From: Daniel Golle Date: Sat, 4 Jan 2020 14:16:12 +0000 (+0200) Subject: instance: strdup string attributes X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=a5af33ce9a16f6aa599f19cc7161e067fab9495d;p=oweals%2Fprocd.git instance: strdup string attributes Previously string attributes were set to pointers returned by blobmsg_get_string() which caused use-after-free problems. Use strdup() to have copies of all stored strings and free them during cleanup. Reviewed-by: Petr Štetiar Signed-off-by: Daniel Golle --- diff --git a/service/instance.c b/service/instance.c index abd1f34..b0c9807 100644 --- a/service/instance.c +++ b/service/instance.c @@ -805,11 +805,11 @@ instance_jail_parse(struct service_instance *in, struct blob_attr *attr) jail->argc = 2; if (tb[JAIL_ATTR_NAME]) { - jail->name = blobmsg_get_string(tb[JAIL_ATTR_NAME]); + jail->name = strdup(blobmsg_get_string(tb[JAIL_ATTR_NAME])); jail->argc += 2; } if (tb[JAIL_ATTR_HOSTNAME]) { - jail->hostname = blobmsg_get_string(tb[JAIL_ATTR_HOSTNAME]); + jail->hostname = strdup(blobmsg_get_string(tb[JAIL_ATTR_HOSTNAME])); jail->argc += 2; } if (tb[JAIL_ATTR_PROCFS]) { @@ -957,12 +957,12 @@ instance_config_parse(struct service_instance *in) in->no_new_privs = blobmsg_get_bool(tb[INSTANCE_ATTR_NO_NEW_PRIVS]); if (!in->trace && tb[INSTANCE_ATTR_SECCOMP]) - in->seccomp = blobmsg_get_string(tb[INSTANCE_ATTR_SECCOMP]); + in->seccomp = strdup(blobmsg_get_string(tb[INSTANCE_ATTR_SECCOMP])); if (tb[INSTANCE_ATTR_PIDFILE]) { char *pidfile = blobmsg_get_string(tb[INSTANCE_ATTR_PIDFILE]); if (pidfile) - in->pidfile = pidfile; + in->pidfile = strdup(pidfile); } if (tb[INSTANCE_ATTR_RELOADSIG]) @@ -1077,6 +1077,10 @@ instance_free(struct service_instance *in) free(in->config); free(in->user); free(in->group); + free(in->jail.name); + free(in->jail.hostname); + free(in->seccomp); + free(in->pidfile); free(in); }