]> git.ipfire.org Git - thirdparty/systemd.git/commitdiff
nspawn-oci: update overflow check
authorYu Watanabe <watanabe.yu+github@gmail.com>
Wed, 19 Mar 2025 02:12:33 +0000 (11:12 +0900)
committerYu Watanabe <watanabe.yu+github@gmail.com>
Wed, 19 Mar 2025 02:41:25 +0000 (11:41 +0900)
Fixes CID#1548072.

src/nspawn/nspawn-oci.c

index ecbcaefcbb1c4071b9a0c9f7140aec6eeb078d5f..923e20b5c037bd165bdff38247bd6331f2d16ac3 100644 (file)
@@ -700,8 +700,8 @@ static int oci_uid_gid_mappings(const char *name, sd_json_variant *v, sd_json_di
         if (r < 0)
                 return r;
 
-        if (data.host_id + data.range < data.host_id ||
-            data.container_id + data.range < data.container_id)
+        if (data.range > UINT32_MAX - data.host_id ||
+            data.range > UINT32_MAX - data.container_id)
                 return json_log(v, flags, SYNTHETIC_ERRNO(EINVAL),
                                 "UID/GID range goes beyond UID/GID validity range, refusing.");