diff options
| author | Hauke Mehrtens <hauke@hauke-m.de> | 2019-11-01 17:16:38 +0100 |
|---|---|---|
| committer | John Crispin <john@phrozen.org> | 2019-11-02 19:30:54 +0100 |
| commit | 564ecdfd9cc40e3dd566bf8fd24a94053b99c332 (patch) | |
| tree | ffe6c848dde27f9cbe9c13830a286ab86fdaaa8c /service | |
| parent | 7fb2e1dfa2214a9b35fa955e98a386e2f3ccb730 (diff) | |
| download | procd-564ecdfd9cc40e3dd566bf8fd24a94053b99c332.tar.gz | |
instance: ujail: Fix allocated size for no_new_privs parameter
When the no_new_privs parameter is given, thei size of the array which
contains the argv pointers is not increased in instance_jail_parse()
which causes a buffer overflow. Fix this by requesting one more entry in
instance_jail_parse() for the allocation.
Fixes: dfd5816bcbef ("instance, ujail: wire no_new_privs (-c) option")
Cc: Etienne CHAMPETIER <champetier.etienne@gmail.com>
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Diffstat (limited to 'service')
| -rw-r--r-- | service/instance.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/service/instance.c b/service/instance.c index b4284e7..4bb2207 100644 --- a/service/instance.c +++ b/service/instance.c @@ -829,6 +829,9 @@ instance_jail_parse(struct service_instance *in, struct blob_attr *attr) if (in->seccomp) jail->argc += 2; + if (in->no_new_privs) + jail->argc++; + return 1; } |