vbatts/pkg
1
0
Fork 0
Code Pull requests Releases Activity

Check uid ranges

Browse source 
Fixes #5647
Docker-DCO-1.1-Signed-off-by: Alexandr Morozov <lk4d4math@gmail.com> (github: LK4D4)
This commit is contained in:
Alexandr Morozov 2014-05-17 22:43:31 +04:00
parent 58ba10aa54
commit b089773388
1 changed files with 15 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

15
user/user.go
View file

@ -9,6 +9,15 @@ import (
"strings" "strings"
) )
const (
minId = 0
maxId = 1<<31 - 1 //for 32-bit systems compatibility
)
var (
ErrRange = fmt.Errorf("Uids and gids must be in range %d-%d", minId, maxId)
)
type User struct { type User struct {
Name string Name string
Pass string Pass string
@ -194,6 +203,9 @@ func GetUserGroupSupplementary(userSpec string, defaultUid int, defaultGid int)
// not numeric - we have to bail // not numeric - we have to bail
return 0, 0, nil, fmt.Errorf("Unable to find user %v", userArg) return 0, 0, nil, fmt.Errorf("Unable to find user %v", userArg)
} }
if uid < minId || uid > maxId {
return 0, 0, nil, ErrRange
}
// if userArg couldn't be found in /etc/passwd but is numeric, just roll with it - this is legit // if userArg couldn't be found in /etc/passwd but is numeric, just roll with it - this is legit
} }
@ -226,6 +238,9 @@ func GetUserGroupSupplementary(userSpec string, defaultUid int, defaultGid int)
// not numeric - we have to bail // not numeric - we have to bail
return 0, 0, nil, fmt.Errorf("Unable to find group %v", groupArg) return 0, 0, nil, fmt.Errorf("Unable to find group %v", groupArg)
} }
if gid < minId || gid > maxId {
return 0, 0, nil, ErrRange
}
// if groupArg couldn't be found in /etc/group but is numeric, just roll with it - this is legit // if groupArg couldn't be found in /etc/group but is numeric, just roll with it - this is legit
} }