[PATCH] Fix CID 1415704 Integer overflowed argument

[Andreas Schneider]

On Sunday, 30 July 2017 17:22:01 CEST Volker Lendecke via samba-technical 
wrote:
> On Sat, Jul 29, 2017 at 11:29:14AM +0200, Andreas Schneider wrote:
> > > Are you ok with the attached patchset?
> > 
> > Are you fine with the mentioned patchset? Can I push it so we can move on
> > and fix it in uid_wrapper and samba source code?
> 
> Yes, sure.

The attached patch adresses CID 1415704 corretly. It has already been applied 
to the uid_wrapper repository and Coverity reported that the issue has been 
eliminated.


Review and push appreciated.


Thanks,


	Andreas

-- 
Andreas Schneider                   GPG-ID: CC014E3D
Samba Team                             asn at samba.org
www.samba.org
-------------- next part --------------
>From d43c9ce0bcc5b6ccc02300e0b949e8c32bdac707 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn at samba.org>
Date: Thu, 3 Aug 2017 10:52:59 +0200
Subject: [PATCH] lib: Fix integer overflowed argument issue with strtoul()

This fixes CID 1415704

Signed-off-by: Andreas Schneider <asn at samba.org>
---
 lib/uid_wrapper/uid_wrapper.c | 16 +++++++++++++++-
 1 file changed, 15 insertions(+), 1 deletion(-)

diff --git a/lib/uid_wrapper/uid_wrapper.c b/lib/uid_wrapper/uid_wrapper.c
index cb31c5e8b00..8f41ed92cb9 100644
--- a/lib/uid_wrapper/uid_wrapper.c
+++ b/lib/uid_wrapper/uid_wrapper.c
@@ -1029,7 +1029,21 @@ static void uwrap_init_env(struct uwrap_thread *id)
 		unsetenv("UID_WRAPPER_INITIAL_GROUPS_COUNT");
 	}
 
-	if (ngroups > 0 && ngroups < GROUP_MAX_COUNT) {
+	env = getenv("UID_WRAPPER_INITIAL_GROUPS_COUNT");
+	if (env != NULL && env[0] != '\0') {
+		char *endp = NULL;
+		long n;
+
+		n = strtol(env, &endp, 10);
+		if (env == endp) {
+			ngroups = 0;
+		} else if (n > 0 && n < GROUP_MAX_COUNT) {
+			ngroups = (int)n;
+		}
+		unsetenv("UID_WRAPPER_INITIAL_GROUPS_COUNT");
+	}
+
+	if (ngroups > 0) {
 		int i = 0;
 
 		id->ngroups = 0;
-- 
2.13.3