instance: Warn about unexpected number of parameters

Warn when the number of allocated parameters for the jail argv does not match the number of used parameters. This normally leads to a buffer overflow. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
author: Hauke Mehrtens <hauke@hauke-m.de> 2019-11-01 17:16:39 +0100
committer: John Crispin <john@phrozen.org> 2019-11-02 19:31:21 +0100
commit: f47622e89c4d681a6441a3e51c0369f2baaaa1e6 (patch)
tree: 645af2f893081d9eaffff7a1ca7111c46c118011
parent: 564ecdfd9cc40e3dd566bf8fd24a94053b99c332 (diff)
download: procd-f47622e89c4d681a6441a3e51c0369f2baaaa1e6.tar.gz
1 files changed, 5 insertions, 1 deletions
diff --git a/service/instance.c b/service/instance.c
index 4bb2207..3098ff3 100644
--- a/service/instance.c
+++ b/service/instance.c
@@ -337,8 +337,12 @@ instance_run(struct service_instance *in, int _stdout, int _stderr)
 		ULOG_WARN("Seccomp support for %s::%s not available\n", in->srv->name, in->name);
 #endif
 
-	if (in->has_jail)
+	if (in->has_jail) {
 		argc = jail_run(in, argv);
+		if (argc != in->jail.argc)
+			ULOG_WARN("expected %i jail params, used %i for %s::%s\n",
+				in->jail.argc, argc, in->srv->name, in->name);
+	}
 
 	blobmsg_for_each_attr(cur, in->command, rem)
 		argv[argc++] = blobmsg_data(cur);
author	Hauke Mehrtens <hauke@hauke-m.de>	2019-11-01 17:16:39 +0100
committer	John Crispin <john@phrozen.org>	2019-11-02 19:31:21 +0100
commit	f47622e89c4d681a6441a3e51c0369f2baaaa1e6 (patch)
tree	645af2f893081d9eaffff7a1ca7111c46c118011
parent	564ecdfd9cc40e3dd566bf8fd24a94053b99c332 (diff)
download	procd-f47622e89c4d681a6441a3e51c0369f2baaaa1e6.tar.gz