[PATCH] Fix CID 1415704 Integer overflowed argument
Andreas Schneider
asn at samba.org
Thu Aug 3 08:56:20 UTC 2017
On Sunday, 30 July 2017 17:22:01 CEST Volker Lendecke via samba-technical
wrote:
> On Sat, Jul 29, 2017 at 11:29:14AM +0200, Andreas Schneider wrote:
> > > Are you ok with the attached patchset?
> >
> > Are you fine with the mentioned patchset? Can I push it so we can move on
> > and fix it in uid_wrapper and samba source code?
>
> Yes, sure.
The attached patch adresses CID 1415704 corretly. It has already been applied
to the uid_wrapper repository and Coverity reported that the issue has been
eliminated.
Review and push appreciated.
Thanks,
Andreas
--
Andreas Schneider GPG-ID: CC014E3D
Samba Team asn at samba.org
www.samba.org
-------------- next part --------------
>From d43c9ce0bcc5b6ccc02300e0b949e8c32bdac707 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn at samba.org>
Date: Thu, 3 Aug 2017 10:52:59 +0200
Subject: [PATCH] lib: Fix integer overflowed argument issue with strtoul()
This fixes CID 1415704
Signed-off-by: Andreas Schneider <asn at samba.org>
---
lib/uid_wrapper/uid_wrapper.c | 16 +++++++++++++++-
1 file changed, 15 insertions(+), 1 deletion(-)
diff --git a/lib/uid_wrapper/uid_wrapper.c b/lib/uid_wrapper/uid_wrapper.c
index cb31c5e8b00..8f41ed92cb9 100644
--- a/lib/uid_wrapper/uid_wrapper.c
+++ b/lib/uid_wrapper/uid_wrapper.c
@@ -1029,7 +1029,21 @@ static void uwrap_init_env(struct uwrap_thread *id)
unsetenv("UID_WRAPPER_INITIAL_GROUPS_COUNT");
}
- if (ngroups > 0 && ngroups < GROUP_MAX_COUNT) {
+ env = getenv("UID_WRAPPER_INITIAL_GROUPS_COUNT");
+ if (env != NULL && env[0] != '\0') {
+ char *endp = NULL;
+ long n;
+
+ n = strtol(env, &endp, 10);
+ if (env == endp) {
+ ngroups = 0;
+ } else if (n > 0 && n < GROUP_MAX_COUNT) {
+ ngroups = (int)n;
+ }
+ unsetenv("UID_WRAPPER_INITIAL_GROUPS_COUNT");
+ }
+
+ if (ngroups > 0) {
int i = 0;
id->ngroups = 0;
--
2.13.3
More information about the samba-technical
mailing list