[3/3] kudu git commit: user: fix a possible integer overflow

Tue, 10 Apr 2018 14:01:39 -0700 

user: fix a possible integer overflow

This was flagged by a run of Fortify, though I think it's pretty dubious
given the sysconf() contract, which returns either -1 or a positive number.

Change-Id: I08b4e47862b0f05558c4420c9b5d6ddd53ccd156
Reviewed-on: http://gerrit.cloudera.org:8080/9975
Reviewed-by: Dan Burkert <danburk...@apache.org>
Tested-by: Kudu Jenkins


Project: http://git-wip-us.apache.org/repos/asf/kudu/repo
Commit: http://git-wip-us.apache.org/repos/asf/kudu/commit/05bec2c1
Tree: http://git-wip-us.apache.org/repos/asf/kudu/tree/05bec2c1
Diff: http://git-wip-us.apache.org/repos/asf/kudu/diff/05bec2c1

Branch: refs/heads/master
Commit: 05bec2c1c0740ad6319d65cb5e4d5507e9b6c818
Parents: d18be56
Author: Adar Dembo <a...@cloudera.com>
Authored: Tue Apr 10 11:03:52 2018 -0700
Committer: Adar Dembo <a...@cloudera.com>
Committed: Tue Apr 10 20:52:46 2018 +0000

----------------------------------------------------------------------
 src/kudu/util/user.cc | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/kudu/blob/05bec2c1/src/kudu/util/user.cc
----------------------------------------------------------------------
diff --git a/src/kudu/util/user.cc b/src/kudu/util/user.cc
index 2d12267..f44e040 100644
--- a/src/kudu/util/user.cc
+++ b/src/kudu/util/user.cc
@@ -21,6 +21,7 @@
 #include <unistd.h>
 
 #include <cerrno>
+#include <cstdint>
 #include <cstdlib>
 #include <mutex>
 #include <string>
@@ -44,10 +45,10 @@ Status DoGetLoggedInUser(string* user_name) {
   struct passwd pwd;
   struct passwd *result;
 
-  size_t bufsize = sysconf(_SC_GETPW_R_SIZE_MAX);
-  if (bufsize == -1) {  // Value was indeterminate.
-    bufsize = 16384;    // Should be more than enough, per the man page.
-  }
+  // Get the system-defined limit for usernames. If the value was 
indeterminate,
+  // use a constant that should be more than enough, per the man page.
+  int64_t retval = sysconf(_SC_GETPW_R_SIZE_MAX);
+  size_t bufsize = retval > 0 ? retval : 16384;
 
   gscoped_ptr<char[], FreeDeleter> buf(static_cast<char *>(malloc(bufsize)));
   if (buf.get() == nullptr) {

Reply via email to