idmapping: add more checks for overflow
At this point they are redundant but should be safe. Thanks to Sebastian Krahmer for the first check.
This commit is contained in:
parent
94da3dc5c8
commit
ff2baed5db
@ -83,16 +83,26 @@ struct map_range *get_map_ranges(int ranges, int argc, char **argv)
|
|||||||
free(mappings);
|
free(mappings);
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
if (ULONG_MAX - mapping->upper <= mapping->count || ULONG_MAX - mapping->lower <= mapping->count) {
|
||||||
|
fprintf(stderr, _( "%s: subuid overflow detected.\n"), Prog);
|
||||||
|
exit(EXIT_FAILURE);
|
||||||
|
}
|
||||||
if (mapping->upper > UINT_MAX ||
|
if (mapping->upper > UINT_MAX ||
|
||||||
mapping->lower > UINT_MAX ||
|
mapping->lower > UINT_MAX ||
|
||||||
mapping->count > UINT_MAX) {
|
mapping->count > UINT_MAX) {
|
||||||
free(mappings);
|
fprintf(stderr, _( "%s: subuid overflow detected.\n"), Prog);
|
||||||
return NULL;
|
exit(EXIT_FAILURE);
|
||||||
|
}
|
||||||
|
if (mapping->lower + mapping->count > UINT_MAX ||
|
||||||
|
mapping->upper + mapping->count > UINT_MAX) {
|
||||||
|
fprintf(stderr, _( "%s: subuid overflow detected.\n"), Prog);
|
||||||
|
exit(EXIT_FAILURE);
|
||||||
}
|
}
|
||||||
if (mapping->lower + mapping->count < mapping->lower ||
|
if (mapping->lower + mapping->count < mapping->lower ||
|
||||||
mapping->upper + mapping->count < mapping->upper) {
|
mapping->upper + mapping->count < mapping->upper) {
|
||||||
free(mapping);
|
/* this one really shouldn't be possible given previous checks */
|
||||||
return NULL;
|
fprintf(stderr, _( "%s: subuid overflow detected.\n"), Prog);
|
||||||
|
exit(EXIT_FAILURE);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
return mappings;
|
return mappings;
|
||||||
|
Loading…
x
Reference in New Issue
Block a user