From: Michal Koutný <mkoutny@suse.com>
Date: Mon, 24 Feb 2025 15:22:59 +0000 (+0100)
Subject: user-record: Handle invalid uid/gid case
X-Git-Tag: v258-rc1~1199^2~3
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=5eceb5a7a2f46102387505261af722d1f11f3263;p=thirdparty%2Fsystemd.git

user-record: Handle invalid uid/gid case

I'm not that familiar with outer code to guide Coverity with an
assert(), so consider invalid uid/gid as non-matching in order to avoid
-EINVAL for bit shifts calculation.

Fixes: CID#1590746
---

diff --git a/src/shared/group-record.c b/src/shared/group-record.c
index 911c6c8f0bc..76d23259ce6 100644
--- a/src/shared/group-record.c
+++ b/src/shared/group-record.c
@@ -350,6 +350,9 @@ int group_record_match(GroupRecord *h, const UserDBMatch *match) {
         if (!match)
                 return true;
 
+        if (!gid_is_valid(h->gid))
+                return false;
+
         if (h->gid < match->gid_min || h->gid > match->gid_max)
                 return false;
 
diff --git a/src/shared/user-record.c b/src/shared/user-record.c
index 4817bec0735..4c8e41cd895 100644
--- a/src/shared/user-record.c
+++ b/src/shared/user-record.c
@@ -2775,6 +2775,9 @@ int user_record_match(UserRecord *u, const UserDBMatch *match) {
         if (!match)
                 return true;
 
+        if (!uid_is_valid(u->uid))
+                return false;
+
         if (u->uid < match->uid_min || u->uid > match->uid_max)
                 return false;