From 714b6a53d521c2239dd32368e2b09e8827a0c97e Mon Sep 17 00:00:00 2001
From: Tycho Andersen <tycho@tycho.pizza>
Date: Tue, 13 Feb 2024 14:30:12 -0700
Subject: [PATCH] usermod: refuse invalid uidmaps during --add-sub{u,g}ids

It is slightly confusing to allow adding these only to later refuse them.

Here is a (lightly tested :) patch to also refuse them when adding.

Signed-off-by: Tycho Andersen <tycho@tycho.pizza>
---
 src/usermod.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/src/usermod.c b/src/usermod.c
index d42dbf8c7..3c271d8f5 100644
--- a/src/usermod.c
+++ b/src/usermod.c
@@ -331,6 +331,13 @@ static struct ulong_range getulong_range(const char *str)
 	if (first > last)
 		goto out;
 
+	/*
+	 * uid_t in linux is an unsigned int, anything over this is an invalid
+	 * range will be later refused anyway by get_map_ranges().
+	 */
+	if (first > UINT_MAX || last > UINT_MAX)
+		goto out;
+
 	result.first = (unsigned long)first;
 	result.last = (unsigned long)last;
 out:
-- 
2.47.2