From 3dac6fb553b199cf799e5f5ff6172b97794d22d1 Mon Sep 17 00:00:00 2001
From: tedu <tedu>
Date: Fri, 18 Oct 2019 17:15:45 +0000
Subject: [PATCH] add some checks to avoid UID_MAX (-1) here. this is not
 problematic with the current code, but it's probably safer this way. ok
 deraadt

---
 doas.c | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/doas.c b/doas.c
index 71f955a..70b255b 100644
--- a/doas.c
+++ b/doas.c
@@ -57,9 +57,11 @@ parseuid(const char *s, uid_t *uid)
 
 	if ((pw = getpwnam(s)) != NULL) {
 		*uid = pw->pw_uid;
+		if (*uid == UID_MAX)
+			return -1;
 		return 0;
 	}
-	*uid = strtonum(s, 0, UID_MAX, &errstr);
+	*uid = strtonum(s, 0, UID_MAX - 1, &errstr);
 	if (errstr)
 		return -1;
 	return 0;
@@ -85,9 +87,11 @@ parsegid(const char *s, gid_t *gid)
 
 	if ((gr = getgrnam(s)) != NULL) {
 		*gid = gr->gr_gid;
+		if (*gid == GID_MAX)
+			return -1;
 		return 0;
 	}
-	*gid = strtonum(s, 0, GID_MAX, &errstr);
+	*gid = strtonum(s, 0, GID_MAX - 1, &errstr);
 	if (errstr)
 		return -1;
 	return 0;
-- 
2.39.2