instance: ujail: Fix allocated size for no_new_privs parameter
authorHauke Mehrtens <hauke@hauke-m.de>
Fri, 1 Nov 2019 16:16:38 +0000 (17:16 +0100)
committerJohn Crispin <john@phrozen.org>
Sat, 2 Nov 2019 18:30:54 +0000 (19:30 +0100)
When the no_new_privs parameter is given, thei size of the  array which
contains the argv pointers is not increased in instance_jail_parse()
which causes a buffer overflow. Fix this by requesting one more entry in
instance_jail_parse() for the allocation.

Fixes: dfd5816bcbef ("instance, ujail: wire no_new_privs (-c) option")
Cc: Etienne CHAMPETIER <champetier.etienne@gmail.com>
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
service/instance.c

index b4284e7560545938875e2774df2380b65f380d29..4bb220751915df5a42178ded7075ec405922a079 100644 (file)
@@ -829,6 +829,9 @@ instance_jail_parse(struct service_instance *in, struct blob_attr *attr)
        if (in->seccomp)
                jail->argc += 2;
 
+       if (in->no_new_privs)
+               jail->argc++;
+
        return 1;
 }