diff options
| author | Serge Hallyn <serge.hallyn@ubuntu.com> | 2013-06-21 11:47:36 -0500 |
|---|---|---|
| committer | Serge Hallyn <serge.hallyn@ubuntu.com> | 2013-06-21 12:21:12 -0500 |
| commit | df3c8c1f7f47ceff607595067458f1d8e53eaab8 (patch) | |
| tree | 1c07fef40ccd665484ce2bdf325d9b41b1c3cb7f | |
| parent | ca0f3528845abbd3ea7611086a260ae64f831954 (diff) | |
userns: add argument sanity checkinguserns.2
In find_new_sub_{u,g}ids, check for min, count and max values.
In idmapping.c:get_map_ranges(), make sure that the value passed
in for ranges did not overflow. Couldn't happen with the current
code, but this is a sanity check for any future potential mis-uses.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
| -rw-r--r-- | libmisc/find_new_sub_gids.c | 8 | ||||
| -rw-r--r-- | libmisc/find_new_sub_uids.c | 8 | ||||
| -rw-r--r-- | libmisc/idmapping.c | 10 |
3 files changed, 26 insertions, 0 deletions
diff --git a/libmisc/find_new_sub_gids.c b/libmisc/find_new_sub_gids.c index 68046ac8..fd44978e 100644 --- a/libmisc/find_new_sub_gids.c +++ b/libmisc/find_new_sub_gids.c @@ -58,6 +58,14 @@ int find_new_sub_gids (const char *owner, max = getdef_ulong ("SUB_GID_MAX", 600100000UL); count = getdef_ulong ("SUB_GID_COUNT", 10000); + if (min >= max || count >= max || (min + count) >= max) { + (void) fprintf (stderr, + _("%s: Invalid configuration: SUB_GID_MIN (%lu)," + " SUB_GID_MAX (%lu), SUB_GID_COUNT (%lu)\n"), + Prog, min, max, count); + return -1; + } + /* Is there a preferred range that works? */ if ((*range_count != 0) && (*range_start >= min) && diff --git a/libmisc/find_new_sub_uids.c b/libmisc/find_new_sub_uids.c index f1720f91..b608c59d 100644 --- a/libmisc/find_new_sub_uids.c +++ b/libmisc/find_new_sub_uids.c @@ -58,6 +58,14 @@ int find_new_sub_uids (const char *owner, max = getdef_ulong ("SUB_UID_MAX", 600100000UL); count = getdef_ulong ("SUB_UID_COUNT", 10000); + if (min >= max || count >= max || (min + count) >= max) { + (void) fprintf (stderr, + _("%s: Invalid configuration: SUB_UID_MIN (%lu)," + " SUB_UID_MAX (%lu), SUB_UID_COUNT (%lu)\n"), + Prog, min, max, count); + return -1; + } + /* Is there a preferred range that works? */ if ((*range_count != 0) && (*range_start >= min) && diff --git a/libmisc/idmapping.c b/libmisc/idmapping.c index cb9e8985..4147796b 100644 --- a/libmisc/idmapping.c +++ b/libmisc/idmapping.c @@ -41,6 +41,16 @@ struct map_range *get_map_ranges(int ranges, int argc, char **argv) struct map_range *mappings, *mapping; int idx, argidx; + if (ranges < 0 || argc < 0) { + fprintf(stderr, "%s: error calculating number of arguments\n", Prog); + return NULL; + } + + if (ranges != ((argc - 2) + 2) / 3) { + fprintf(stderr, "%s: ranges: %u is wrong for argc: %d\n", Prog, ranges, argc); + return NULL; + } + if ((ranges * 3) > argc) { fprintf(stderr, "ranges: %u argc: %d\n", ranges, argc); |