get_pid.c: Use tighter validation checks

Neither a pid_t below 1 nor a negative fd could be valid in this context. Proof of Concept: $ newuidmap -1 1 1 1 newuidmap: Could not open proc directory for target 4294967295 Signed-off-by: Samanta Navarro <ferivoz@riseup.net>
author: Samanta Navarro <ferivoz@riseup.net> 2023-05-12 11:59:47 +0000
committer: Iker Pedrosa <ikerpedrosam@gmail.com> 2023-05-15 09:21:16 +0200
commit: 4ef4477535682fd3baa242450f62d546ee3974ce (patch)
tree: a2d4ad4969a6a9b6740edb4a07f55108d4622d8a
parent: a022d39d2abbee48d3223689bea5c31592420ca6 (diff)
1 files changed, 3 insertions, 1 deletions
diff --git a/lib/get_pid.c b/lib/get_pid.c
index 8e5e6014..20f4ce42 100644
--- a/lib/get_pid.c
+++ b/lib/get_pid.c
@@ -24,6 +24,7 @@ int get_pid (const char *pidstr, pid_t *pid)
 	if (   ('\0' == *pidstr)
 	    || ('\0' != *endptr)
 	    || (ERANGE == errno)
+	    || (val < 1)
 	    || (/*@+longintegral@*/val != (pid_t)val)/*@=longintegral@*/) {
 		return 0;
 	}
@@ -49,7 +50,8 @@ int get_pidfd_from_fd(const char *pidfdstr)
 	if (   ('\0' == *pidfdstr)
 	    || ('\0' != *endptr)
 	    || (ERANGE == errno)
-	    || (/*@+longintegral@*/val != (pid_t)val)/*@=longintegral@*/) {
+	    || (val < 0)
+	    || (/*@+longintegral@*/val != (int)val)/*@=longintegral@*/) {
 		return -1;
 	}
author	Samanta Navarro <ferivoz@riseup.net>	2023-05-12 11:59:47 +0000
committer	Iker Pedrosa <ikerpedrosam@gmail.com>	2023-05-15 09:21:16 +0200
commit	4ef4477535682fd3baa242450f62d546ee3974ce (patch)
tree	a2d4ad4969a6a9b6740edb4a07f55108d4622d8a
parent	a022d39d2abbee48d3223689bea5c31592420ca6 (diff)