From 1c29d801f702086da5f03137ef52ac40e7f8f60d Mon Sep 17 00:00:00 2001
From: Stephen Gallagher <sgallagh@redhat.com>
Date: Wed, 9 Sep 2009 12:52:51 -0400
Subject: [PATCH 2/3] Check for valid min and max IDs in confdb_get_domains

---
 server/confdb/confdb.c |    8 +++++++-
 1 files changed, 7 insertions(+), 1 deletions(-)

diff --git a/server/confdb/confdb.c b/server/confdb/confdb.c
index 7d89f75..778345f 100644
--- a/server/confdb/confdb.c
+++ b/server/confdb/confdb.c
@@ -784,6 +784,11 @@ static int confdb_get_domain_internal(struct confdb_ctx *cdb,
                                                "minId", SSSD_MIN_ID);
     domain->id_max = ldb_msg_find_attr_as_uint(res->msgs[0],
                                                "maxId", 0);
+    if ((domain->id_max && (domain->id_max < domain->id_min)) ||
+         (domain->id_min < 0)){
+        ret = EINVAL;
+        goto done;
+    }
 
     /* Do we allow to cache credentials */
     if (ldb_msg_find_attr_as_bool(res->msgs[0], "cache-credentials", 0)) {
@@ -848,8 +853,9 @@ int confdb_get_domains(struct confdb_ctx *cdb,
     }
 
     if (cdb->doms == NULL) {
-        DEBUG(0, ("No domains configured, fatal error!\n"));
+        DEBUG(0, ("No properly configured domains, fatal error!\n"));
         ret = ENOENT;
+        goto done;
     }
 
     *domains = cdb->doms;
-- 
1.6.2.5