Skip to content

L
lxc
Unverified Commit 6f8d00d2 by Christian Brauner
Options

conf: use malloc() in run_script_argv()

It seems dangerous to use alloca() as the arguments can be of indeterminate length and we might blow up the stack. Signed-off-by: 's avatarChristian Brauner <christian.brauner@ubuntu.com>
parent 327cce76
Showing with 20 additions and 12 deletions
src/lxc/conf.c
......@@ -358,6 +358,7 @@ int run_script_argv(const char *name, unsigned int hook_version,
{
int buf_pos, i, ret;
char *buffer;
int fret = -1;
size_t size = 0;
if (hook_version == 0)
......@@ -390,14 +391,17 @@ int run_script_argv(const char *name, unsigned int hook_version,
return -EFBIG;
}
buffer = alloca(size);
buffer = malloc(size);
if (!buffer)
return -ENOMEM;
if (hook_version == 0)
buf_pos = snprintf(buffer, size, "exec %s %s %s %s", script, name, section, hookname);
else
buf_pos = snprintf(buffer, size, "exec %s", script);
if (buf_pos < 0 || (size_t)buf_pos >= size) {
ERROR("Failed to create command line for script \"%s\"", script);
return -1;
goto on_error;
}
if (hook_version == 1) {
......@@ -405,7 +409,7 @@ int run_script_argv(const char *name, unsigned int hook_version,
if (ret < 0) {
SYSERROR("Failed to set environment variable: "
"LXC_HOOK_TYPE=%s", hookname);
return -1;
goto on_error;
}
TRACE("Set environment variable: LXC_HOOK_TYPE=%s", hookname);
......@@ -413,7 +417,7 @@ int run_script_argv(const char *name, unsigned int hook_version,
if (ret < 0) {
SYSERROR("Failed to set environment variable: "
"LXC_HOOK_SECTION=%s", section);
return -1;
goto on_error;
}
TRACE("Set environment variable: LXC_HOOK_SECTION=%s", section);
......@@ -421,13 +425,13 @@ int run_script_argv(const char *name, unsigned int hook_version,
char *parent;
if (!argsin[0])
return -EINVAL;
goto on_error;
ret = setenv("LXC_NET_TYPE", argsin[0], 1);
if (ret < 0) {
SYSERROR("Failed to set environment variable: "
"LXC_NET_TYPE=%s", argsin[0]);
return -1;
goto on_error;
}
TRACE("Set environment variable: LXC_NET_TYPE=%s", argsin[0]);
......@@ -438,7 +442,7 @@ int run_script_argv(const char *name, unsigned int hook_version,
if (ret < 0) {
SYSERROR("Failed to set environment "
"variable: LXC_NET_PARENT=%s", parent);
return -1;
goto on_error;
}
TRACE("Set environment variable: LXC_NET_PARENT=%s", parent);
} else if (strcmp(argsin[0], "phys")) {
......@@ -446,7 +450,7 @@ int run_script_argv(const char *name, unsigned int hook_version,
if (ret < 0) {
SYSERROR("Failed to set environment "
"variable: LXC_NET_PARENT=%s", parent);
return -1;
goto on_error;
}
TRACE("Set environment variable: LXC_NET_PARENT=%s", parent);
} else if (strcmp(argsin[0], "veth")) {
......@@ -456,7 +460,7 @@ int run_script_argv(const char *name, unsigned int hook_version,
if (ret < 0) {
SYSERROR("Failed to set environment "
"variable: LXC_NET_PEER=%s", peer);
return -1;
goto on_error;
}
TRACE("Set environment variable: LXC_NET_PEER=%s", peer);
......@@ -464,7 +468,7 @@ int run_script_argv(const char *name, unsigned int hook_version,
if (ret < 0) {
SYSERROR("Failed to set environment "
"variable: LXC_NET_PARENT=%s", parent);
return -1;
goto on_error;
}
TRACE("Set environment variable: LXC_NET_PARENT=%s", parent);
}
......@@ -477,12 +481,16 @@ int run_script_argv(const char *name, unsigned int hook_version,
ret = snprintf(buffer + buf_pos, len, " %s", argsin[i]);
if (ret < 0 || (size_t)ret >= len) {
ERROR("Failed to create command line for script \"%s\"", script);
return -1;
goto on_error;
}
buf_pos += ret;
}
return run_buffer(buffer);
fret = run_buffer(buffer);
on_error:
free(buffer);
return fret;
}
int run_script(const char *name, const char *section, const char *script, ...)
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment