instance: Warn about unexpected number of parameters

Warn when the number of allocated parameters for the jail argv does not
match the number of used parameters. This normally leads to a buffer
overflow.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>

diff --git a/service/instance.c b/service/instance.c
index 4bb220751915df5a42178ded7075ec405922a079..3098ff3bb50c478811e480ba774c16e0802dd6b3 100644 (file)
--- a/service/instance.c
+++ b/service/instance.c
@@ -337,8 +337,12 @@ instance_run(struct service_instance *in, int _stdout, int _stderr)
                ULOG_WARN("Seccomp support for %s::%s not available\n", in->srv->name, in->name);
 #endif
 
-       if (in->has_jail)
+       if (in->has_jail) {
                argc = jail_run(in, argv);
+               if (argc != in->jail.argc)
+                       ULOG_WARN("expected %i jail params, used %i for %s::%s\n",
+                               in->jail.argc, argc, in->srv->name, in->name);
+       }
 
        blobmsg_for_each_attr(cur, in->command, rem)
                argv[argc++] = blobmsg_data(cur);