From: Tobias Stoeckmann <tobias@stoeckmann.org>
Date: Sun, 12 Jan 2025 18:21:09 +0000 (+0100)
Subject: src/newusers.c: Turn nusers into size_t
X-Git-Tag: 4.17.3~73
X-Git-Url: http://git.ipfire.org/gitweb/gitweb.cgi?a=commitdiff_plain;h=950cd40607004a9257808184008e54ec07f205f8;p=thirdparty%2Fshadow.git

src/newusers.c: Turn nusers into size_t

The nusers variable could, in theory, overflow and trigger an out of
boundary access if a huge amount of entries is added. Realistically,
this is not possible with current systems because way too much data
would be involved.

But let's better be safe than sorry and use correct data types.

Reviewed-by: Alejandro Colomar <alx@kernel.org>
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
---

diff --git a/src/newusers.c b/src/newusers.c
index 2d99ccfe0..5fde8bbe3 100644
--- a/src/newusers.c
+++ b/src/newusers.c
@@ -28,6 +28,7 @@
 #include <getopt.h>
 #include <ctype.h>
 #include <errno.h>
+#include <stddef.h>
 #include <stdint.h>
 #include <string.h>
 
@@ -1070,7 +1071,7 @@ int main (int argc, char **argv)
 	intmax_t *lines = NULL;
 	char **usernames = NULL;
 	char **passwords = NULL;
-	unsigned int nusers = 0;
+	size_t nusers = 0;
 #endif				/* USE_PAM */
 
 	log_set_progname(Prog);
@@ -1334,9 +1335,8 @@ int main (int argc, char **argv)
 	sssd_flush_cache (SSSD_DB_PASSWD | SSSD_DB_GROUP);
 
 #ifdef USE_PAM
-	unsigned int i;
 	/* Now update the passwords using PAM */
-	for (i = 0; i < nusers; i++) {
+	for (size_t i = 0; i < nusers; i++) {
 		if (do_pam_passwd_non_interactive ("newusers", usernames[i], passwords[i]) != 0) {
 			fprintf (stderr,
 			         _("%s: (line %jd, user %s) password not changed\n"),