systemd/SOURCES/CVE-2025-4598-0001-basic-parse-util-add-helper-to-parse-bounded-unsigne.patch

From d9281e6450d2cca3ea5e7eed61d95b8ff0fcca0b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Sat, 16 Sep 2023 10:08:12 +0200
Subject: [PATCH] basic/parse-util: add helper to parse bounded unsigned values

"parse_range" is already used for stuff like "a-b", so use "bounded" here to
avoid confusion.
---
 src/basic/parse-util.c     | 15 +++++++++++++++
 src/basic/parse-util.h     |  3 ++-
 src/test/test-parse-util.c | 26 ++++++++++++++++++++++++++
 3 files changed, 43 insertions(+), 1 deletion(-)

diff --git a/src/basic/parse-util.c b/src/basic/parse-util.c
index 3b3efb0..c1c25fd 100644
--- a/src/basic/parse-util.c
+++ b/src/basic/parse-util.c
@@ -390,6 +390,21 @@ int safe_atou_full(const char *s, unsigned base, unsigned *ret_u) {
         return 0;
 }
 
+int safe_atou_bounded(const char *s, unsigned min, unsigned max, unsigned *ret) {
+        unsigned v;
+        int r;
+
+        r = safe_atou(s, &v);
+        if (r < 0)
+                return r;
+
+        if (v < min || v > max)
+                return -ERANGE;
+
+        *ret = v;
+        return 0;
+}
+
 int safe_atoi(const char *s, int *ret_i) {
         unsigned base = 0;
         char *x = NULL;
diff --git a/src/basic/parse-util.h b/src/basic/parse-util.h
index 8d8d523..7e1517c 100644
--- a/src/basic/parse-util.h
+++ b/src/basic/parse-util.h
@@ -28,11 +28,12 @@ int parse_errno(const char *t);
 #define SAFE_ATO_MASK_FLAGS(base) ((base) & ~SAFE_ATO_ALL_FLAGS)
 
 int safe_atou_full(const char *s, unsigned base, unsigned *ret_u);
-
 static inline int safe_atou(const char *s, unsigned *ret_u) {
         return safe_atou_full(s, 0, ret_u);
 }
 
+int safe_atou_bounded(const char *s, unsigned min, unsigned max, unsigned *ret);
+
 int safe_atoi(const char *s, int *ret_i);
 int safe_atolli(const char *s, long long int *ret_i);
 
diff --git a/src/test/test-parse-util.c b/src/test/test-parse-util.c
index 388d0fe..3bf237b 100644
--- a/src/test/test-parse-util.c
+++ b/src/test/test-parse-util.c
@@ -417,6 +417,32 @@ TEST(parse_range) {
         assert_se(upper == 9999);
 }
 
+TEST(safe_atou_bounded) {
+        int r;
+        unsigned x;
+
+        r = safe_atou_bounded("12345", 12, 20000, &x);
+        assert_se(r == 0);
+        assert_se(x == 12345);
+
+        r = safe_atou_bounded("12", 12, 20000, &x);
+        assert_se(r == 0);
+        assert_se(x == 12);
+
+        r = safe_atou_bounded("20000", 12, 20000, &x);
+        assert_se(r == 0);
+        assert_se(x == 20000);
+
+        r = safe_atou_bounded("-1", 12, 20000, &x);
+        assert_se(r == -ERANGE);
+
+        r = safe_atou_bounded("11", 12, 20000, &x);
+        assert_se(r == -ERANGE);
+
+        r = safe_atou_bounded("20001", 12, 20000, &x);
+        assert_se(r == -ERANGE);
+}
+
 TEST(safe_atolli) {
         int r;
         long long l;
-- 
2.47.1