diff options
Diffstat (limited to 'modules/pam_namespace/pam_namespace.c')
| -rw-r--r-- | modules/pam_namespace/pam_namespace.c | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/modules/pam_namespace/pam_namespace.c b/modules/pam_namespace/pam_namespace.c index 92372ab4..09d19ca0 100644 --- a/modules/pam_namespace/pam_namespace.c +++ b/modules/pam_namespace/pam_namespace.c @@ -637,7 +637,7 @@ static int process_line(char *line, const char *home, const char *rhome, if (uids) { uid_t *uidptr; const char *ustr, *sstr; - int count, i; + size_t count, i; if (*uids == '~') { poly->flags |= POLYDIR_EXCLUSIVE; @@ -646,6 +646,11 @@ static int process_line(char *line, const char *home, const char *rhome, for (count = 0, ustr = sstr = uids; sstr; ustr = sstr + 1, count++) sstr = strchr(ustr, ','); + if (count > UINT_MAX || count > SIZE_MAX / sizeof(uid_t)) { + pam_syslog(idata->pamh, LOG_ERR, "Too many uids encountered in configuration"); + goto skipping; + } + poly->num_uids = count; poly->uid = malloc(count * sizeof (uid_t)); uidptr = poly->uid; |