From: Tycho Andersen <tycho@tycho.pizza>
Date: Tue, 13 Feb 2024 21:30:12 +0000 (-0700)
Subject: usermod: refuse invalid uidmaps during --add-sub{u,g}ids
X-Git-Tag: 4.15.0-rc2~7
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=714b6a53d521c2239dd32368e2b09e8827a0c97e;p=thirdparty%2Fshadow.git

usermod: refuse invalid uidmaps during --add-sub{u,g}ids

It is slightly confusing to allow adding these only to later refuse them.

Here is a (lightly tested :) patch to also refuse them when adding.

Signed-off-by: Tycho Andersen <tycho@tycho.pizza>
---

diff --git a/src/usermod.c b/src/usermod.c
index d42dbf8c7..3c271d8f5 100644
--- a/src/usermod.c
+++ b/src/usermod.c
@@ -331,6 +331,13 @@ static struct ulong_range getulong_range(const char *str)
 	if (first > last)
 		goto out;
 
+	/*
+	 * uid_t in linux is an unsigned int, anything over this is an invalid
+	 * range will be later refused anyway by get_map_ranges().
+	 */
+	if (first > UINT_MAX || last > UINT_MAX)
+		goto out;
+
 	result.first = (unsigned long)first;
 	result.last = (unsigned long)last;
 out: