diff options
author | Hauke Mehrtens <hauke@hauke-m.de> | 2019-11-01 17:16:39 +0100 |
---|---|---|
committer | John Crispin <john@phrozen.org> | 2019-11-02 19:31:21 +0100 |
commit | f47622e89c4d681a6441a3e51c0369f2baaaa1e6 (patch) | |
tree | 645af2f893081d9eaffff7a1ca7111c46c118011 | |
parent | 564ecdfd9cc40e3dd566bf8fd24a94053b99c332 (diff) | |
download | procd-f47622e89c4d681a6441a3e51c0369f2baaaa1e6.tar.gz |
instance: Warn about unexpected number of parameters
Warn when the number of allocated parameters for the jail argv does not
match the number of used parameters. This normally leads to a buffer
overflow.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
-rw-r--r-- | service/instance.c | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/service/instance.c b/service/instance.c index 4bb2207..3098ff3 100644 --- a/service/instance.c +++ b/service/instance.c @@ -337,8 +337,12 @@ instance_run(struct service_instance *in, int _stdout, int _stderr) ULOG_WARN("Seccomp support for %s::%s not available\n", in->srv->name, in->name); #endif - if (in->has_jail) + if (in->has_jail) { argc = jail_run(in, argv); + if (argc != in->jail.argc) + ULOG_WARN("expected %i jail params, used %i for %s::%s\n", + in->jail.argc, argc, in->srv->name, in->name); + } blobmsg_for_each_attr(cur, in->command, rem) argv[argc++] = blobmsg_data(cur); |