016-07-31, "get_map_ranges: check for overflow")
Co-authored-by: Alejandro Colomar <alx@kernel.org>
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
This commit is contained in:
Tobias Stoeckmann 2024-11-11 20:28:52 +01:00 committed by Alejandro Colomar
parent 0b8c0c893c
commit 929e61d604
1 changed files with 3 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
lib/idmapping.c
View File

@ -52,23 +52,19 @@ get_map_ranges(int ranges, int argc, char **argv)
/* Gather up the ranges from the command line */
m = mappings;
for (int i = 0; i < ranges * 3; i+=3, m++) {
if (a2ul(&m->upper, argv[i + 0], NULL, 0, 0, UINT_MAX) == -1) {
if (a2ul(&m->upper, argv[i + 0], NULL, 0, 0, UINT_MAX - 1) == -1) {
if (errno == ERANGE)
fprintf(log_get_logfd(), _( "%s: subuid overflow detected.\n"), log_get_progname());
free(mappings);
return NULL;
}
if (a2ul(&m->lower, argv[i + 1], NULL, 0, 0, UINT_MAX) == -1) {
if (a2ul(&m->lower, argv[i + 1], NULL, 0, 0, UINT_MAX - 1) == -1) {
if (errno == ERANGE)
fprintf(log_get_logfd(), _( "%s: subuid overflow detected.\n"), log_get_progname());
free(mappings);
return NULL;
}
if (a2ul(&m->count, argv[i + 2], NULL, 0, 0,
MIN(MIN(UINT_MAX, ULONG_MAX - 1) - m->lower,
MIN(UINT_MAX, ULONG_MAX - 1) - m->upper))
== -1)
{
if (a2ul(&m->count, argv[i + 2], NULL, 0, 1, UINT_MAX - MAX(m->lower, m->upper)) == -1) {
if (errno == ERANGE)
fprintf(log_get_logfd(), _( "%s: subuid overflow detected.\n"), log_get_progname());
free(mappings);