When the no_new_privs parameter is given, thei size of the array which
contains the argv pointers is not increased in instance_jail_parse()
which causes a buffer overflow. Fix this by requesting one more entry in
instance_jail_parse() for the allocation.
Fixes:
dfd5816bcbef ("instance, ujail: wire no_new_privs (-c) option")
Cc: Etienne CHAMPETIER <champetier.etienne@gmail.com>
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
if (in->seccomp)
jail->argc += 2;
+ if (in->no_new_privs)
+ jail->argc++;
+
return 1;
}