nss_getpwnam: correctly check for negative values in unsigned ints.

Commit Message

Steve Dickson Aug. 17, 2016, 5:50 p.m. UTC

commit e22368f6 introduce a couple checks for
negative buffer lengths. The variables are unsigned
ints so UINT_MAX should be used.

Signed-off-by: Steve Dickson <steved@redhat.com>
---
 nss.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

Patch

diff --git a/nss.c b/nss.c
index 8e9412d..47c6b14 100644
--- a/nss.c
+++ b/nss.c
@@ -44,6 +44,7 @@ 
 #include <netdb.h>
 #include <err.h>
 #include <grp.h>
+#include <limits.h>
 #include "nfsidmap.h"
 #include "nfsidmap_internal.h"
 #include "cfg.h"
@@ -171,7 +172,7 @@  static struct passwd *nss_getpwnam(const char *name, const char *domain, int *er
 	char *localname;
 	int err = ENOMEM;
 
-	if (buflen < 0)
+	if (buflen > UINT_MAX)
 		goto err;
 
 	buf = malloc(sizeof(*buf) + buflen);
@@ -240,7 +241,7 @@  static int nss_name_to_gid(char *name, gid_t *gid)
 		goto out;
 
 	err = -ENOMEM;
-	if (buflen < 0)
+	if (buflen > UINT_MAX)
 		goto out;
 
 	do {