[OpenWrt-Devel] [PATCH procd 1/2] instance: ujail: Fix allocated size for no_new_privs parameter

Hauke Mehrtens Fri, 01 Nov 2019 09:18:03 -0700

When the no_new_privs parameter is given, thei size of the  array which
contains the argv pointers is not increased in instance_jail_parse()
which causes a buffer overflow. Fix this by requesting one more entry in
instance_jail_parse() for the allocation.


Fixes: dfd5816bcbef ("instance, ujail: wire no_new_privs (-c) option")
Cc: Etienne CHAMPETIER <[email protected]>
Signed-off-by: Hauke Mehrtens <[email protected]>
---
 service/instance.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/service/instance.c b/service/instance.c
index b4284e7..4bb2207 100644
--- a/service/instance.c
+++ b/service/instance.c
@@ -829,6 +829,9 @@ instance_jail_parse(struct service_instance *in, struct 
blob_attr *attr)
        if (in->seccomp)
                jail->argc += 2;
 
+       if (in->no_new_privs)
+               jail->argc++;
+
        return 1;
 }
 
-- 
2.20.1


_______________________________________________
openwrt-devel mailing list
[email protected]
https://lists.openwrt.org/mailman/listinfo/openwrt-devel

[OpenWrt-Devel] [PATCH procd 1/2] instance: ujail: Fix allocated size for no_new_privs parameter

Reply via email to