emo/shadow
1
0
Fork 0
Code Issues Pull Requests Packages Releases Activity

idmapping: add more checks for overflow

Browse Source 
At this point they are redundant but should be safe.  Thanks to
Sebastian Krahmer for the first check.
This commit is contained in:
Serge Hallyn 2016-08-14 18:05:00 -05:00
parent 94da3dc5c8
commit ff2baed5db
1 changed files with 14 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
libmisc/idmapping.c
View File

@ -83,16 +83,26 @@ struct map_range *get_map_ranges(int ranges, int argc, char **argv)
free(mappings);
return NULL;
}
if (ULONG_MAX - mapping->upper <= mapping->count || ULONG_MAX - mapping->lower <= mapping->count) {
fprintf(stderr, _( "%s: subuid overflow detected.\n"), Prog);
exit(EXIT_FAILURE);
}
if (mapping->upper > UINT_MAX ||
mapping->lower > UINT_MAX ||
mapping->count > UINT_MAX) {
free(mappings);
return NULL;
fprintf(stderr, _( "%s: subuid overflow detected.\n"), Prog);
exit(EXIT_FAILURE);
}
if (mapping->lower + mapping->count > UINT_MAX ||
mapping->upper + mapping->count > UINT_MAX) {
fprintf(stderr, _( "%s: subuid overflow detected.\n"), Prog);
exit(EXIT_FAILURE);
}
if (mapping->lower + mapping->count < mapping->lower ||
mapping->upper + mapping->count < mapping->upper) {
free(mapping);
return NULL;
/* this one really shouldn't be possible given previous checks */
fprintf(stderr, _( "%s: subuid overflow detected.\n"), Prog);
exit(EXIT_FAILURE);
}
}
return mappings;