diff options
author | Balint Reczey <balint@balintreczey.hu> | 2016-11-30 02:36:06 +0100 |
---|---|---|
committer | Balint Reczey <balint@balintreczey.hu> | 2016-11-30 02:36:06 +0100 |
commit | 365658d0f3a51814626afbb70aa2dd7b5e82ac36 (patch) | |
tree | 7218fb9147359258fda0f9a43da5a29b2d20e85b /libmisc/idmapping.c | |
parent | bfaa59229d61adb7fa0c570f0d94fd324c6e05aa (diff) | |
download | shadow-365658d0f3a51814626afbb70aa2dd7b5e82ac36.tar.gz |
Imported Upstream version 4.4upstream/4.4
Diffstat (limited to 'libmisc/idmapping.c')
-rw-r--r-- | libmisc/idmapping.c | 35 |
1 files changed, 31 insertions, 4 deletions
diff --git a/libmisc/idmapping.c b/libmisc/idmapping.c index 714c29eb..db254fcb 100644 --- a/libmisc/idmapping.c +++ b/libmisc/idmapping.c @@ -70,13 +70,40 @@ struct map_range *get_map_ranges(int ranges, int argc, char **argv) /* Gather up the ranges from the command line */ mapping = mappings; - for (idx = 0; idx < ranges; idx++, argidx += 3, mapping++) { - if (!getulong(argv[argidx + 0], &mapping->upper)) + for (idx = 0, argidx = 0; idx < ranges; idx++, argidx += 3, mapping++) { + if (!getulong(argv[argidx + 0], &mapping->upper)) { + free(mappings); return NULL; - if (!getulong(argv[argidx + 1], &mapping->lower)) + } + if (!getulong(argv[argidx + 1], &mapping->lower)) { + free(mappings); return NULL; - if (!getulong(argv[argidx + 2], &mapping->count)) + } + if (!getulong(argv[argidx + 2], &mapping->count)) { + free(mappings); return NULL; + } + if (ULONG_MAX - mapping->upper <= mapping->count || ULONG_MAX - mapping->lower <= mapping->count) { + fprintf(stderr, _( "%s: subuid overflow detected.\n"), Prog); + exit(EXIT_FAILURE); + } + if (mapping->upper > UINT_MAX || + mapping->lower > UINT_MAX || + mapping->count > UINT_MAX) { + fprintf(stderr, _( "%s: subuid overflow detected.\n"), Prog); + exit(EXIT_FAILURE); + } + if (mapping->lower + mapping->count > UINT_MAX || + mapping->upper + mapping->count > UINT_MAX) { + fprintf(stderr, _( "%s: subuid overflow detected.\n"), Prog); + exit(EXIT_FAILURE); + } + if (mapping->lower + mapping->count < mapping->lower || + mapping->upper + mapping->count < mapping->upper) { + /* this one really shouldn't be possible given previous checks */ + fprintf(stderr, _( "%s: subuid overflow detected.\n"), Prog); + exit(EXIT_FAILURE); + } } return mappings; } |