emo/shadow
1
0
Fork 0
Code Issues Pull Requests Packages Releases Activity

idmapping: add more checks for overflow

Browse Source 
At this point they are redundant but should be safe.  Thanks to
Sebastian Krahmer for the first check.
This commit is contained in:
Serge Hallyn 2016-08-14 18:05:00 -05:00
parent 94da3dc5c8
commit ff2baed5db
1 changed files with 14 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
libmisc/idmapping.c
View File

@ -83,16 +83,26 @@ struct map_range *get_map_ranges(int ranges, int argc, char **argv)
free(mappings); free(mappings);
return NULL; return NULL;
} }
if (ULONG_MAX - mapping->upper <= mapping->count || ULONG_MAX - mapping->lower <= mapping->count) {
fprintf(stderr, _( "%s: subuid overflow detected.\n"), Prog);
exit(EXIT_FAILURE);
}
if (mapping->upper > UINT_MAX || if (mapping->upper > UINT_MAX ||
mapping->lower > UINT_MAX || mapping->lower > UINT_MAX ||
mapping->count > UINT_MAX) { mapping->count > UINT_MAX) {
free(mappings); fprintf(stderr, _( "%s: subuid overflow detected.\n"), Prog);
return NULL; exit(EXIT_FAILURE);
}
if (mapping->lower + mapping->count > UINT_MAX ||
mapping->upper + mapping->count > UINT_MAX) {
fprintf(stderr, _( "%s: subuid overflow detected.\n"), Prog);
exit(EXIT_FAILURE);
} }
if (mapping->lower + mapping->count < mapping->lower || if (mapping->lower + mapping->count < mapping->lower ||
mapping->upper + mapping->count < mapping->upper) { mapping->upper + mapping->count < mapping->upper) {
free(mapping); /* this one really shouldn't be possible given previous checks */
return NULL; fprintf(stderr, _( "%s: subuid overflow detected.\n"), Prog);
exit(EXIT_FAILURE);
} }
} }
return mappings; return mappings;