Correcting Integer conversion type (#8636)

* correcting integer conversion type Signed-off-by: swatign <[email protected]> * verify main pipeline check Signed-off-by: swatign <[email protected]> * correcting integer conversion-2 Signed-off-by: swatign <[email protected]> * resolving pipeline issue-2 Signed-off-by: swatign <[email protected]> * resolving verify pipeline-3 Signed-off-by: swatign <[email protected]> * access_linux.go file change for 137 Signed-off-by: swatign <[email protected]> * access_linux.go file change 2 for 137 Signed-off-by: swatign <[email protected]> * trigering pipeline Signed-off-by: swatign <[email protected]> * uncommented Signed-off-by: Aishwarya Aishwarya <[email protected]> --------- Signed-off-by: swatign <[email protected]> Signed-off-by: Aishwarya Aishwarya <[email protected]> Co-authored-by: Aishwarya Aishwarya <[email protected]>
chef · Nov 7, 2024 · 92b3cc6 · 92b3cc6
1 parent e0effc1
commit 92b3cc6
Show file tree

Hide file tree

Showing 5 changed files with 100 additions and 17 deletions.
diff --git a/api/config/deployment/init_config.go b/api/config/deployment/init_config.go
@@ -10,6 +10,7 @@ import (
 	"encoding/pem"
 	"fmt"
 	"io/ioutil"
+	"math"
 	"math/big"
 	"net"
 	"net/url"
@@ -452,11 +453,18 @@ func generateProxySettings(c *InitConfig) error {
 	c.ProxyHost = proxyURL.Hostname()
 	port := proxyURL.Port()
 	if port != "" {
-		// Config expects ports to be int32
-		p, err := strconv.Atoi(port)
+		// Parse port as 64-bit integer to handle larger bit sizes
+		p, err := strconv.ParseInt(port, 10, 64)
+
 		if err != nil {
 			return err
 		}
+
+		// Ensure that the parsed value fits into int32 range
+		if p > math.MaxInt32 || p < math.MinInt32 {
+			return fmt.Errorf("proxy port exceeds int32 bounds: %d", p)
+		}
+
 		c.ProxyPort = int32(p)
 	}
 

diff --git a/components/automate-cli/cmd/chef-automate/migration_pg.go b/components/automate-cli/cmd/chef-automate/migration_pg.go
@@ -6,6 +6,7 @@ import (
 	"fmt"
 	"io"
 	"io/ioutil"
+	"math"
 	"os"
 	"os/exec"
 	"strconv"
@@ -770,14 +771,33 @@ func lookupUser(username string) (uid, gid int, err error) {
 	if err != nil {
 		return -1, -1, err
 	}
-	uid, err = strconv.Atoi(u.Uid)
+
+	// Parse port as 64-bit integer to handle larger bit sizes
+	uid64, err := strconv.ParseUint(u.Uid, 10, 64)
+
 	if err != nil {
 		return -1, -1, err
 	}
-	gid, err = strconv.Atoi(u.Gid)
+
+	// Check if parsed UID fits into int32 bounds
+	if uid64 > math.MaxInt32 {
+		return -1, -1, errors.New("UID exceeds int32 bounds")
+	}
+	uid = int(uid64)
+
+	// Parse port as 64-bit integer to handle larger bit sizes
+	gid64, err := strconv.ParseUint(u.Gid, 10, 64)
+
 	if err != nil {
 		return -1, -1, err
 	}
+
+	// Check if parsed GID fits into int32 bounds
+	if gid64 > math.MaxInt32 {
+		return -1, -1, errors.New("GID exceeds int32 bounds")
+	}
+	gid = int(gid64)
+
 	return uid, gid, nil
 }
 

diff --git a/components/config-mgmt-service/grpcserver/rollouts.go b/components/config-mgmt-service/grpcserver/rollouts.go
@@ -3,6 +3,7 @@ package grpcserver
 import (
 	"context"
 	"fmt"
+	"math"
 	"strconv"
 	"strings"
 	"time"
@@ -54,12 +55,27 @@ func (s *CfgMgmtServer) GetRolloutById(ctx context.Context, req *request.Rollout
 	if req == nil {
 		return nil, status.Error(codes.InvalidArgument, "empty request")
 	}
-	requestedId, err := strconv.Atoi(req.RolloutId)
+
+	// Parse RolloutId as a 64-bit integer to handle larger IDs
+	requestedId64, err := strconv.ParseInt(req.RolloutId, 10, 64)
+
 	if err != nil {
 		message := fmt.Sprintf("invalid request_id: %s", err.Error())
 		return nil, status.Error(codes.InvalidArgument, message)
 	}
-	rollout, err := s.pg.FindRolloutByID(ctx, int32(requestedId))
+
+	// Check if the parsed ID is within the bounds of int32
+	if requestedId64 > math.MaxInt32 || requestedId64 < math.MinInt32 {
+		message := fmt.Sprintf("request_id exceeds int32 bounds: %d", requestedId64)
+		return nil, status.Error(codes.InvalidArgument, message)
+	}
+
+	// Safely cast the parsed ID to int32 after bounds check
+	requestedId := int32(requestedId64)
+
+	// Fetch the rollout by ID using the safely converted int32 ID
+	rollout, err := s.pg.FindRolloutByID(ctx, requestedId)
+
 	if err != nil {
 		return nil, err
 	}

diff --git a/lib/io/fileutils/access_linux.go b/lib/io/fileutils/access_linux.go
@@ -7,6 +7,7 @@
 package fileutils
 
 import (
+	"math"
 	"os"
 	"path/filepath"
 	"strconv"
@@ -132,7 +133,11 @@ func MakeReadWriteExecutable(uname, path string) error {
 
