lib/getdef.c: Reject negative values in getdef_* except -1

The values are retrieved from login.defs files, which normally do not
contain negative values. In fact, negative value -1 is used in many
code places as "feature disabled", which is normally achieved by
simply commenting out the key from the file.

Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>

diff --git a/lib/getdef.c b/lib/getdef.c
index 1a72453fadf2472323c9087b082c33fea32ef6d2..32ec8135c2e973c953054aed59a2ef317c87be36 100644 (file)
--- a/lib/getdef.c
+++ b/lib/getdef.c
@@ -247,7 +247,7 @@ int getdef_num (const char *item, int dflt)
 
        if (   (getlong (d->value, &val) == 0)
            || (val > INT_MAX)
-           || (val < INT_MIN)) {
+           || (val < -1)) {
                fprintf (shadow_logfd,
                         _("configuration error - cannot parse %s value: '%s'"),
                         item, d->value);
@@ -315,7 +315,8 @@ long getdef_long (const char *item, long dflt)
                return dflt;
        }
 
-       if (getlong (d->value, &val) == 0) {
+       if (   (getlong (d->value, &val) == 0)
+           || (val < -1)) {
                fprintf (shadow_logfd,
                         _("configuration error - cannot parse %s value: '%s'"),
                         item, d->value);