From 3d1e3499794efe10891fe656a6e0b8847fee6558 Mon Sep 17 00:00:00 2001
From: wujing <Jing.Woo@outlook.com>
Date: Fri, 11 Sep 2020 09:45:20 +0800
Subject: [PATCH 03/10] fix: security-opt parsing access out of bounds

Signed-off-by: wujing <Jing.Woo@outlook.com>
---
 src/client/connect/pack_config.c | 43 +++++---------------------------
 1 file changed, 6 insertions(+), 37 deletions(-)

diff --git a/src/client/connect/pack_config.c b/src/client/connect/pack_config.c
index fbcd7b4..0e4224d 100644
--- a/src/client/connect/pack_config.c
+++ b/src/client/connect/pack_config.c
@@ -1178,25 +1178,10 @@ erro_out:
 }
 static int append_no_new_privileges_to_security_opts(host_config *dstconfig)
 {
-    int ret = 0;
-    size_t new_size, old_size;
-    char **tmp_security_opt = NULL;
-
-    if (dstconfig->security_opt_len > (SIZE_MAX / sizeof(char *)) - 1) {
-        COMMAND_ERROR("Out of memory");
-        return -1;
-    }
-    new_size = (dstconfig->security_opt_len + 1) * sizeof(char *);
-    old_size = dstconfig->security_opt_len * sizeof(char *);
-    ret = mem_realloc((void **)(&tmp_security_opt), new_size, (void *)dstconfig->security_opt, old_size);
-    if (ret != 0) {
-        COMMAND_ERROR("Out of memory");
-        return ret;
-    }
-    dstconfig->security_opt = tmp_security_opt;
-    dstconfig->security_opt[dstconfig->security_opt_len++] = util_strdup_s("no-new-privileges");
+    dstconfig->security_opt[dstconfig->security_opt_len] = util_strdup_s("no-new-privileges");
+    dstconfig->security_opt_len++;
 
-    return ret;
+    return 0;
 }
 
 static int append_seccomp_to_security_opts(const char *full_opt, const char *seccomp_file, host_config *dstconfig)
@@ -1264,26 +1249,10 @@ out:
 
 static int append_selinux_label_to_security_opts(const char *selinux_label, host_config *dstconfig)
 {
-    int ret = 0;
-    size_t new_size;
-    size_t old_size;
-    char **tmp_security_opt = NULL;
-
-    if (dstconfig->security_opt_len > (SIZE_MAX / sizeof(char *)) - 1) {
-        COMMAND_ERROR("Too large security options");
-        return -1;
-    }
-    new_size = (dstconfig->security_opt_len + 1) * sizeof(char *);
-    old_size = dstconfig->security_opt_len * sizeof(char *);
-    ret = mem_realloc((void **)(&tmp_security_opt), new_size, (void *)dstconfig->security_opt, old_size);
-    if (ret != 0) {
-        COMMAND_ERROR("Out of memory");
-        return ret;
-    }
-    dstconfig->security_opt = tmp_security_opt;
-    dstconfig->security_opt[dstconfig->security_opt_len++] = util_strdup_s(selinux_label);
+    dstconfig->security_opt[dstconfig->security_opt_len] = util_strdup_s(selinux_label);
+    dstconfig->security_opt_len++;
 
-    return ret;
+    return 0;
 }
 
 static int parse_security_opts(const isula_host_config_t *srcconfig, host_config *dstconfig)
-- 
2.25.1