user-util: never hand out or accept invalid UIDs

libc isn't that strict, but it's a good idea if we are, to not create
confusion around invalid user ids.

diff --git a/src/basic/user-util.c b/src/basic/user-util.c
index b5e6ce8a8aa285636f821f8f956822e9fb42d544..7e6c4c645da2e5183cf510585e48f18dbf8bf8cf 100644 (file)
--- a/src/basic/user-util.c
+++ b/src/basic/user-util.c
@@ -138,11 +138,19 @@ int get_user_creds(
         if (!p)
                 return errno > 0 ? -errno : -ESRCH;
 
-        if (uid)
+        if (uid) {
+                if (!uid_is_valid(p->pw_uid))
+                        return -EBADMSG;
+
                 *uid = p->pw_uid;
+        }
+
+        if (gid) {
+                if (!gid_is_valid(p->pw_gid))
+                        return -EBADMSG;
 
-        if (gid)
                 *gid = p->pw_gid;
+        }
 
         if (home)
                 *home = p->pw_dir;
@@ -185,8 +193,12 @@ int get_group_creds(const char **groupname, gid_t *gid) {
         if (!g)
                 return errno > 0 ? -errno : -ESRCH;
 
-        if (gid)
+        if (gid) {
+                if (!gid_is_valid(g->gr_gid))
+                        return -EBADMSG;
+
                 *gid = g->gr_gid;
+        }
 
         return 0;
 }
@@ -278,6 +290,9 @@ int in_gid(gid_t gid) {
         if (getegid() == gid)
                 return 1;
 
+        if (!gid_is_valid(gid))
+                return -EINVAL;
+
         ngroups_max = sysconf(_SC_NGROUPS_MAX);
         assert(ngroups_max > 0);