From: Tobias Stoeckmann <tobias@stoeckmann.org>
Date: Tue, 19 Dec 2023 12:06:02 +0000 (+0100)
Subject: lib/getdef.c: Reject negative values in getdef_* except -1
X-Git-Tag: 4.15.0-rc1~68
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=b80c55946a662922b61bb1da15899c92cf91e4ba;p=thirdparty%2Fshadow.git

lib/getdef.c: Reject negative values in getdef_* except -1

The values are retrieved from login.defs files, which normally do not
contain negative values. In fact, negative value -1 is used in many
code places as "feature disabled", which is normally achieved by
simply commenting out the key from the file.

Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
---

diff --git a/lib/getdef.c b/lib/getdef.c
index 1a72453fa..32ec8135c 100644
--- a/lib/getdef.c
+++ b/lib/getdef.c
@@ -247,7 +247,7 @@ int getdef_num (const char *item, int dflt)
 
 	if (   (getlong (d->value, &val) == 0)
 	    || (val > INT_MAX)
-	    || (val < INT_MIN)) {
+	    || (val < -1)) {
 		fprintf (shadow_logfd,
 		         _("configuration error - cannot parse %s value: '%s'"),
 		         item, d->value);
@@ -315,7 +315,8 @@ long getdef_long (const char *item, long dflt)
 		return dflt;
 	}
 
-	if (getlong (d->value, &val) == 0) {
+	if (   (getlong (d->value, &val) == 0)
+	    || (val < -1)) {
 		fprintf (shadow_logfd,
 		         _("configuration error - cannot parse %s value: '%s'"),
 		         item, d->value);