lib/idmapping.c: get_map_ranges(): Move range check to a2ul() call

Link: <https://github.com/shadow-maint/shadow/commit/ff2baed5dbf81e8967b805889f565fedb48600df#r136635300>
Cc: Serge Hallyn <serge@hallyn.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>

diff --git a/lib/idmapping.c b/lib/idmapping.c
index da3ceefbc1b7cd559c8f8565a48b243a91239f29..3f55d8c8a189775642170f114d2ac7c82eabbc66 100644 (file)
--- a/lib/idmapping.c
+++ b/lib/idmapping.c
@@ -69,7 +69,8 @@ struct map_range *get_map_ranges(int ranges, int argc, char **argv)
                        return NULL;
                }
                if (a2ul(&m->count, argv[argidx + 2], NULL, 0, 0,
-                        MIN(UINT_MAX - m->lower, UINT_MAX - m->upper))
+                        MIN(MIN(UINT_MAX, ULONG_MAX - 1) - m->lower,
+                            MIN(UINT_MAX, ULONG_MAX - 1) - m->upper))
                    == -1)
                {
                        if (errno == ERANGE) {
@@ -79,10 +80,6 @@ struct map_range *get_map_ranges(int ranges, int argc, char **argv)
                        free(mappings);
                        return NULL;
                }
-               if (ULONG_MAX - m->upper <= m->count || ULONG_MAX - m->lower <= m->count) {
-                       fprintf(log_get_logfd(), _( "%s: subuid overflow detected.\n"), log_get_progname());
-                       exit(EXIT_FAILURE);
-               }
                if (m->lower + m->count < m->lower || m->upper + m->count < m->upper) {
                        /* this one really shouldn't be possible given previous checks */
                        fprintf(log_get_logfd(), _( "%s: subuid overflow detected.\n"), log_get_progname());