packages/lcr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
lcr/0015-fix-invalid-args-len-set-in-execute_lxc_attach.patch

33 lines
1.1 KiB
Diff
Raw Blame History

From 402f757eb53038d17c4b5ec48dbdd86df7006957 Mon Sep 17 00:00:00 2001
From: jikai <jikai11@huawei.com>
Date: Mon, 8 Jul 2024 12:05:46 +0000
Subject: [PATCH 15/20] fix invalid args len set in execute_lxc_attach
Signed-off-by: jikai <jikai11@huawei.com>
---
src/runtime/lcrcontainer_execute.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/src/runtime/lcrcontainer_execute.c b/src/runtime/lcrcontainer_execute.c
index 251fb85..e4cdcc1 100644
--- a/src/runtime/lcrcontainer_execute.c
+++ b/src/runtime/lcrcontainer_execute.c
@@ -836,7 +836,13 @@ static void execute_lxc_attach(const char *name, const char *path, const struct
exit(EXIT_FAILURE);
}
- args_len = args_len + request->args_len + request->env_len;
+ if (args_len > SIZE_MAX - request->args_len || request->env_len > SIZE_MAX / 2
+ || args_len + request->args_len > SIZE_MAX - request->env_len * 2) {
+ COMMAND_ERROR("Too many arguments");
+ exit(EXIT_FAILURE);
+ }
+
+ args_len = args_len + request->args_len + request->env_len * 2;
params = isula_smart_calloc_s(sizeof(char *), args_len);
if (params == NULL) {
--
2.33.0
Reference in New Issue View Git Blame Copy Permalink