From: 2xsec <dh48.jeong@samsung.com>
Date: Fri, 10 Aug 2018 04:01:51 +0000 (+0900)
Subject: fix tainted int loop bound issue
X-Git-Tag: lxc-3.1.0~170^2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=refs%2Fpull%2F2516%2Fhead;p=thirdparty%2Flxc.git

fix tainted int loop bound issue

Signed-off-by: 2xsec <dh48.jeong@samsung.com>
---

diff --git a/src/lxc/caps.c b/src/lxc/caps.c
index bec3b32c6..acc5788ae 100644
--- a/src/lxc/caps.c
+++ b/src/lxc/caps.c
@@ -310,7 +310,7 @@ int lxc_caps_init(void)
 	return 0;
 }
 
-static int _real_caps_last_cap(void)
+static long int _real_caps_last_cap(void)
 {
 	int fd, result = -1;
 
@@ -354,10 +354,13 @@ static int _real_caps_last_cap(void)
 
 int lxc_caps_last_cap(void)
 {
-	static int last_cap = -1;
+	static long int last_cap = -1;
 
-	if (last_cap < 0)
+	if (last_cap < 0) {
 		last_cap = _real_caps_last_cap();
+		if (last_cap < 0 || last_cap > INT_MAX)
+			last_cap = -1;
+	}
 
 	return last_cap;
 }
diff --git a/src/lxc/cgroups/cgfsng.c b/src/lxc/cgroups/cgfsng.c
index 311a1dfce..56c8db544 100644
--- a/src/lxc/cgroups/cgfsng.c
+++ b/src/lxc/cgroups/cgfsng.c
@@ -397,7 +397,7 @@ static bool cg_legacy_filter_and_set_cpus(char *path, bool am_initialized)
 
 	/* Get maximum number of cpus found in possible cpuset. */
 	maxposs = get_max_cpus(posscpus);
-	if (maxposs < 0)
+	if (maxposs < 0 || maxposs >= INT_MAX - 1)
 		goto on_error;
 
 	if (!file_exists(__ISOL_CPUS)) {
@@ -442,7 +442,7 @@ static bool cg_legacy_filter_and_set_cpus(char *path, bool am_initialized)
 
 	/* Get maximum number of cpus found in isolated cpuset. */
 	maxisol = get_max_cpus(isolcpus);
-	if (maxisol < 0)
+	if (maxisol < 0 || maxisol >= INT_MAX - 1)
 		goto on_error;
 
 	if (maxposs < maxisol)
diff --git a/src/lxc/pam/pam_cgfs.c b/src/lxc/pam/pam_cgfs.c
index 106a325fb..6d1d468d9 100644
--- a/src/lxc/pam/pam_cgfs.c
+++ b/src/lxc/pam/pam_cgfs.c
@@ -1806,7 +1806,7 @@ static bool cg_filter_and_set_cpus(char *path, bool am_initialized)
 
 	/* Get maximum number of cpus found in possible cpuset. */
 	maxposs = cg_get_max_cpus(posscpus);
-	if (maxposs < 0)
+	if (maxposs < 0 || maxposs >= INT_MAX - 1)
 		goto on_error;
 
 	if (!file_exists(__ISOL_CPUS)) {
@@ -1856,7 +1856,7 @@ static bool cg_filter_and_set_cpus(char *path, bool am_initialized)
 
 	/* Get maximum number of cpus found in isolated cpuset. */
 	maxisol = cg_get_max_cpus(isolcpus);
-	if (maxisol < 0)
+	if (maxisol < 0 || maxisol >= INT_MAX - 1)
 		goto on_error;
 
 	if (maxposs < maxisol)