mirror of
https://github.com/shadow-maint/shadow.git
synced 2024-12-04 07:24:05 +08:00
idmapping: add more checks for overflow
At this point they are redundant but should be safe. Thanks to Sebastian Krahmer for the first check.
This commit is contained in:
parent
94da3dc5c8
commit
ff2baed5db
@ -83,16 +83,26 @@ struct map_range *get_map_ranges(int ranges, int argc, char **argv)
|
||||
free(mappings);
|
||||
return NULL;
|
||||
}
|
||||
if (ULONG_MAX - mapping->upper <= mapping->count || ULONG_MAX - mapping->lower <= mapping->count) {
|
||||
fprintf(stderr, _( "%s: subuid overflow detected.\n"), Prog);
|
||||
exit(EXIT_FAILURE);
|
||||
}
|
||||
if (mapping->upper > UINT_MAX ||
|
||||
mapping->lower > UINT_MAX ||
|
||||
mapping->count > UINT_MAX) {
|
||||
free(mappings);
|
||||
return NULL;
|
||||
fprintf(stderr, _( "%s: subuid overflow detected.\n"), Prog);
|
||||
exit(EXIT_FAILURE);
|
||||
}
|
||||
if (mapping->lower + mapping->count > UINT_MAX ||
|
||||
mapping->upper + mapping->count > UINT_MAX) {
|
||||
fprintf(stderr, _( "%s: subuid overflow detected.\n"), Prog);
|
||||
exit(EXIT_FAILURE);
|
||||
}
|
||||
if (mapping->lower + mapping->count < mapping->lower ||
|
||||
mapping->upper + mapping->count < mapping->upper) {
|
||||
free(mapping);
|
||||
return NULL;
|
||||
/* this one really shouldn't be possible given previous checks */
|
||||
fprintf(stderr, _( "%s: subuid overflow detected.\n"), Prog);
|
||||
exit(EXIT_FAILURE);
|
||||
}
|
||||
}
|
||||
return mappings;
|
||||
|
Loading…
Reference in New Issue
Block a user