fix tainted int loop bound issue

Signed-off-by: 2xsec <dh48.jeong@samsung.com>

diff --git a/src/lxc/caps.c b/src/lxc/caps.c
index bec3b32c688394bfb65abf13faad513fe14a6fc6..acc5788aed35128941faa9d74709071dcf96e57d 100644 (file)
--- a/src/lxc/caps.c
+++ b/src/lxc/caps.c
@@ -310,7 +310,7 @@ int lxc_caps_init(void)
        return 0;
 }
 
-static int _real_caps_last_cap(void)
+static long int _real_caps_last_cap(void)
 {
        int fd, result = -1;
 
@@ -354,10 +354,13 @@ static int _real_caps_last_cap(void)
 
 int lxc_caps_last_cap(void)
 {
-       static int last_cap = -1;
+       static long int last_cap = -1;
 
-       if (last_cap < 0)
+       if (last_cap < 0) {
                last_cap = _real_caps_last_cap();
+               if (last_cap < 0 || last_cap > INT_MAX)
+                       last_cap = -1;
+       }
 
        return last_cap;
 }

diff --git a/src/lxc/cgroups/cgfsng.c b/src/lxc/cgroups/cgfsng.c
index 311a1dfcefa604fdb7c2f00e1f48204f7e7f3833..56c8db544bff05ff2c15504aa2654bcc44e17146 100644 (file)
--- a/src/lxc/cgroups/cgfsng.c
+++ b/src/lxc/cgroups/cgfsng.c
@@ -397,7 +397,7 @@ static bool cg_legacy_filter_and_set_cpus(char *path, bool am_initialized)
 
        /* Get maximum number of cpus found in possible cpuset. */
        maxposs = get_max_cpus(posscpus);
-       if (maxposs < 0)
+       if (maxposs < 0 || maxposs >= INT_MAX - 1)
                goto on_error;
 
        if (!file_exists(__ISOL_CPUS)) {
@@ -442,7 +442,7 @@ static bool cg_legacy_filter_and_set_cpus(char *path, bool am_initialized)
 
        /* Get maximum number of cpus found in isolated cpuset. */
        maxisol = get_max_cpus(isolcpus);
-       if (maxisol < 0)
+       if (maxisol < 0 || maxisol >= INT_MAX - 1)
                goto on_error;
 
        if (maxposs < maxisol)

diff --git a/src/lxc/pam/pam_cgfs.c b/src/lxc/pam/pam_cgfs.c
index 106a325fb31f180e7191aa53385500a6ceb63f4f..6d1d468d93ce4258558d802607cacc5638338cdf 100644 (file)
--- a/src/lxc/pam/pam_cgfs.c
+++ b/src/lxc/pam/pam_cgfs.c
@@ -1806,7 +1806,7 @@ static bool cg_filter_and_set_cpus(char *path, bool am_initialized)
 
        /* Get maximum number of cpus found in possible cpuset. */
        maxposs = cg_get_max_cpus(posscpus);
-       if (maxposs < 0)
+       if (maxposs < 0 || maxposs >= INT_MAX - 1)
                goto on_error;
 
        if (!file_exists(__ISOL_CPUS)) {
@@ -1856,7 +1856,7 @@ static bool cg_filter_and_set_cpus(char *path, bool am_initialized)
 
        /* Get maximum number of cpus found in isolated cpuset. */
        maxisol = cg_get_max_cpus(isolcpus);
-       if (maxisol < 0)
+       if (maxisol < 0 || maxisol >= INT_MAX - 1)
                goto on_error;
 
        if (maxposs < maxisol)