 	// Make sure the owner or group of the base is our uname
 	base = stats[0]
-	if uid != base.stat.Uid && !sharesGid(base.stat.Gid, gids) {
+	if uid != uint32(base.stat.Uid) && !sharesGid(base.stat.Gid, gids) {
+		// Check if uid and base.stat.Gid are within the bounds of int
+		if uid > math.MaxInt32 || base.stat.Gid > math.MaxInt32 {
+			return errors.New("UID or GID exceeds int limit")
+		}
 		err = os.Chown(base.path, int(uid), int(base.stat.Gid))
 		if err != nil {
 			return errors.Wrap(err, "failed to change owner")
@@ -231,8 +236,6 @@ func uidGidsFor(uname string) (uint32, []uint32, error) {
 	var (
 		u     *user.User
 		uid   uint32
-		uidi  int
-		gidi  int
 		gids  = []uint32{}
 		gidss []string
 		err   error
@@ -243,30 +246,55 @@ func uidGidsFor(uname string) (uint32, []uint32, error) {
 		return uid, gids, err
 	}
 
-	uidi, err = strconv.Atoi(u.Uid)
+	// Parse the UID as uint64 to handle larger bit sizes
+	uid64, err := strconv.ParseUint(u.Uid, 10, 64)
+
 	if err != nil {
 		return uid, gids, err
 	}
-	uid = uint32(uidi)
+	// Check if UID fits within uint32 bounds
+	if uid64 > math.MaxUint32 {
+		return uid, gids, errors.New("UID exceeds uint32 limit")
+	}
+	// Convert uid64 to uint32 after ensuring it is safe
+	uid = uint32(uid64)
 
 	// WARNING: GroupIds() might not be implemented on linux if cgo is disabled.
 	// Instead of failing if it returns an error we'll fall back to the primary
 	// group only.
 	gidss, err = u.GroupIds()
 	if err != nil {
-		g, err := strconv.Atoi(u.Gid)
+
+		// Parse the GID as uint64 to handle larger bit sizes
+		gid64, err := strconv.ParseUint(u.Gid, 10, 64)
+
 		if err != nil {
 			return uid, gids, err
 		}
 
-		gids = append(gids, uint32(g))
+		// Check if GID fits within uint32 bounds
+		if gid64 > math.MaxUint32 {
+			return uid, gids, errors.New("Primary GID exceeds uint32 limit")
+		}
+		// Append the primary GID
+		gids = append(gids, uint32(gid64))
+
 	} else {
 		for _, g := range gidss {
-			gidi, err = strconv.Atoi(g)
+
+			// Parse the GID as uint64 to handle larger bit sizes
+			gid64, err := strconv.ParseUint(g, 10, 64)
+
 			if err != nil {
 				return uid, gids, err
 			}
-			gids = append(gids, uint32(gidi))
+
+			// Check if each group ID fits within uint32 bounds
+			if gid64 > math.MaxUint32 {
+				return uid, gids, errors.New("Group ID exceeds uint32 limit")
+			}
+			// Append each GID
+			gids = append(gids, uint32(gid64))
 		}
 	}
 

diff --git a/lib/platform/command/command.go b/lib/platform/command/command.go
@@ -9,6 +9,7 @@ import (
 	"context"
 	"fmt"
 	"io"
+	"math"
 	"os"
 	"os/exec"
 	"strconv"
@@ -204,15 +205,25 @@ func AsUser(username string) Opt {
 			return errors.Wrap(err, "user lookup")
 		}
 
-		uid, err := strconv.Atoi(u.Uid)
+		// Parse the UID and GID using strconv.ParseUint to support larger values
+		uid, err := strconv.ParseUint(u.Uid, 10, 64)
+
 		if err != nil {
 			return errors.Wrap(err, "converting uid to integer")
 		}
-		gid, err := strconv.Atoi(u.Gid)
+
+		gid, err := strconv.ParseUint(u.Gid, 10, 64)
+
 		if err != nil {
 			return errors.Wrap(err, "converting gid to integer")
 		}
 
+		// Now, handle both 32-bit and 64-bit values
+		// Ensure that uid and gid are within uint32 bounds
+		if uid > math.MaxUint32 || gid > math.MaxUint32 {
+			return errors.New("uid or gid value exceeds uint32 limits")
+		}
+
 		c.sysProcAttr = sys.SysProcAttrWithCred(uint32(uid), uint32(gid))
 		return nil
 	}