]> granicus.if.org Git - shadow/commitdiff
projects / shadow / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 9bf01bf)
get_map_ranges: check for overflow
authorSerge Hallyn <serge@hallyn.com>
Sun, 31 Jul 2016 17:55:44 +0000 (12:55 -0500)
committerSerge Hallyn <serge@hallyn.com>
Sun, 31 Jul 2016 17:56:48 +0000 (12:56 -0500)
The kernel accepts u32 values, so make sure that userspace
is not passing large values.

Signed-off-by: Serge Hallyn <serge@hallyn.com>
libmisc/idmapping.c patch | blob | history

diff --git a/libmisc/idmapping.c b/libmisc/idmapping.c
index 0dce634d0825c0081cf7ca1217f471cd5cab7a83..f105a4125997df9e48cf15f8bdf39cba37b00824 100644 (file)
--- a/libmisc/idmapping.c
+++ b/libmisc/idmapping.c
@@ -83,6 +83,16 @@ struct map_range *get_map_ranges(int ranges, int argc, char **argv)
                        free(mappings);
                        return NULL;
                }
+               if (mapping->upper > UINT_MAX ||
+                       mapping->lower > UINT_MAX ||
+                       mapping->count > UINT_MAX)  {
+                       free(mappings);
+                       return NULL;
+               }
+               if (mapping->lower + mapping->count < mapping->lower) {
+                       free(mapping);
+                       return NULL;
+               }
        }
        return mappings;
 }
Unnamed repository; edit this file 'description' to name the repository.