1
From df3c8c1f7f47ceff607595067458f1d8e53eaab8 Mon Sep 17 00:00:00 2001
2
From: Serge Hallyn <serge.hallyn@ubuntu.com>
3
Date: Fri, 21 Jun 2013 11:47:36 -0500
4
Subject: [PATCH 1/1] userns: add argument sanity checking
6
In find_new_sub_{u,g}ids, check for min, count and max values.
8
In idmapping.c:get_map_ranges(), make sure that the value passed
9
in for ranges did not overflow. Couldn't happen with the current
10
code, but this is a sanity check for any future potential mis-uses.
12
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
14
libmisc/find_new_sub_gids.c | 8 ++++++++
15
libmisc/find_new_sub_uids.c | 8 ++++++++
16
libmisc/idmapping.c | 10 ++++++++++
17
3 files changed, 26 insertions(+)
19
diff --git a/libmisc/find_new_sub_gids.c b/libmisc/find_new_sub_gids.c
20
index 68046ac..fd44978 100644
21
--- a/libmisc/find_new_sub_gids.c
22
+++ b/libmisc/find_new_sub_gids.c
23
@@ -58,6 +58,14 @@ int find_new_sub_gids (const char *owner,
24
max = getdef_ulong ("SUB_GID_MAX", 600100000UL);
25
count = getdef_ulong ("SUB_GID_COUNT", 10000);
27
+ if (min >= max || count >= max || (min + count) >= max) {
28
+ (void) fprintf (stderr,
29
+ _("%s: Invalid configuration: SUB_GID_MIN (%lu),"
30
+ " SUB_GID_MAX (%lu), SUB_GID_COUNT (%lu)\n"),
31
+ Prog, min, max, count);
35
/* Is there a preferred range that works? */
36
if ((*range_count != 0) &&
37
(*range_start >= min) &&
38
diff --git a/libmisc/find_new_sub_uids.c b/libmisc/find_new_sub_uids.c
39
index f1720f9..b608c59 100644
40
--- a/libmisc/find_new_sub_uids.c
41
+++ b/libmisc/find_new_sub_uids.c
42
@@ -58,6 +58,14 @@ int find_new_sub_uids (const char *owner,
43
max = getdef_ulong ("SUB_UID_MAX", 600100000UL);
44
count = getdef_ulong ("SUB_UID_COUNT", 10000);
46
+ if (min >= max || count >= max || (min + count) >= max) {
47
+ (void) fprintf (stderr,
48
+ _("%s: Invalid configuration: SUB_UID_MIN (%lu),"
49
+ " SUB_UID_MAX (%lu), SUB_UID_COUNT (%lu)\n"),
50
+ Prog, min, max, count);
54
/* Is there a preferred range that works? */
55
if ((*range_count != 0) &&
56
(*range_start >= min) &&
57
diff --git a/libmisc/idmapping.c b/libmisc/idmapping.c
58
index cb9e898..4147796 100644
59
--- a/libmisc/idmapping.c
60
+++ b/libmisc/idmapping.c
61
@@ -41,6 +41,16 @@ struct map_range *get_map_ranges(int ranges, int argc, char **argv)
62
struct map_range *mappings, *mapping;
65
+ if (ranges < 0 || argc < 0) {
66
+ fprintf(stderr, "%s: error calculating number of arguments\n", Prog);
70
+ if (ranges != ((argc - 2) + 2) / 3) {
71
+ fprintf(stderr, "%s: ranges: %u is wrong for argc: %d\n", Prog, ranges, argc);
75
if ((ranges * 3) > argc) {
76
fprintf(stderr, "ranges: %u argc: %d\n",