fix tainted int loop bound issue

Signed-off-by: 2xsec <dh48.jeong@samsung.com>
lxc · Aug 12, 2018 · 14c1904 · 14c1904
1 parent 4e194ce
commit 14c1904
Show file tree

Hide file tree

Showing 3 changed files with 10 additions and 7 deletions.
diff --git a/src/lxc/caps.c b/src/lxc/caps.c
@@ -310,7 +310,7 @@ int lxc_caps_init(void)
 	return 0;
 }
 
-static int _real_caps_last_cap(void)
+static long int _real_caps_last_cap(void)
 {
 	int fd, result = -1;
 
@@ -354,10 +354,13 @@ static int _real_caps_last_cap(void)
 
 int lxc_caps_last_cap(void)
 {
-	static int last_cap = -1;
+	static long int last_cap = -1;
 
-	if (last_cap < 0)
+	if (last_cap < 0) {
 		last_cap = _real_caps_last_cap();
+		if (last_cap < 0 || last_cap > INT_MAX)
+			last_cap = -1;
+	}
 
 	return last_cap;
 }

diff --git a/src/lxc/cgroups/cgfsng.c b/src/lxc/cgroups/cgfsng.c
@@ -397,7 +397,7 @@ static bool cg_legacy_filter_and_set_cpus(char *path, bool am_initialized)
 
 	/* Get maximum number of cpus found in possible cpuset. */
 	maxposs = get_max_cpus(posscpus);
-	if (maxposs < 0)
+	if (maxposs < 0 || maxposs >= INT_MAX - 1)
 		goto on_error;
 
 	if (!file_exists(__ISOL_CPUS)) {
@@ -442,7 +442,7 @@ static bool cg_legacy_filter_and_set_cpus(char *path, bool am_initialized)
 
 	/* Get maximum number of cpus found in isolated cpuset. */
 	maxisol = get_max_cpus(isolcpus);
-	if (maxisol < 0)
+	if (maxisol < 0 || maxisol >= INT_MAX - 1)
 		goto on_error;
 
 	if (maxposs < maxisol)

diff --git a/src/lxc/pam/pam_cgfs.c b/src/lxc/pam/pam_cgfs.c
@@ -1806,7 +1806,7 @@ static bool cg_filter_and_set_cpus(char *path, bool am_initialized)
 
 	/* Get maximum number of cpus found in possible cpuset. */
 	maxposs = cg_get_max_cpus(posscpus);
-	if (maxposs < 0)
+	if (maxposs < 0 || maxposs >= INT_MAX - 1)
 		goto on_error;
 
 	if (!file_exists(__ISOL_CPUS)) {
@@ -1856,7 +1856,7 @@ static bool cg_filter_and_set_cpus(char *path, bool am_initialized)
 
 	/* Get maximum number of cpus found in isolated cpuset. */
 	maxisol = cg_get_max_cpus(isolcpus);
-	if (maxisol < 0)
+	if (maxisol < 0 || maxisol >= INT_MAX - 1)
 		goto on_error;
 
 	if (maxposs < maxisol)