Skip to content

L
lxc
Commit 70642c33 by Tycho Andersen Committed by Stéphane Graber
Options

fix integer overflow in setproctitle

1. don't cast to long 2. check overflow before addition v2: just remove the cast, don't change the type of the variables Reported-by: Coverity Signed-off-by: 's avatarTycho Andersen <tycho.andersen@canonical.com> Acked-by: 's avatarStéphane Graber <stgraber@ubuntu.com>
parent 62e04161
Showing with 10 additions and 4 deletions
src/lxc/utils.c
...@@ -1644,15 +1644,21 @@ int setproctitle(char *title) ...@@ -1644,15 +1644,21 @@ int setproctitle(char *title)
if (len >= arg_end - arg_start) { if (len >= arg_end - arg_start) {
env_start = env_end; env_start = env_end;
} }
/* check overflow */
if (arg_start + len < 0) {
return -1;
}
arg_end = arg_start + len; arg_end = arg_start + len;
} }
strcpy((char*)arg_start, title); strcpy((char*)arg_start, title);
ret |= prctl(PR_SET_MM, PR_SET_MM_ARG_START, (long)arg_start, 0, 0); ret |= prctl(PR_SET_MM, PR_SET_MM_ARG_START, arg_start, 0, 0);
ret |= prctl(PR_SET_MM, PR_SET_MM_ARG_END, (long)arg_end, 0, 0); ret |= prctl(PR_SET_MM, PR_SET_MM_ARG_END, arg_end, 0, 0);
ret |= prctl(PR_SET_MM, PR_SET_MM_ENV_START, (long)env_start, 0, 0); ret |= prctl(PR_SET_MM, PR_SET_MM_ENV_START, env_start, 0, 0);
ret |= prctl(PR_SET_MM, PR_SET_MM_ENV_END, (long)env_end, 0, 0); ret |= prctl(PR_SET_MM, PR_SET_MM_ENV_END, env_end, 0, 0);
return ret; return ret;
} }
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment